Prosím o preventivku

Zpráva

Michal.Król · #1 Příspěvek od **Michal.Król** » 05 črc 2011 07:47

Ahoj, prosím o preventivní, kontrolu děkuji .)

Logfile of random's system information tool 1.08 (written by random/random)
Run by Michal at 2011-07-05 08:42:07
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 17 GB (15%) free of 114 GB
Total RAM: 3002 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:44:48, on 5.7.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Users\Michal\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Windows\system32\conime.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\Users\Michal\Downloads\RSIT.exe
C:\Program Files\trend micro\Michal.exe
C:\Program Files\PSPad editor\PSPad.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SystemKey] C:\Windows\system32\rundll32.exe "C:\ProgramData\SystemKey\SystemKey.dll" rdl
O4 - HKLM\..\Run: [ServeZip] "C:\Program Files\ServeZip\ServeZip.exe" -StartUp
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\Michal\AppData\Roaming\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-21-1630076922-693152462-836407820-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'apache2triad')
O4 - HKUS\S-1-5-21-1630076922-693152462-836407820-1003\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'apache2triad')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O9 - Extra button: GetWebPics - {4B51A27A-6F76-49E5-BC45-06AE2DDD2A1A} - C:\Program Files\Photoactions\GetWebPics\Gwp4Ie.dll (HKCU)
O9 - Extra 'Tools' menuitem: Download pictures with GetWebPics - {4B51A27A-6F76-49E5-BC45-06AE2DDD2A1A} - C:\Program Files\Photoactions\GetWebPics\Gwp4Ie.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Multimedia Mouse Driver\v5\KMWDSrv.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QipGuard - QIP.ru - C:\Program Files\QipGuard\QipGuard.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6c241dbe\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 10691 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001UA.job
C:\Windows\tasks\Norton Security Scan for Michal.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-04-25 141184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
"SystemKey"=C:\ProgramData\SystemKey\SystemKey.dll [2006-04-07 339968]
"ServeZip"=C:\Program Files\ServeZip\ServeZip.exe [2011-05-24 1731824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-04-03 399736]
"Google Update"=C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 136176]
"QIP Internet Guardian"=C:\Users\Michal\AppData\Roaming\QipGuard\QipGuard.exe [2011-05-10 187776]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2010-01-03 172792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-07-03 20:10:06 ----D---- C:\Users\Michal\AppData\Roaming\Photoactions
2011-07-03 20:10:06 ----D---- C:\Program Files\Photoactions
2011-07-03 19:11:42 ----D---- C:\Users\Michal\AppData\Roaming\NeoDownloader
2011-07-03 19:11:37 ----D---- C:\Program Files\NeoDownloader
2011-07-01 20:50:23 ----D---- C:\Program Files\GameSpy Arcade
2011-07-01 09:27:35 ----D---- C:\Program Files\ASIO4ALL v2
2011-07-01 09:27:18 ----D---- C:\Program Files\VstPlugins
2011-07-01 09:27:17 ----A---- C:\Windows\system32\rewire.dll
2011-07-01 09:26:19 ----D---- C:\Program Files\Outsim
2011-07-01 09:19:46 ----D---- C:\Program Files\Image-Line
2011-07-01 09:02:16 ----A---- C:\Windows\system32\mrvcl32.exe
2011-06-29 11:49:31 ----D---- C:\Program Files\Plus500
2011-06-29 07:43:42 ----A---- C:\Windows\NeroDigital.ini
2011-06-29 07:27:58 ----D---- C:\Program Files\SequoiaView
2011-06-29 03:27:03 ----A---- C:\Windows\system32\schannel.dll
2011-06-26 10:18:05 ----D---- C:\Program Files\SendBlaster
2011-06-26 09:52:48 ----D---- C:\Users\Michal\AppData\Roaming\SendBlaster2
2011-06-26 09:50:14 ----D---- C:\Program Files\Xenocode
2011-06-26 09:50:09 ----D---- C:\Program Files\Email Sender Deluxe
2011-06-25 18:21:54 ----D---- C:\stahuj
2011-06-24 18:00:52 ----D---- C:\ProgramData\Submit Suite
2011-06-24 18:00:52 ----D---- C:\Program Files\Submit Suite
2011-06-24 15:34:40 ----D---- C:\Program Files\ICQ6.5
2011-06-24 15:22:53 ----D---- C:\Program Files\ICQ7.5
2011-06-20 19:11:26 ----D---- C:\ProgramData\ServeZip
2011-06-20 19:11:26 ----D---- C:\Program Files\ServeZip
2011-06-19 07:34:35 ----D---- C:\NoStyle.eu Práce
2011-06-15 23:31:56 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-15 23:31:56 ----A---- C:\Windows\system32\iertutil.dll
2011-06-15 23:31:55 ----A---- C:\Windows\system32\jscript9.dll
2011-06-15 23:31:55 ----A---- C:\Windows\system32\jscript.dll
2011-06-15 23:31:55 ----A---- C:\Windows\system32\ieui.dll
2011-06-15 23:31:53 ----A---- C:\Windows\system32\mshtml.dll
2011-06-15 23:31:53 ----A---- C:\Windows\system32\ieframe.dll
2011-06-15 23:31:52 ----A---- C:\Windows\system32\urlmon.dll
2011-06-15 22:52:59 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-06-15 22:52:51 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-15 22:52:49 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-15 22:52:49 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-15 22:52:46 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-15 22:52:22 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-15 22:52:19 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-15 22:52:19 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-15 22:52:19 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-15 20:51:21 ----D---- C:\Downloads
2011-06-15 15:30:58 ----D---- C:\ProgramData\FileServe Limited
2011-06-12 12:58:05 ----A---- C:\Windows\system32\ezGOSvcApp.exe
2011-06-12 12:58:05 ----A---- C:\Windows\system32\ezGOSvc.dll

======List of files/folders modified in the last 1 months======

2011-07-05 08:44:48 ----D---- C:\Windows\temp
2011-07-05 08:42:17 ----D---- C:\Program Files\trend micro
2011-07-05 08:41:51 ----D---- C:\Users\Michal\AppData\Roaming\FileZilla
2011-07-05 08:36:27 ----D---- C:\ProgramData
2011-07-05 08:24:26 ----SHD---- C:\System Volume Information
2011-07-05 08:17:12 ----D---- C:\Program Files\RelevantKnowledge
2011-07-05 08:13:34 ----D---- C:\Users\Michal\AppData\Roaming\uTorrent
2011-07-05 01:06:54 ----D---- C:\ProgramData\Easybits GO
2011-07-04 20:08:33 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2011-07-04 19:33:48 ----D---- C:\Users\Michal\AppData\Roaming\Adobe
2011-07-04 17:31:41 ----D---- C:\Users\Michal\AppData\Roaming\go
2011-07-03 20:10:06 ----D---- C:\Program Files
2011-07-03 09:15:13 ----D---- C:\ProgramData\Skype Extras
2011-07-03 08:44:17 ----D---- C:\Windows\Prefetch
2011-07-02 12:04:08 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2011-07-01 20:50:23 ----D---- C:\Windows\System32
2011-07-01 20:50:16 ----SHD---- C:\Windows\Installer
2011-07-01 20:49:53 ----D---- C:\Program Files\Microsoft Games
2011-07-01 09:37:26 ----A---- C:\Users\Michal\AppData\Roaming\RSBot_Accounts.ini
2011-06-30 16:20:02 ----D---- C:\Program Files\VirtualDJ
2011-06-30 03:17:59 ----RSD---- C:\Windows\Fonts
2011-06-30 03:01:37 ----D---- C:\Windows\winsxs
2011-06-29 07:43:42 ----D---- C:\Windows
2011-06-29 03:26:57 ----D---- C:\Windows\system32\catroot2
2011-06-29 03:26:57 ----D---- C:\Windows\system32\catroot
2011-06-26 19:52:36 ----D---- C:\Windows\system32\drivers
2011-06-25 17:18:02 ----D---- C:\Program Files\Steam
2011-06-24 20:23:03 ----D---- C:\Program Files\Common Files\Steam
2011-06-24 15:35:50 ----D---- C:\Program Files\ICQ6Toolbar
2011-06-24 15:35:45 ----D---- C:\ProgramData\ICQ
2011-06-22 14:45:04 ----D---- C:\Halo Trial
2011-06-19 11:32:08 ----D---- C:\Windows\Microsoft.NET
2011-06-19 08:09:56 ----D---- C:\frozen_file_s
2011-06-17 11:25:09 ----D---- C:\DSPK
2011-06-17 10:06:35 ----D---- C:\Program Files\FileZilla FTP Client
2011-06-16 13:23:29 ----RSD---- C:\Windows\assembly
2011-06-16 11:03:51 ----D---- C:\Program Files\Internet Explorer
2011-06-15 23:35:40 ----A---- C:\Windows\system32\mrt.exe
2011-06-15 23:32:51 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-15 23:28:01 ----D---- C:\Windows\inf
2011-06-15 23:28:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-15 23:26:26 ----D---- C:\Program Files\Windows Mail
2011-06-10 20:27:22 ----D---- C:\Users\Michal\AppData\Roaming\vlc
2011-06-10 17:18:04 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-06 354840]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-20 691696]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKslda65d2ed;MpKslda65d2ed; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC9C6909-92BA-4045-986A-657404EFDC08}\MpKslda65d2ed.sys [2011-07-05 28752]
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [2009-03-27 12672]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-26 294952]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-06-26 88616]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2010-06-26 111144]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 33320]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-06-26 18728]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2010-09-22 37376]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-10 4744704]
R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-05-15 47360]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2004-04-01 10368]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-11-11 305256]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-11-19 408576]
R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-09-22 32768]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
S0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]
S1 MpKsl00486fa9;MpKsl00486fa9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69084849-9311-4139-9A69-0EDB9A598BE7}\MpKsl00486fa9.sys []
S1 MpKsl018bdf94;MpKsl018bdf94; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC77CF55-666C-4B30-8196-E46CEA4C97C7}\MpKsl018bdf94.sys []
S1 MpKsl036fcdeb;MpKsl036fcdeb; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45B60E6A-6CDD-41C7-A3FB-BC8CA9E1BE56}\MpKsl036fcdeb.sys []
S1 MpKsl058215c5;MpKsl058215c5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC77CF55-666C-4B30-8196-E46CEA4C97C7}\MpKsl058215c5.sys []
S1 MpKsl0b4d3577;MpKsl0b4d3577; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EDC86FAD-4CF0-4EB8-9958-DA9305C4C290}\MpKsl0b4d3577.sys []
S1 MpKsl0f6cc84a;MpKsl0f6cc84a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4D0A527-3359-4FBF-B742-432B7C4F1243}\MpKsl0f6cc84a.sys []
S1 MpKsl1491320e;MpKsl1491320e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45B60E6A-6CDD-41C7-A3FB-BC8CA9E1BE56}\MpKsl1491320e.sys []
S1 MpKsl1b6945f3;MpKsl1b6945f3; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B351C91A-B4D1-4EB5-A47C-96E0E6E52DEB}\MpKsl1b6945f3.sys []
S1 MpKsl1d80eba0;MpKsl1d80eba0; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A424145B-9E9E-411F-9298-9B9CD49F6934}\MpKsl1d80eba0.sys []
S1 MpKsl1e4c11c8;MpKsl1e4c11c8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88A4EBEA-3BC7-4CDF-9DD3-7A9D01E53240}\MpKsl1e4c11c8.sys []
S1 MpKsl21be28d7;MpKsl21be28d7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B351C91A-B4D1-4EB5-A47C-96E0E6E52DEB}\MpKsl21be28d7.sys []
S1 MpKsl237ba767;MpKsl237ba767; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC909AE4-99AB-4BBB-8D7A-D6717C4C0C6C}\MpKsl237ba767.sys []
S1 MpKsl2cbf4c43;MpKsl2cbf4c43; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AB0582D-701B-41D0-9466-EF06A679B421}\MpKsl2cbf4c43.sys []
S1 MpKsl30db0939;MpKsl30db0939; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0F849E0-889C-4127-96A3-26A323F6ECDA}\MpKsl30db0939.sys []
S1 MpKsl343a184f;MpKsl343a184f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC35DB64-5589-4DC7-B2E6-0CED6F84CFDC}\MpKsl343a184f.sys []
S1 MpKsl35355554;MpKsl35355554; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5BCD2976-E138-4332-857B-C863D3E9455F}\MpKsl35355554.sys []
S1 MpKsl3edbff03;MpKsl3edbff03; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07FE8EEA-1740-4A0D-9FD0-28C4DC9E4F0F}\MpKsl3edbff03.sys []
S1 MpKsl46770e0e;MpKsl46770e0e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{154EDC8F-E8B5-4C33-95C4-49349627D3CC}\MpKsl46770e0e.sys []
S1 MpKsl47c8155c;MpKsl47c8155c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AE36CCF-A478-4442-A2DE-A49EB8E543BF}\MpKsl47c8155c.sys []
S1 MpKsl48974365;MpKsl48974365; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CDA472D-D817-41AC-8924-2BB067292621}\MpKsl48974365.sys []
S1 MpKsl49b6941b;MpKsl49b6941b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6BC1C235-E28D-49FD-8CDA-9DBC37BCC6AF}\MpKsl49b6941b.sys []
S1 MpKsl49c89951;MpKsl49c89951; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{93CD97F1-2456-4B8B-A12F-A15C6BB15F61}\MpKsl49c89951.sys []
S1 MpKsl4b34a6d5;MpKsl4b34a6d5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CDA472D-D817-41AC-8924-2BB067292621}\MpKsl4b34a6d5.sys []
S1 MpKsl4ec42c73;MpKsl4ec42c73; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC909AE4-99AB-4BBB-8D7A-D6717C4C0C6C}\MpKsl4ec42c73.sys []
S1 MpKsl531aa3ea;MpKsl531aa3ea; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69084849-9311-4139-9A69-0EDB9A598BE7}\MpKsl531aa3ea.sys []
S1 MpKsl5332956f;MpKsl5332956f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45B60E6A-6CDD-41C7-A3FB-BC8CA9E1BE56}\MpKsl5332956f.sys []
S1 MpKsl5855f149;MpKsl5855f149; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{180A1333-E3FF-4728-9A1B-316D9767E279}\MpKsl5855f149.sys []
S1 MpKsl593922d2;MpKsl593922d2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9C28D18A-EBFC-4D0C-952D-BC0D21968C6E}\MpKsl593922d2.sys []
S1 MpKsl5f79bbf7;MpKsl5f79bbf7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC77CF55-666C-4B30-8196-E46CEA4C97C7}\MpKsl5f79bbf7.sys []
S1 MpKsl64ba8562;MpKsl64ba8562; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAD8AD00-6F77-47E1-9750-723479CA0AF8}\MpKsl64ba8562.sys []
S1 MpKsl64f386a3;MpKsl64f386a3; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07FE8EEA-1740-4A0D-9FD0-28C4DC9E4F0F}\MpKsl64f386a3.sys []
S1 MpKsl6b6d85c8;MpKsl6b6d85c8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA512482-B3D7-45C9-AB23-7EACB4441C3B}\MpKsl6b6d85c8.sys []
S1 MpKsl741d4d1d;MpKsl741d4d1d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{313DB9E0-D9BB-4D9E-8489-1B41B439933E}\MpKsl741d4d1d.sys []
S1 MpKsl8354eda0;MpKsl8354eda0; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96D30E8F-2F79-445F-A015-EE0811098F5A}\MpKsl8354eda0.sys []
S1 MpKsl89320260;MpKsl89320260; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A01D724F-26EB-43A9-8ADC-8C10A3A2FFB6}\MpKsl89320260.sys []
S1 MpKsl8ad9cb52;MpKsl8ad9cb52; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C84C223-0233-4FAE-AA8E-87F10E2023BB}\MpKsl8ad9cb52.sys []
S1 MpKsl8c610f49;MpKsl8c610f49; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3C2CFC3-CDF7-4FB8-91EF-ABBA4D379672}\MpKsl8c610f49.sys []
S1 MpKsl8d9e7f0d;MpKsl8d9e7f0d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{313DB9E0-D9BB-4D9E-8489-1B41B439933E}\MpKsl8d9e7f0d.sys []
S1 MpKsl9113206d;MpKsl9113206d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4D0A527-3359-4FBF-B742-432B7C4F1243}\MpKsl9113206d.sys []
S1 MpKsl92101c6a;MpKsl92101c6a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77EDB433-FCE7-459E-AD2E-630F435221CB}\MpKsl92101c6a.sys []
S1 MpKsl93d5d606;MpKsl93d5d606; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CDA472D-D817-41AC-8924-2BB067292621}\MpKsl93d5d606.sys []
S1 MpKsl96b89ff5;MpKsl96b89ff5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAD8AD00-6F77-47E1-9750-723479CA0AF8}\MpKsl96b89ff5.sys []
S1 MpKsl99728d2f;MpKsl99728d2f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{652A2B39-1AD4-43BF-B01E-1CFA59F81DBA}\MpKsl99728d2f.sys []
S1 MpKsl9a1d6658;MpKsl9a1d6658; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB701BC5-C7D6-48E2-B79A-9DF17A33B290}\MpKsl9a1d6658.sys []
S1 MpKsl9b0a454f;MpKsl9b0a454f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC909AE4-99AB-4BBB-8D7A-D6717C4C0C6C}\MpKsl9b0a454f.sys []
S1 MpKsla625c122;MpKsla625c122; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAD8AD00-6F77-47E1-9750-723479CA0AF8}\MpKsla625c122.sys []
S1 MpKslaab47f47;MpKslaab47f47; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{93CD97F1-2456-4B8B-A12F-A15C6BB15F61}\MpKslaab47f47.sys []
S1 MpKslb0f36309;MpKslb0f36309; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AE36CCF-A478-4442-A2DE-A49EB8E543BF}\MpKslb0f36309.sys []
S1 MpKslb642e278;MpKslb642e278; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07FE8EEA-1740-4A0D-9FD0-28C4DC9E4F0F}\MpKslb642e278.sys []
S1 MpKslbb62ec02;MpKslbb62ec02; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{01398482-4093-459E-9E90-DC38D795B4F1}\MpKslbb62ec02.sys []
S1 MpKslc793d71f;MpKslc793d71f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF28AF2E-2CD9-43EB-A90A-9D2661F03666}\MpKslc793d71f.sys []
S1 MpKslce25f5ab;MpKslce25f5ab; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{16466544-E0EC-4A25-A340-6DEDEB328945}\MpKslce25f5ab.sys []
S1 MpKslceee35cc;MpKslceee35cc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3204D702-27DA-4B01-AF92-91A4D87E48B9}\MpKslceee35cc.sys []
S1 MpKslcf9e5fd5;MpKslcf9e5fd5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AE36CCF-A478-4442-A2DE-A49EB8E543BF}\MpKslcf9e5fd5.sys []
S1 MpKsld32ada07;MpKsld32ada07; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF28AF2E-2CD9-43EB-A90A-9D2661F03666}\MpKsld32ada07.sys []
S1 MpKsld3ea59a9;MpKsld3ea59a9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9C28D18A-EBFC-4D0C-952D-BC0D21968C6E}\MpKsld3ea59a9.sys []
S1 MpKsld6f4199a;MpKsld6f4199a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA512482-B3D7-45C9-AB23-7EACB4441C3B}\MpKsld6f4199a.sys []
S1 MpKsldd7ac519;MpKsldd7ac519; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E44ABFD-821E-45ED-BCDB-9A702B2B9445}\MpKsldd7ac519.sys []
S1 MpKsle60bc896;MpKsle60bc896; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9C28D18A-EBFC-4D0C-952D-BC0D21968C6E}\MpKsle60bc896.sys []
S1 MpKsle6433b46;MpKsle6433b46; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0EF2581F-98F2-4E96-8BD1-1DC293C42F73}\MpKsle6433b46.sys []
S1 MpKsle90891e7;MpKsle90891e7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0EF2581F-98F2-4E96-8BD1-1DC293C42F73}\MpKsle90891e7.sys []
S1 MpKsle9698a04;MpKsle9698a04; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A01D724F-26EB-43A9-8ADC-8C10A3A2FFB6}\MpKsle9698a04.sys []
S1 MpKslef75ea4d;MpKslef75ea4d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45B60E6A-6CDD-41C7-A3FB-BC8CA9E1BE56}\MpKslef75ea4d.sys []
S1 MpKslf425dbca;MpKslf425dbca; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC35DB64-5589-4DC7-B2E6-0CED6F84CFDC}\MpKslf425dbca.sys []
S1 MpKslf882f0e4;MpKslf882f0e4; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0FEBE7E-6678-4942-99B5-241CFC765C9C}\MpKslf882f0e4.sys []
S3 ALSysIO;ALSysIO; \??\C:\Users\Michal\AppData\Local\Temp\ALSysIO.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-02-16 25280]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 Ltn_stk7070P;PCTV based TV tuner device; C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-04-23 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-04-23 20864]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-04-23 24960]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-05-20 20549]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-25 656672]
R2 ezGOSvc;Easybits GO Services for Windows; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2011-01-08 271408]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2011-01-05 352304]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Multimedia Mouse Driver\v5\KMWDSrv.exe [2007-05-08 2179072]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 MySql;Apache2Triad MySql Service; C:\apache2triad\mysql\bin\mysqld.exe [2011-06-04 3960832]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-10-02 75064]
R2 QipGuard;QipGuard; C:\Program Files\QipGuard\QipGuard.exe [2011-05-10 187776]
R2 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe [2011-03-03 107136]
R2 SlimFTPd;Apache2Triad SlimFTPd Server; C:\apache2triad\ftp\SlimFTPd.exe [2011-06-04 54272]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6c241dbe\STacSV.exe [2009-11-19 221266]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S2 Apache2;Apache2Triad Apache2 Service; C:\apache2triad\bin\httpd.exe [2011-06-04 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-28 136176]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL; C:\apache2triad\bin\httpd.exe [2011-06-04 17408]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-01-06 655624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-28 136176]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2011-01-08 57640]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PgSql;Apache2Triad PostgreSQL Service; C:\apache2triad\pgsql\bin\pg_ctl.exe [2011-06-04 75207]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-06-24 403240]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 05 črc 2011 12:06

Zdravim a pekny den preji

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Michal.Król · #3 Příspěvek od **Michal.Król** » 06 črc 2011 08:20

OTL.exe

OTL logfile created on: 5.7.2011 20:28:39 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Michal\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,93 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 62,18% Memory free
6,06 Gb Paging File | 3,91 Gb Available in Paging File | 64,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 19,29 Gb Free Space | 17,25% Space Free | Partition Type: NTFS

Computer Name: MICHAL-PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.07.05 20:27:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
PRC - [2011.06.08 00:13:09 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Janička\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011.06.05 19:32:30 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Michal\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011.06.04 09:56:18 | 003,960,832 | ---- | M] () -- C:\apache2triad\mysql\bin\mysqld.exe
PRC - [2011.06.04 09:55:53 | 000,339,968 | ---- | M] () -- C:\apache2triad\mail\bin\xmail.exe
PRC - [2011.06.04 09:55:01 | 000,054,272 | ---- | M] () -- C:\apache2triad\ftp\SlimFTPd.exe
PRC - [2011.05.24 10:29:34 | 001,731,824 | ---- | M] (FileServe) -- C:\Program Files\ServeZip\ServeZip.exe
PRC - [2011.05.22 19:21:36 | 008,179,200 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla FTP Client\filezilla.exe
PRC - [2011.05.10 17:14:10 | 000,187,776 | ---- | M] (QIP.ru) -- C:\Program Files\QipGuard\QipGuard.exe
PRC - [2011.04.13 17:31:14 | 001,646,936 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011.04.03 10:04:07 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011.03.03 21:22:15 | 000,107,136 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlservice.exe
PRC - [2011.03.03 21:22:12 | 002,548,864 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe
PRC - [2011.01.20 16:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2011.01.08 00:48:12 | 000,108,080 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2011.01.08 00:46:06 | 000,271,408 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011.01.05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010.11.30 19:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010.11.11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.10.15 20:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010.09.15 05:33:20 | 002,440,552 | ---- | M] (Mobile Leader Co.,Ltd.) -- C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
PRC - [2010.06.25 09:18:42 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010.06.07 21:12:12 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.06.07 21:12:08 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010.01.21 02:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.19 14:35:54 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6c241dbe\stacsv.exe
PRC - [2009.07.22 18:54:14 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2009.07.22 18:53:44 | 002,736,128 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2009.06.09 09:56:00 | 000,099,632 | ---- | M] () -- C:\Program Files\Stardock\MyColors\WBVista.exe
PRC - [2009.06.09 09:55:58 | 000,230,704 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\MyColors\VistaSrv.exe
PRC - [2009.04.11 08:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009.04.11 08:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007.05.08 17:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Multimedia Mouse Driver\v5\KMWDSrv.exe

========== Modules (SafeList) ==========

MOD - [2011.07.05 20:27:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.06.24 19:56:06 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.04 09:59:16 | 000,075,207 | ---- | M] (PostgreSQL Global Development Group) [On_Demand | Stopped] -- C:\apache2triad\pgsql\bin\pg_ctl.exe -- (PgSql)
SRV - [2011.06.04 09:56:18 | 003,960,832 | ---- | M] () [Auto | Running] -- C:\apache2triad\mysql\bin\mysqld.exe -- (MySql)
SRV - [2011.06.04 09:55:53 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\apache2triad\mail\bin\xmail.exe -- (XMail)
SRV - [2011.06.04 09:55:01 | 000,054,272 | ---- | M] () [Auto | Running] -- C:\apache2triad\ftp\SlimFTPd.exe -- (SlimFTPd)
SRV - [2011.06.04 09:54:55 | 000,017,408 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\apache2triad\bin\httpd.exe -- (Apache2SSL)
SRV - [2011.06.04 09:54:55 | 000,017,408 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\apache2triad\bin\httpd.exe -- (Apache2)
SRV - [2011.05.28 10:22:46 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011.05.10 17:14:10 | 000,187,776 | ---- | M] (QIP.ru) [Auto | Running] -- C:\Program Files\QipGuard\QipGuard.exe -- (QipGuard)
SRV - [2011.03.03 21:22:15 | 000,107,136 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
SRV - [2011.01.08 00:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011.01.08 00:46:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011.01.06 20:07:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010.11.30 19:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Úložná technologie Intel(R)
SRV - [2010.10.15 20:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.06.25 09:18:42 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.01.21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.19 14:35:54 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6c241dbe\stacsv.exe -- (STacSV)
SRV - [2009.07.22 18:54:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009.07.22 18:53:44 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009.06.09 09:55:58 | 000,230,704 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.08 17:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Multimedia Mouse Driver\v5\KMWDSrv.exe -- (KMWDSERVICE)

========== Driver Services (SafeList) ==========

DRV - [2011.07.05 13:38:03 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC9C6909-92BA-4045-986A-657404EFDC08}\MpKslcbf12cee.sys -- (MpKslcbf12cee)
DRV - [2011.02.23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011.02.16 12:16:28 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.11.20 20:19:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.11 22:57:30 | 000,305,256 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.10.24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.10.24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.09.22 21:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010.09.22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.04.23 15:51:04 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010.04.23 15:51:02 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010.04.23 15:51:02 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009.11.19 14:33:16 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.09.29 09:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 09:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 09:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.09.05 17:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.03.27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.06.14 14:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007.04.03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.04.01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.selectedEngine: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.hotspotshield.com/g/?c=h"
FF - prefs.js..extensions.enabledItems: {a8864317-e18b-4292-99d9-e6e65ab905d3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {9764bb84-7272-11dd-8eb6-20d155d89557}:2.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: plugin2@gameplaylabs.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.2
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.1.9&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michal\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michal\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2010.11.25 20:45:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.04 07:12:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.04 07:12:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2011.07.05 19:28:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 00:24:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.24 00:24:01 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2010.11.25 20:45:46 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.04 07:12:43 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.04 07:12:44 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2011.07.05 19:28:30 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 00:24:01 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.24 00:24:01 | 000,000,000 | ---D | M]

[2010.07.30 22:06:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Extensions
[2011.06.24 15:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions
[2010.08.05 17:31:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.26 14:35:00 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2011.06.24 15:29:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.27 12:21:56 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.24 11:56:01 | 000,000,000 | ---D | M] (Runescape Toolbar) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
[2010.09.22 17:59:47 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.03 15:48:35 | 000,000,000 | ---D | M] (GamePlayLabs Plugin) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\plugin2@gameplaylabs.com
[2010.10.27 20:16:42 | 000,000,873 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\conduit.xml
[2011.01.06 19:11:28 | 000,002,055 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\daemon-search.xml
[2011.05.30 14:29:15 | 000,000,950 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-1.xml
[2006.05.07 14:50:56 | 000,000,950 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-2.xml
[2011.03.19 12:49:52 | 000,000,950 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-3.xml
[2011.04.16 17:26:48 | 000,000,950 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-4.xml
[2011.05.30 14:19:20 | 000,000,950 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-5.xml
[2008.07.10 12:19:06 | 000,000,944 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin.xml
[2011.05.26 14:38:36 | 000,002,062 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\qip-search.xml
[2010.11.10 00:27:10 | 000,002,202 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\seznam.xml
[2011.04.06 16:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.03 20:47:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.06 16:05:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.16 18:06:54 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011.01.04 07:12:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.01.04 07:12:44 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.11.25 20:45:46 | 000,000,000 | ---D | M] (LG Air Sync) -- C:\PROGRAM FILES\LG ELECTRONICS\LG PC SUITE IV\LINKAIR\{00ADD29A-66F4-4F22-BCC0-4C1D29DA647B}
[2010.09.02 17:36:49 | 000,000,000 | ---D | M] ("Hide IP Firefox Add-on") -- C:\USERS\MICHAL\APPDATA\ROAMING\HIDEIP_FIREFOX_PLUGIN
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.18 16:25:02 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.06.28 23:40:10 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.06.01 15:18:02 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchvsl.xml
[2010.12.03 20:08:29 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.12.03 20:08:29 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2010.10.21 21:56:38 | 000,001,847 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\privatesearch.xml
[2010.12.03 20:08:29 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.12.03 20:08:29 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.12.03 20:08:29 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.01.06 00:55:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-1630076922-693152462-836407820-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1630076922-693152462-836407820-1001\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-1630076922-693152462-836407820-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ServeZip] C:\Program Files\ServeZip\ServeZip.exe (FileServe)
O4 - HKLM..\Run: [SystemKey] C:\ProgramData\SystemKey\SystemKey.dll (TODO: <Company name>)
O4 - HKU\S-1-5-21-1630076922-693152462-836407820-1000..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1630076922-693152462-836407820-1000..\Run: [QIP Internet Guardian] C:\Users\Michal\AppData\Roaming\QipGuard\QipGuard.exe (QIP.ru)
O4 - HKU\S-1-5-21-1630076922-693152462-836407820-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1630076922-693152462-836407820-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1630076922-693152462-836407820-1001..\Run: [LG LinkAir] C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe (Mobile Leader Co.,Ltd.)
O4 - HKU\S-1-5-21-1630076922-693152462-836407820-1001..\Run: [MyWebSearch Email Plugin] File not found
O4 - HKU\S-1-5-21-1630076922-693152462-836407820-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1630076922-693152462-836407820-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1630076922-693152462-836407820-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Janička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1630076922-693152462-836407820-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1630076922-693152462-836407820-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1630076922-693152462-836407820-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1630076922-693152462-836407820-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.12.0.1 10.6.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1630076922-693152462-836407820-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1630076922-693152462-836407820-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezGOSvc - C:\Windows\System32\ezGOSvc.dll ()
NetSvcs: l Rights Reserved</em:description>
<em:targetApplication>
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> 
<em:minVersion>1.5</em:minVersion>
<em:maxVersion>4.0.*</em:maxVersion>
</Description>
</em:targetApplication>
</Description>
</RDF>

- File not found
NetSvcs: scription>Use the DivX Plus Web Player to watch web videos with less interruptions and smoother pl - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.divxa32 - DivXa32.acm File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\Windows\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.xvid - C:\Windows\System32\xvid.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 7 Days ==========

[2011.07.05 20:27:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
[2011.07.05 17:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[2011.07.03 20:11:30 | 000,000,000 | ---D | C] -- C:\Users\Michal\Documents\Downloaded Pictures
[2011.07.03 20:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetWebPics
[2011.07.03 20:10:06 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\Photoactions
[2011.07.03 20:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Photoactions
[2011.07.03 19:12:06 | 000,000,000 | ---D | C] -- C:\Users\Michal\Documents\NeoDownloader
[2011.07.03 19:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoDownloader
[2011.07.03 19:11:42 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\NeoDownloader
[2011.07.03 19:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\NeoDownloader
[2011.07.01 20:50:32 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2011.07.01 20:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2011.07.01 20:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2011.07.01 20:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011.07.01 09:27:35 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011.07.01 09:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2011.07.01 09:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011.07.01 09:27:17 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2011.07.01 09:27:06 | 000,000,000 | ---D | C] -- C:\Users\Michal\Documents\Image-Line
[2011.07.01 09:26:25 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2011.07.01 09:26:24 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011.07.01 09:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011.07.01 09:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011.07.01 09:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011.07.01 09:02:16 | 000,819,729 | ---- | C] ( ) -- C:\Windows\System32\mrvcl32.exe
[2011.06.29 11:49:50 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plus500
[2011.06.29 11:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plus500
[2011.06.29 11:49:31 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\Plus500
[2011.06.29 11:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Plus500
[2011.06.29 07:28:03 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView
[2011.06.29 07:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SequoiaView
[2011.06.29 07:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\SequoiaView
[2011.05.15 15:59:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Michal\AppData\Roaming\pcouffin.sys
[2011.01.21 08:59:24 | 000,606,720 | ---- | C] (Extreme Warez) -- C:\Users\Michal\AppData\Roaming\autoposter.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Michal\*.tmp files -> C:\Users\Michal\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2011.07.05 20:27:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
[2011.07.05 20:18:00 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001UA.job
[2011.07.05 20:06:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.05 19:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.05 19:37:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000UA.job
[2011.07.05 19:37:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000Core.job
[2011.07.05 19:36:00 | 000,004,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.05 19:36:00 | 000,004,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.05 19:28:22 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.05 16:03:59 | 000,000,001 | ---- | M] () -- C:\ProgramData\flagposition.out
[2011.07.05 15:49:53 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011.07.05 15:49:40 | 000,006,080 | ---- | M] () -- C:\Users\Michal\AppData\Local\d3d9caps.dat
[2011.07.05 13:35:49 | 3148,795,904 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.05 13:34:17 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.07.05 00:18:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001Core.job
[2011.07.04 21:19:40 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Michal.job
[2011.07.04 19:52:14 | 000,001,216 | ---- | M] () -- C:\Users\Michal\Desktop\xteencz_auto_voter.user.zip
[2011.07.04 09:47:10 | 000,001,740 | -H-- | M] () -- C:\Users\Michal\Documents\Default.rdp
[2011.07.04 08:59:29 | 090,320,568 | ---- | M] () -- C:\Users\Michal\Desktop\Urls.ly Clone (adf.ly Like Clone)
[2011.07.04 08:57:38 | 000,736,720 | ---- | M] () -- C:\Users\Michal\Desktop\Urls.ly Clone (adf.ly Like clone Script) (1).rar
[2011.07.03 08:55:51 | 000,001,057 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011.07.02 11:33:04 | 000,072,704 | ---- | M] () -- C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.01 09:37:26 | 000,000,038 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\RSBot_Accounts.ini
[2011.07.01 09:02:17 | 000,819,729 | ---- | M] ( ) -- C:\Windows\System32\mrvcl32.exe
[2011.06.30 16:20:06 | 000,000,796 | ---- | M] () -- C:\Users\Michal\Desktop\Virtual DJ Pro.lnk
[2011.06.30 03:23:07 | 002,553,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.29 08:40:41 | 000,002,047 | ---- | M] () -- C:\Users\Michal\Desktop\Google Chrome.lnk
[2011.06.29 07:43:43 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Michal\*.tmp files -> C:\Users\Michal\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.04 19:52:13 | 000,001,216 | ---- | C] () -- C:\Users\Michal\Desktop\xteencz_auto_voter.user.zip
[2011.07.04 08:58:23 | 090,320,568 | ---- | C] () -- C:\Users\Michal\Desktop\Urls.ly Clone (adf.ly Like Clone)
[2011.07.04 08:57:43 | 000,736,720 | ---- | C] () -- C:\Users\Michal\Desktop\Urls.ly Clone (adf.ly Like clone Script) (1).rar
[2011.06.30 16:20:06 | 000,000,796 | ---- | C] () -- C:\Users\Michal\Desktop\Virtual DJ Pro.lnk
[2011.06.29 07:43:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.06.26 09:50:31 | 000,000,003 | ---- | C] () -- C:\Windows\System32\krx280.dat
[2011.06.20 19:42:23 | 000,000,001 | ---- | C] () -- C:\ProgramData\flagposition.out
[2011.06.12 12:58:05 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2011.06.05 08:27:04 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll
[2011.06.05 08:25:19 | 000,005,729 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.06.04 10:11:35 | 000,042,595 | ---- | C] () -- C:\Windows\php.ini
[2011.06.04 10:11:35 | 000,002,498 | ---- | C] () -- C:\Windows\my.ini
[2011.06.04 10:11:35 | 000,000,208 | ---- | C] () -- C:\Windows\odbc.ini
[2011.05.15 15:59:49 | 000,087,608 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\inst.exe
[2011.05.15 15:59:49 | 000,007,887 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\pcouffin.cat
[2011.05.15 15:59:49 | 000,001,144 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\pcouffin.inf
[2011.05.15 15:55:44 | 000,001,041 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\vso_ts_preview.xml
[2011.05.08 07:27:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.04.30 11:44:48 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.04.23 15:20:00 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011.04.23 15:20:00 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011.04.09 19:24:24 | 000,626,688 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2011.04.09 19:14:44 | 000,098,304 | ---- | C] () -- C:\Windows\System32\CodecManager.dll
[2011.04.09 19:14:38 | 000,026,624 | ---- | C] () -- C:\Windows\System32\Setfcnam.dll
[2011.03.24 09:27:35 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2011.01.21 08:59:25 | 000,862,208 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\chrtmp
[2011.01.16 16:21:36 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2011.01.16 11:03:28 | 000,000,038 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\RSBot_Accounts.ini
[2011.01.06 23:54:14 | 000,000,025 | -H-- | C] () -- C:\Windows\uce.dat
[2011.01.06 23:54:13 | 000,000,089 | ---- | C] () -- C:\Windows\ulead32.ini
[2011.01.06 21:18:36 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.12.29 11:51:24 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.12.27 15:02:09 | 000,080,488 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.12.18 12:27:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.12.18 12:22:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.12.03 13:59:37 | 000,000,065 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010.11.23 19:23:52 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.11.17 17:54:38 | 000,000,042 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\default.pls
[2010.11.13 08:22:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.10.28 08:31:25 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.24 19:57:27 | 000,000,102 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\AVSMediaPlayer.m3u
[2010.10.24 18:36:20 | 000,144,144 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2010.10.24 18:36:20 | 000,063,248 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2010.10.24 18:36:19 | 000,201,488 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2010.10.24 18:36:19 | 000,141,584 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2010.10.24 18:36:19 | 000,033,040 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2010.10.15 06:40:52 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe
[2010.08.28 10:36:36 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.08.28 10:36:36 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.08.19 00:14:45 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.19 00:14:44 | 000,139,152 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\PnkBstrK.sys
[2010.08.19 00:14:29 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.08.19 00:14:15 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.08.19 00:14:08 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.08.06 07:23:05 | 000,000,174 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\RSBot Accounts.ini
[2010.08.04 21:37:00 | 000,023,580 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\UserTile.png
[2010.07.28 17:42:37 | 000,000,046 | ---- | C] () -- C:\Users\Michal\AppData\Local\DonationCoder_DrWindows_InstallInfo.dat
[2010.07.28 14:28:56 | 000,072,704 | ---- | C] () -- C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.28 14:28:18 | 000,001,100 | ---- | C] () -- C:\Users\Michal\AppData\Local\d3d8caps.dat
[2010.07.27 19:37:07 | 000,006,080 | ---- | C] () -- C:\Users\Michal\AppData\Local\d3d9caps.dat
[2010.07.27 18:53:03 | 000,004,268 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.06.15 03:29:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2010.05.28 02:04:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.09.10 16:44:16 | 000,982,212 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.09.10 16:44:14 | 000,439,280 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.09.10 16:44:14 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.09.10 16:44:14 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.06.09 09:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2007.01.08 23:10:33 | 000,660,094 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2007.01.08 23:10:33 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2007.01.08 23:10:33 | 000,144,792 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2007.01.08 23:10:33 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 002,553,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,650,114 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,125,802 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.11.18 09:16:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\nktwab.dll
[2003.02.10 02:13:10 | 000,000,416 | -H-- | C] () -- C:\ProgramData\systmsp2pb6
[2001.08.15 13:48:11 | 000,000,536 | -H-- | C] () -- C:\Users\Michal\AppData\Roaming\winpmltspb6

========== LOP Check ==========

[2011.06.21 21:21:44 | 000,000,000 | ---D | M] -- C:\Users\Janička\AppData\Roaming\DAEMON Tools Lite
[2011.02.24 19:58:25 | 000,000,000 | ---D | M] -- C:\Users\Janička\AppData\Roaming\FileZilla
[2011.05.10 14:07:19 | 000,000,000 | ---D | M] -- C:\Users\Janička\AppData\Roaming\Foxit Software
[2011.03.17 21:21:26 | 000,000,000 | ---D | M] -- C:\Users\Janička\AppData\Roaming\GHISLER
[2011.07.05 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\Janička\AppData\Roaming\go
[2011.03.31 23:10:47 | 000,000,000 | ---D | M] -- C:\Users\Janička\AppData\Roaming\ICQ
[2011.01.13 22:10:00 | 000,000,000 | ---D | M] -- C:\Users\Janička\AppData\Roaming\OpenOffice.org
[2011.02.07 18:17:10 | 000,000,000 | ---D | M] -- C:\Users\Janička\AppData\Roaming\Poser Pro
[2011.05.20 09:41:30 | 000,000,000 | ---D | M] -- C:\Users\Janička\AppData\Roaming\SQLyog
[2011.04.14 13:34:45 | 000,000,000 | ---D | M] -- C:\Users\Janička\AppData\Roaming\uTorrent
[2011.05.22 12:46:12 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\.minecraft
[2010.09.29 16:18:19 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Autodesk
[2011.01.14 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\AutoHideIP
[2011.01.11 16:57:25 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Canon
[2010.07.29 15:36:10 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\CasinoOnNet
[2011.01.05 22:30:25 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\CoffeeCup Software
[2010.11.20 20:28:02 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
[2010.09.22 17:59:46 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.05 16:05:50 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\FileZilla
[2010.09.01 21:01:17 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Foxit
[2010.09.01 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Foxit Software
[2011.01.08 19:26:30 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\GHISLER
[2011.07.04 17:31:41 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\go
[2011.01.03 20:47:10 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Hide IP NG
[2010.09.02 17:35:11 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\HideIP
[2010.09.02 17:36:49 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\hideip_firefox_plugin
[2011.05.26 14:27:50 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ICQ
[2011.06.04 07:53:56 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\IObit
[2010.07.28 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Kecal
[2011.01.06 21:23:23 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Leawo
[2011.01.25 10:34:35 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ManyCam
[2011.01.06 21:23:23 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Moyea
[2011.07.03 19:11:42 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\NeoDownloader
[2010.10.18 16:51:19 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\OpenOffice.org
[2010.08.04 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\PeerNetworking
[2011.07.03 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Photoactions
[2011.02.05 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Poser Pro
[2010.12.23 16:54:32 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Publish Providers
[2011.05.26 14:38:49 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\QipGuard
[2011.01.05 23:19:22 | 000,000,000 | RHSD | M] -- C:\Users\Michal\AppData\Roaming\safehost
[2010.11.23 19:23:36 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ScanSoft
[2011.06.26 10:00:16 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\SendBlaster2
[2010.12.23 16:54:19 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Sony
[2011.05.17 11:53:25 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\SQLyog
[2010.12.02 16:03:31 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TeamViewer
[2011.05.01 21:42:32 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TS3Client
[2010.10.12 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TuxPaint
[2011.07.05 20:31:35 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\uTorrent
[2011.05.15 16:02:59 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Vso
[2011.01.20 20:21:42 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\WindowsApplication1
[2010.08.09 17:32:53 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Xilisoft
[2011.05.03 09:52:41 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Youtube Downloader HD
[2011.07.05 15:49:53 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2011.07.05 13:34:17 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" -- [2011.04.03 10:04:07 | 000,399,736 | ---- | M] (BitTorrent, Inc.)
"Google Update" = "C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010.07.28 18:46:16 | 000,136,176 | ---- | M] (Google Inc.)
"QIP Internet Guardian" = C:\Users\Michal\AppData\Roaming\QipGuard\QipGuard.exe -- [2011.05.10 17:14:10 | 000,187,776 | ---- | M] (QIP.ru)
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- [2010.01.03 17:30:29 | 000,172,792 | ---- | M] (ICQ, LLC.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2011.03.15 09:16:58 | 001,284,008 | ---- | M] (Blizzard Entertainment) -- C:\WoW-enGB-Installer-downloader.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.05.22 12:46:12 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\.minecraft
[2011.07.04 19:33:48 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Adobe
[2010.09.29 16:18:19 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Autodesk
[2011.01.14 16:40:39 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\AutoHideIP
[2011.01.11 16:57:25 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Canon
[2010.07.29 15:36:10 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\CasinoOnNet
[2011.01.05 22:30:25 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\CoffeeCup Software
[2010.11.20 20:28:02 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
[2010.07.29 17:44:01 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DivX
[2010.12.10 16:56:37 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\dvdcss
[2010.09.22 17:59:46 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.05 16:05:50 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\FileZilla
[2010.09.01 21:01:17 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Foxit
[2010.09.01 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Foxit Software
[2011.01.08 19:26:30 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\GHISLER
[2011.07.04 17:31:41 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\go
[2011.02.20 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Hamachi
[2011.01.03 20:47:10 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Hide IP NG
[2010.09.02 17:35:11 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\HideIP
[2010.09.02 17:36:49 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\hideip_firefox_plugin
[2011.05.26 14:27:50 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ICQ
[2010.07.27 19:37:15 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Identities
[2011.03.02 17:10:18 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\IGN_DLM
[2010.12.16 16:32:47 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\InstallShield
[2011.01.05 22:30:24 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\InstallShield Installation Information
[2010.12.16 17:05:52 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Intel Corporation
[2011.06.04 07:53:56 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\IObit
[2010.07.28 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Kecal
[2011.01.06 21:23:23 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Leawo
[2010.07.28 18:49:50 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Macromedia
[2010.10.28 11:52:08 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Malwarebytes
[2011.01.25 10:34:35 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ManyCam
[2011.07.02 12:04:08 | 000,000,000 | --SD | M] -- C:\Users\Michal\AppData\Roaming\Microsoft
[2010.07.29 16:43:37 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Microsoft Games
[2011.01.06 21:23:23 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Moyea
[2010.07.30 22:06:19 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Mozilla
[2011.07.03 19:11:42 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\NeoDownloader
[2010.11.05 09:42:01 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Nero
[2010.10.18 16:51:19 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\OpenOffice.org
[2010.08.04 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\PeerNetworking
[2011.07.03 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Photoactions
[2011.02.05 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Poser Pro
[2010.10.17 17:37:37 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\PSpad
[2010.12.23 16:54:32 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Publish Providers
[2011.05.26 14:38:49 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\QipGuard
[2011.01.05 23:19:22 | 000,000,000 | RHSD | M] -- C:\Users\Michal\AppData\Roaming\safehost
[2010.11.23 19:23:36 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ScanSoft
[2011.06.26 10:00:16 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\SendBlaster2
[2011.07.04 20:08:33 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Skype
[2011.05.28 09:00:17 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\skypePM
[2010.12.23 16:54:19 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Sony
[2011.05.17 11:53:25 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\SQLyog
[2010.12.04 10:20:49 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\teamspeak2
[2010.12.02 16:03:31 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TeamViewer
[2011.05.01 21:42:32 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TS3Client
[2010.10.12 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TuxPaint
[2011.07.05 20:31:35 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\uTorrent
[2010.08.27 11:40:17 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Ventrilo
[2011.06.10 20:27:22 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\vlc
[2011.05.15 16:02:59 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Vso
[2011.04.04 07:08:09 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Winamp
[2011.01.20 20:21:42 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\WindowsApplication1
[2010.07.29 08:01:00 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\WinRAR
[2011.05.19 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Xfire
[2010.08.09 17:32:53 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Xilisoft
[2011.05.03 09:52:41 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Youtube Downloader HD

Michal.Król · #4 Příspěvek od **Michal.Król** » 06 črc 2011 08:20

< %APPDATA%\*.exe /s >
[2011.01.21 08:59:24 | 000,606,720 | ---- | M] (Extreme Warez) -- C:\Users\Michal\AppData\Roaming\autoposter.exe
[2011.05.15 15:59:49 | 000,087,608 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\inst.exe
[2011.03.01 04:54:57 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Michal\AppData\Roaming\.minecraft\MineCraft-hra.exe
[2004.08.24 12:07:00 | 001,406,976 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\CoffeeCup Software\CoffeeCup Flash Firestarter\BannerWizard.exe
[2005.12.06 16:24:44 | 004,661,248 | ---- | M] (CoffeeCup Software, Inc.) -- C:\Users\Michal\AppData\Roaming\CoffeeCup Software\CoffeeCup Flash Firestarter\FireStarter.exe
[2004.08.24 12:07:00 | 000,100,352 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\CoffeeCup Software\CoffeeCup Flash Firestarter\lame.exe
[2011.01.03 20:46:52 | 000,865,459 | ---- | M] (HIDE IP SOFTWARE ) -- C:\Users\Michal\AppData\Roaming\Hide IP NG\hideipng-update.exe
[2002.12.02 22:33:00 | 000,107,512 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Michal\AppData\Roaming\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe
[2011.01.05 22:29:44 | 000,107,512 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Michal\AppData\Roaming\InstallShield Installation Information\{CB4AF7DA-CE59-41A9-93A6-DA921F809361}\setup.exe
[2010.12.08 11:57:36 | 000,002,238 | R--- | M] () -- C:\Users\Michal\AppData\Roaming\Microsoft\Installer\{B797E40F-E96C-4929-AA1B-D6759C10DEC8}\_1615c26.exe
[2010.12.08 11:57:36 | 000,002,238 | R--- | M] () -- C:\Users\Michal\AppData\Roaming\Microsoft\Installer\{B797E40F-E96C-4929-AA1B-D6759C10DEC8}\_1e7476e8.exe
[2010.10.22 14:05:10 | 000,010,134 | R--- | M] () -- C:\Users\Michal\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.04.23 15:19:43 | 003,435,064 | ---- | M] (IObit ) -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Templates\DefragSetup.exe
[2011.04.23 15:19:11 | 004,474,216 | ---- | M] (IObit ) -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Templates\GameBoosterSetup.exe
[2011.04.23 15:18:51 | 011,285,024 | ---- | M] (IObit ) -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Templates\IS360Setup.exe
[2011.04.23 15:19:26 | 003,015,528 | ---- | M] (IObit ) -- C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Templates\Protected Folder.exe
[2011.05.10 17:14:10 | 000,187,776 | ---- | M] (QIP.ru) -- C:\Users\Michal\AppData\Roaming\QipGuard\QipGuard.exe

< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2003.10.29 20:58:30 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\Program Files\Driver Cleaner\nvfix\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010.07.30 08:55:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010.07.30 08:55:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010.07.30 08:55:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.19 09:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 09:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\System32\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2011.06.04 09:59:09 | 000,028,672 | R--- | M] () MD5=287350F25A550F7CAAC6E2C9B0F02B29 -- C:\apache2triad\perl\site\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2010.07.30 08:52:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.07.30 08:52:49 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010.07.30 08:52:49 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010.07.30 09:55:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010.07.30 09:55:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362
-- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010.07.30 08:52:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 08:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: IASTOR.SYS >
[2010.11.06 00:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys
[2010.11.06 00:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6294d40d\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\drivers\isapnp.sys
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2010.07.30 08:47:27 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2010.07.30 09:47:52 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2010.07.30 08:47:28 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\ERDNT\cache\lsass.exe
[2010.07.30 08:47:28 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2010.07.30 08:47:28 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2010.07.30 08:23:29 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2010.07.30 08:47:24 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2010.07.30 08:47:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2010.07.30 08:23:28 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2010.07.30 08:47:30 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2010.07.30 08:47:31 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2010.07.30 09:47:51 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2010.07.30 09:47:54 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2010.07.30 08:23:23 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2010.07.30 08:23:23 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2010.07.30 08:23:23 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2010.07.30 08:23:22 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.01.19 09:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009.04.11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2010.07.30 09:57:38 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2010.07.30 09:57:29 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010.07.30 08:29:49 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.07.30 08:29:47 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2010.07.30 09:57:39 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010.07.30 08:29:48 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.07.30 08:29:50 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2010.07.30 08:46:02 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2010.07.30 08:46:03 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010.06.16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2010.07.30 09:57:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010.06.16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2010.07.30 09:57:29 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.07.30 08:29:47 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\ERDNT\cache\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010.04.05 19:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
[2010.04.05 22:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
[2006.11.02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010.07.30 08:29:48 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2008.01.19 09:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2010.07.30 09:57:34 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\ERDNT\cache\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.11.20 20:19:38 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.07.05 19:36:00 | 000,004,720 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.05 19:36:00 | 000,004,720 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Michal\Documents\titanic.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Michal\Documents\Rytmus Macko (Gummybear) - Čo ti jebe (lepší než originál xD) CELÁ VERZE_(360p).flv:TOC.WMV

< End of report >

Michal.Król · #5 Příspěvek od **Michal.Król** » 06 črc 2011 08:20

Kód: Vybrat vše

Extras.txt

OTL Extras logfile created on: 5.7.2011 20:28:39 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Michal\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,93 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 62,18% Memory free
6,06 Gb Paging File | 3,91 Gb Available in Paging File | 64,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 19,29 Gb Free Space | 17,25% Space Free | Partition Type: NTFS

Computer Name: MICHAL-PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Janička] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D536A2C-944E-4DD3-BBB6-25EE4581EBFF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{29266B62-7FBF-49AE-961C-5272E569D463}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{8F3C2CFD-1747-42D7-9C78-F8411258DF3D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DB07E8-2CC9-4978-A3E1-6EFD013E8C79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04AFB3F4-FC51-4D1F-B811-D52153DC2DD5}" = protocol=6 | dir=in | app=c:\users\michal\appdata\local\temp\~os1bf9.tmp\rlvknlg.exe |
"{079021ED-BDD0-4603-AACA-2D0EE1A26A44}" = protocol=6 | dir=in | app=c:\users\michal\appdata\local\temp\7zs5ca.tmp\symnrt.exe |
"{0A475752-2BE5-4FCE-9FE8-019C56D26CAA}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{1010F1C8-2C64-4F65-B322-76AC1B6BF020}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{156581BE-6CAC-49C1-B539-9C27038986B1}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{1B5D325F-5242-4698-9552-D68AEAB660CF}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{1C35A8DC-CA17-41B8-A680-67BD7CE1D459}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{1E64ACAC-5B5D-4095-9460-7622244C3909}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{2027FCFD-5850-48D6-8EC7-4CE5A2CD977F}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{21EB519B-183A-48EC-947F-A959832CB982}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{222A97FF-D058-4F11-868A-F587ED76652E}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{233D4EA7-CCAD-41D3-9BC6-E1626A80399C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{24BF4E8A-1B93-4B42-B061-C2AAB44E0D1E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{3184912C-55DA-42D9-AD2F-B9EF86ACED5E}" = protocol=17 | dir=in | app=c:\users\michal\appdata\local\temp\blizzard installer bootstrap - 017462a0\installer.exe |
"{31B37C86-7429-4C98-B2FF-5670FC3B3100}" = protocol=6 | dir=in | app=c:\users\michal\appdata\local\temp\blizzard installer bootstrap - 017462a0\installer.exe |
"{35FCDF8E-A313-499F-8DF1-CAD3E87D0B99}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{371EA0F1-D025-42CA-9935-F52436FCD9E8}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{41A465D5-0A01-48E4-B8E0-B406CD585DF8}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{451FE1E6-8B54-4280-8FF3-762252FDC44B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{47C33922-8CC6-4C1A-838E-D974A4459B34}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4942ADEE-668D-4AA7-8207-EBB217C0796B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4AF5DB95-D3E2-4749-A023-C9B4C4BCA4E0}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{4B289284-B2CB-4DAF-8436-B001F459B494}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4B2AA47B-A470-47FD-997E-4C000DECABD0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{4FC85A0D-E83E-43C4-8893-BFC2E9494C8C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{5674E2D9-A794-4E86-B4DC-9929326FDA43}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{5D46C701-286B-494D-A728-4A6D4A11BE6A}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{63C1BDC3-FE3D-4818-B0E4-19ED69B9BF74}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{6E1E5569-0E2D-4562-9C47-2CDB3BD42FF0}" = protocol=6 | dir=in | app=c:\users\michal\appdata\local\temp\~os46a3.tmp\rlvknlg.exe |
"{712551A2-CB79-4F37-83CB-CA7DFE95D64C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{71309C75-7720-490F-ACC4-BA03B2236274}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{714B9D74-121C-4593-A0EE-F82BEE08D28E}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{72F22A19-F35A-4BB9-9320-EE9912BA2D4C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{73DD9F44-BF16-488F-A391-B920267443F6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7725EB92-0EFF-4EBA-9D3C-E1EC1B51F694}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{779FFE0B-7005-4166-82DE-D96E6498E4CD}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{79B30FE6-AF3E-4DB6-9782-0A82D8D38592}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7D91A63E-2E38-4BEF-A272-AC7ED343769D}" = protocol=6 | dir=in | app=c:\users\janička\appdata\local\temp\~osb137.tmp\rlvknlg.exe |
"{7DA343DA-2A58-4B50-9D50-4C2507A8C876}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{7DCF175D-B445-4655-8DE8-900A1DB29B75}" = protocol=17 | dir=in | app=c:\users\michal\appdata\local\temp\7zs5ca.tmp\symnrt.exe |
"{822715DA-A32A-452A-A951-A35EC03C0FBC}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{838030FB-419D-43EC-85AF-F17AB8F42E9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8676548C-EF8F-4121-8F13-6EBDD1EE02FC}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{92BA7C51-492B-4962-A5DF-9FF53661DD60}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{9899698B-716F-4F8C-BD48-4EB1DA628CBB}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{9A8F99B0-EF4F-453A-B7B5-FDD0E7616135}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{9DE35E6F-6F34-49E7-8623-0C79F3C89E61}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{AE0BE953-EE46-4867-9CB6-478EDDC2E1E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AE6D8F0E-81FC-46B3-8008-1109D3F2D115}" = protocol=6 | dir=in | app=c:\users\michal\appdata\local\temp\~osc718.tmp\rlvknlg.exe |
"{B2959E0F-747D-4A1C-9A8F-15CBD92C04E7}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{B2B650A5-8459-4A00-81A5-419BDECBD680}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{B34AB6CD-AC5E-44F4-B0FA-1635EA395C5A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{B55B38C2-1891-4D23-8985-9568A867B0D4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{C9DBCBA7-89A3-4082-A64D-22826FA02CE5}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{CC1519DB-4180-4414-8314-2AD84644E41A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D40CBCFC-3B70-46E7-B133-51052EEF6E77}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D60A200F-9DD7-42E2-8DBC-B7DA68975F35}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{D6FDFE66-8C45-4B64-9E36-27EA518FEB17}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D927C95D-7E0D-4376-9F9C-79216EFC8495}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{E60EB445-BFB3-40A9-B640-22B6EC4BC1C9}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{E61F6B75-5748-4893-8A3E-D2647D764EB3}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{EB7D4751-366D-431C-850B-18B3F6835BAD}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{ECCAD8D3-EDED-49D9-B4B5-E15D159D8C75}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{F289A175-5931-4705-969E-5B0A132181F9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F28C9FD5-A321-4F4B-A5C5-24C9E36158B1}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{F2F0C68B-5974-4649-8855-0A02F033D47B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F57FE2B3-7A66-4F28-9F83-950C8B93C640}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{F6692852-DB0A-4984-B9AC-18A56430E720}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{FA7A7868-ABF4-4617-874F-ECFC83FC3D79}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FC9603BB-AA1A-4DE7-AA67-C2793E448259}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE4DB0B1-5F48-4408-A846-BD9FCCD0E859}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"TCP Query User{05C06F93-D104-4DC3-8E2C-0B5029C6C2A2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{0CD40D20-1084-474D-8B2F-FB16C2425BDC}C:\users\michal\desktop\half-life\half life pack\hl.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\half-life\half life pack\hl.exe |
"TCP Query User{144AAC41-B983-40DD-AA18-480104E56C78}C:\users\michal\desktop\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\halo trial\halo.exe |
"TCP Query User{1EFE1F58-3483-4683-9743-886B82A3D7EA}C:\users\michal\desktop\half-life\half life pack\hl.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\half-life\half life pack\hl.exe |
"TCP Query User{24B17A7D-C21C-42CD-9D3F-DB4AAF0E9295}C:\users\michal\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\michal\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{2885A031-40A2-4F1D-A1AE-6B5B4FC046E1}C:\users\michal\downloads\half life pack\half life pack\hl.exe" = protocol=6 | dir=in | app=c:\users\michal\downloads\half life pack\half life pack\hl.exe |
"TCP Query User{2D3D1127-9B96-436E-9416-DF26FC485040}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"TCP Query User{2F2C94D9-17CE-4C0F-A75B-26B05F869471}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{325F540A-010D-440C-A6E1-C08AB08892D7}C:\users\michal\desktop\half\half life pack\hl.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\half\half life pack\hl.exe |
"TCP Query User{3E1EE1CE-616B-4BE3-8011-BB42949F351B}C:\program files\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip 2010\qip.exe |
"TCP Query User{3F08D623-45CC-4791-A255-4C3A68A3B7D9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{514140BC-C2AB-4E02-A721-CA7B4FFD68FE}C:\program files\valve\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\half-life\hl.exe |
"TCP Query User{61E4F41C-DE38-4D15-975A-89CEF5A6379B}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{6738064A-E8E7-4DEA-8BC2-C842C3B7E272}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{673DC32B-BB8F-4FA8-BBFD-E1A07089E525}C:\program files\smith micro\poser pro 2010\poserpro.exe" = protocol=6 | dir=in | app=c:\program files\smith micro\poser pro 2010\poserpro.exe |
"TCP Query User{6DC8DB6A-20AC-4796-A1CC-D1DE3DAC5762}C:\users\michal\downloads\crysis 2 cz\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\users\michal\downloads\crysis 2 cz\bin32\crysis2.exe |
"TCP Query User{6FEEAF39-DCF7-4513-957B-004FE031E28A}C:\program files\rockstar games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta san andreas\gta_sa.exe |
"TCP Query User{782EEF68-9C16-49C1-AD7C-7F9EAED397E8}C:\programdata\2beba8\sm2be_231.exe" = protocol=6 | dir=in | app=c:\programdata\2beba8\sm2be_231.exe |
"TCP Query User{7FF1213E-A2F4-4788-A05D-1AF45ACCC148}C:\program files\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"TCP Query User{86F2C52F-01DE-4AF1-A64C-8D808708EDFF}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{8A577EB2-BB45-4732-831F-D176267C6EBB}C:\users\michal\desktop\half-life\half life pack\hlds.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\half-life\half life pack\hlds.exe |
"TCP Query User{918A820E-04DA-4465-A313-E0EC1B1E9F80}C:\users\michal\desktop\hl\half life pack\hl.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\hl\half life pack\hl.exe |
"TCP Query User{A810393C-54FF-45F8-87D4-244849735117}C:\program files\steam\steamapps\michalkrolmickeykr\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\michalkrolmickeykr\team fortress 2\hl2.exe |
"TCP Query User{AB4CDB3E-C4CF-4C2D-92E3-50860CFD0E05}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe |
"TCP Query User{ADE1290B-7B37-40B2-AAB4-FC722A4464BF}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{B19E7062-7310-431A-9EE4-83AD52D84A41}C:\users\michal\desktop\cs\hl.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\cs\hl.exe |
"TCP Query User{B2661908-5109-4C01-9307-688AECEFD847}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{B52E4A06-F87C-4A05-8527-7DECBBF0C21B}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{B5749F88-00A6-4B8D-AA4A-5BE6CB0B746F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{B67AC165-DC51-4501-8567-F5CC75021E89}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B7430E05-5EE9-48D6-BA35-DD9AD22C3C92}C:\udk\sp.a.i\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\sp.a.i\binaries\win32\udk.exe |
"TCP Query User{C6AB63BA-C664-4BD5-B9EF-B92C13C24123}C:\users\michal\desktop\cs\hltv.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\cs\hltv.exe |
"TCP Query User{C83ECF4F-863B-4516-A47B-8B77FC66302E}C:\users\michal\desktop\half-life\half life pack\hltv.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\half-life\half life pack\hltv.exe |
"TCP Query User{CA1BDB65-8CFE-4B41-B952-5D6734D228AD}C:\program files\valve\hlds.exe" = protocol=6 | dir=in | app=c:\program files\valve\hlds.exe |
"TCP Query User{D2B9FFE0-E627-46CB-AB10-58EB4EEE4AC8}C:\users\michal\desktop\hl\half life pack\hl.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\hl\half life pack\hl.exe |
"TCP Query User{D60702E2-82CF-4CF7-BC7E-888C9255392D}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=6 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"TCP Query User{D651EA02-60BA-4F3E-9E7B-0F5F86B16103}C:\users\michal\desktop\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\crysis 2\bin32\crysis2.exe |
"TCP Query User{D8E6C9AA-7CA6-4981-8C27-A5505D962AAF}C:\games\paintball2\paintball2.exe" = protocol=6 | dir=in | app=c:\games\paintball2\paintball2.exe |
"TCP Query User{DEA9D393-A09D-4E03-A581-3B8988925064}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{DFB39F6A-D475-4E3B-9862-544D53AA4C41}C:\users\michal\desktop\riseofhumans\servery\1\samp-server.exe" = protocol=6 | dir=in | app=c:\users\michal\desktop\riseofhumans\servery\1\samp-server.exe |
"TCP Query User{EF52E234-0C85-4070-90CC-577DE3FD0F38}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"TCP Query User{F9A00A3C-C7E0-4F60-8A20-24DA144CD738}C:\program files\microsoft games\halo server\haloded.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo server\haloded.exe |
"TCP Query User{FEAFF980-2691-48C3-B9DC-AFB044043F5E}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{074D5AC1-BABF-49FD-A31E-0FCEA3900173}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{0D13386D-F56E-45EA-8EC5-B909EFC22B2D}C:\users\michal\desktop\hl\half life pack\hl.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\hl\half life pack\hl.exe |
"UDP Query User{0D7DA6E3-C5EB-4200-B4DF-F2386DA300FD}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{0FC0F585-8794-4626-92B4-A8CE10EB08F7}C:\users\michal\desktop\cs\hltv.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\cs\hltv.exe |
"UDP Query User{1AD3234D-35F0-48DC-A0EF-89FD3ECD5B22}C:\users\michal\desktop\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\crysis 2\bin32\crysis2.exe |
"UDP Query User{2739546D-7745-47D8-B4F1-7236FED9D4EC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2FCF6DEE-DA9C-412A-A7A5-FD47C9374D5D}C:\program files\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"UDP Query User{300DF422-FFE1-4766-A66B-0E8475A228E9}C:\users\michal\desktop\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\halo trial\halo.exe |
"UDP Query User{3D001368-040F-4F80-BD02-052664C9957A}C:\users\michal\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\michal\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{4A0B43F3-06B0-4E8B-AEE4-140F5E97957C}C:\users\michal\desktop\half-life\half life pack\hlds.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\half-life\half life pack\hlds.exe |
"UDP Query User{4A559BB0-916E-4733-B9D9-1D9EB7E064EA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4BE87E8E-DF7E-4A19-8437-7A7F0DAF6072}C:\users\michal\desktop\half-life\half life pack\hl.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\half-life\half life pack\hl.exe |
"UDP Query User{4D890D89-7FE9-4E39-8AB0-724885ED0D1D}C:\program files\rockstar games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta san andreas\gta_sa.exe |
"UDP Query User{506CB388-F89F-4EA3-962E-96CF535965D6}C:\program files\microsoft games\halo server\haloded.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo server\haloded.exe |
"UDP Query User{55777297-7B02-4633-930D-A3A76A8FE653}C:\users\michal\downloads\half life pack\half life pack\hl.exe" = protocol=17 | dir=in | app=c:\users\michal\downloads\half life pack\half life pack\hl.exe |
"UDP Query User{56405D8D-A3AF-4A4B-9B7C-F9523662FBE9}C:\program files\valve\hlds.exe" = protocol=17 | dir=in | app=c:\program files\valve\hlds.exe |
"UDP Query User{59AA12C7-4C76-48B0-B459-58F687BE80D3}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"UDP Query User{6598CB04-6D89-4B72-9889-1ECB5F82FC71}C:\program files\smith micro\poser pro 2010\poserpro.exe" = protocol=17 | dir=in | app=c:\program files\smith micro\poser pro 2010\poserpro.exe |
"UDP Query User{67590F77-CF86-41E1-8100-276CFB612ADD}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{6C79769C-7ACA-4728-BE75-2380E0C8CF80}C:\program files\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip 2010\qip.exe |
"UDP Query User{7731AF3A-4FC2-47AC-9BD3-FB9A0491AE00}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{847D926A-5B29-4374-BFA7-DD2EDE56ABAA}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=17 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"UDP Query User{9C0E2FAF-F168-47FF-9628-C38FF72B91B3}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{A20CAD6F-552D-4913-9699-CB641E509C75}C:\users\michal\desktop\riseofhumans\servery\1\samp-server.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\riseofhumans\servery\1\samp-server.exe |
"UDP Query User{A5FD1C20-5E2F-4AE1-AF06-0393C188BEA9}C:\program files\steam\steamapps\michalkrolmickeykr\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\michalkrolmickeykr\team fortress 2\hl2.exe |
"UDP Query User{A7445ED0-71D6-4808-B7C6-DDDBCA267C22}C:\programdata\2beba8\sm2be_231.exe" = protocol=17 | dir=in | app=c:\programdata\2beba8\sm2be_231.exe |
"UDP Query User{AFDDE8C5-6B87-4118-A004-D7569AA23C5E}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{BB2582ED-BE38-4402-B06F-BECC79311BDF}C:\program files\valve\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\half-life\hl.exe |
"UDP Query User{C482AFEC-C12E-4056-9018-DF83F5FD3232}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{C622C3C3-C9F9-4419-87FB-B5F9ABD4A470}C:\users\michal\downloads\crysis 2 cz\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\users\michal\downloads\crysis 2 cz\bin32\crysis2.exe |
"UDP Query User{C64EB035-C16A-470A-A0B2-603A9CDF98D1}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"UDP Query User{C67A2348-6FEF-447D-B38C-55C316DC2CA0}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{C7D4A22A-4170-4DDC-9267-6E743BC68705}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{D3DD2899-A9C1-4E62-9AAE-A458022A3C79}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe |
"UDP Query User{DF36EBD1-7B08-42D2-BB6B-098181BA557D}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{E6822B8B-BDEE-4B9A-9162-C38C5926E360}C:\users\michal\desktop\half-life\half life pack\hltv.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\half-life\half life pack\hltv.exe |
"UDP Query User{E7AA0710-2549-442A-841E-0618285993D1}C:\users\michal\desktop\cs\hl.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\cs\hl.exe |
"UDP Query User{E9490BD8-7AD0-40DF-B634-5FE778FFFB44}C:\users\michal\desktop\hl\half life pack\hl.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\hl\half life pack\hl.exe |
"UDP Query User{EC027B12-C102-41E0-8C34-3821C88F9ADF}C:\users\michal\desktop\half-life\half life pack\hl.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\half-life\half life pack\hl.exe |
"UDP Query User{ED6AB13A-1C13-4E78-898A-FFAD38AAA6DB}C:\games\paintball2\paintball2.exe" = protocol=17 | dir=in | app=c:\games\paintball2\paintball2.exe |
"UDP Query User{F378949D-D294-4369-B41C-2D1E98B7BD61}C:\udk\sp.a.i\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\sp.a.i\binaries\win32\udk.exe |
"UDP Query User{F3FC4F29-7FAE-4619-A03B-A0EBAF579FE0}C:\users\michal\desktop\half\half life pack\hl.exe" = protocol=17 | dir=in | app=c:\users\michal\desktop\half\half life pack\hl.exe |
"UDP Query User{FAD12D99-02EC-4359-8C2C-A87F0C8C98FD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{151956C7-DBB6-41C1-981E-AEAB278A9F00}_is1" = Axel YouTube Video Downloader 1.01
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1CED286D-B45F-46BB-8EF4-73924C0FC970}_is1" = Website Submitter 1.4
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F018154-8F00-4321-94F8-DC1932C84AC9}" = Rolling Marbles
"{307BFD68-0886-47AD-B461-5607F63B8B42}" = Microsoft Web Platform Installer 3.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A02BF10-88B9-4D61-9439-A67C9DE7D4BC}" = RS2Bot
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C85747A-91B6-4233-AAF8-063506D0FF4F}" = LG United Mobile Drivers
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6889EE56-1816-4E89-94DF-9F56E7804039}_is1" = Counter-Strike 1.6 Non-Steam patch v36
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B1AF68B-4606-4152-9991-1E9D4FF5F0FA}" = Microsoft Antimalware Service CS-CZ Language Pack
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" = Leawo AVI Converter version 3.1.0.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.19
"{85906B1C-FD0E-417A-BE43-C3A4E10CFAA0}" = Adobe Illustrator 10 CE
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client CS-CZ Language Pack
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95D6B2D2-C7E4-425A-BFCE-0D4EFC41DB10}_is1" = Websurf verze 1.0.0.2
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1029-7B44-AA0000000001}" = Adobe Reader X - Czech
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AE4E8D53-2D05-4EB4-A1E7-FF48B8E76DDE}_is1" = AVI to 3GP 1.3
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B797E40F-E96C-4929-AA1B-D6759C10DEC8}" = ICQ FORCE by ad4
"{BA1BE991-D723-41BE-AD16-42EAFDA794EA}" = Ulead COOL 3D 3.5 Trial
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C314764F-2C47-44DA-BE37-F48BB7322BE4}_is1" = Screen Video Recorder 1.5
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF950023-9C75-4843-8B68-FD8A5D641B4B}" = SendBlaster 2
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.312
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E76CDDCE-EFC0-4FE5-9972-9489CE49AA55}_is1" = NeoDownloader 2.6.3
"{F010EF78-8CBC-453B-BD6E-0B6D9E60F96C}" = Multimedia Mouse Driver
"{F6197679-051D-4E3E-9757-4D5CDA6D658B}" = Microsoft Antimalware Service CS-CZ Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"888casino" = 888casino
"AC3Filter" = AC3Filter (remove only)
"AD Sound Recorder_is1" = AD Sound Recorder 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adrenaline Gamer" = Adrenaline Gamer
"AdrenalineGamer" = AdrenalineGamer
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AnalogX AutoTune" = AnalogX AutoTune
"Anonymail Pro_is1" = Anonymail Pro V-1.5
"Apache2Triad" = Apache2Triad: apache server bundle
"ASIO4ALL" = ASIO4ALL
"Auto Clicker Typer_is1" = Auto Clicker Typer 1.0
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"AutoHideIP" = Auto Hide IP
"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.81
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Axxa's Wow Logo Creator v1.1" = Axxa's Wow Logo Creator v1.1
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"Demolice_is1" = Demolice
"DivX Setup.divx.com" = DivX Setup
"Doc Convertor (Beta)_is1" = Doc Convertor 1.0 (Beta)
"Download Manager" = Download Manager 2.3.10
"Driver Cleaner" = Driver Cleaner 3
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Easy GIF Animator_is1" = Easy GIF Animator 3.5
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Emicsoft Video Converter_is1" = Emicsoft Video Converter
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Excelsior_0" = Excelsior Installer 1.0
"Fast Mailer Pro_is1" = Fast Mailer Pro
"FileZilla Client" = FileZilla Client 3.5.0
"FL Studio 10" = FL Studio 10
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Fx, Joiner" = Fx, Joiner
"Game Booster_is1" = Game Booster
"GamePlayLabs Plugin" = GamePlayLabs Plugin
"GameSpy Arcade" = GameSpy Arcade
"GetWebPics_is1" = GetWebPics 2.6
"GIF Animator" = Microsoft GIF Animator
"GIF Movie Gear_is1" = GIF Movie Gear 4.1.2
"Google Sitemaps Offline Generator_is1" = Google Sitemaps Offline Generator 0.9.4.13
"Halo Server" = Halo Server
"Halo Trial" = Microsoft Halo Trial
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hide IP NG_is1" = Hide IP NG 1.59
"Hide IP Platinum_is1" = Hide IP Platinum 4.02 Beta
"HotspotShield" = Hotspot Shield 1.57
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"IP Changer Premium" = IP Changer Premium
"iWisoft Flash SWF Downloader_is1" = iWisoft Flash SWF Downloader 1.8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"LG PC Suite IV" = LG PC Suite IV
"MAGIX music maker 11 demo US" = MAGIX music maker 11 demo (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.6.30 (remove only)
"MBL" = MBL
"MediaInfo" = MediaInfo 0.7.36
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"MPEG4 Direct Maker" = MPEG4 Direct Maker
"MWSnap 3" = MWSnap 3
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Plus500" = Plus500
"Protected Folder_is1" = Protected Folder
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"RAR Password Cracker" = RAR Password Cracker 4.12
"Ringed Drag Strip_is1" = Ringed Drag Strip
"S7Z" = #7Z 0.7.1 - Basic Archiver
"SAM3" = SAM Broadcaster (remove only)
"SaveSnap" = SaveSnap
"SC Net Speed Booster_is1" = SC Net Speed Booster 4.4.0.0
"Scorpions WinCheater 2.06 (s databází 76)_is1" = Scorpions WinCheater
"Scorpions WinCheater 2.07 (s databází 116)_is1" = Scorpions WinCheater
"SequoiaView" = SequoiaView
"ServeZip_is1" = ServeZip
"Share Rapid Uploader_is1" = Uploader 1.0
"Smart Defrag 2_is1" = Smart Defrag 2
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"Speccy" = Speccy
"SQLyog Community" = SQLyog Community 8.05
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TED Notepad" = TED Notepad
"TextMaker Viewer" = TextMaker Viewer
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"UDK-e682d748-b876-467e-a1f4-ee7ec10531f3" = Sp.A.I
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Extractor_is1" = Universal Extractor 1.6.1
"uTorrent" = µTorrent
"Valve Hammer Editor" = Valve Hammer Editor
"Valve_0" = Valve
"Valve_1" = Valve
"Veetle TV" = Veetle TV 0.9.18
"Vim 7.3" = Vim 7.3 (self-installing)
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 1.1.4
"Wallpaper Cycle" = Wallpaper Cycle
"Winamp" = Winamp
"Windows Doctor 2.6 Retail zoo_is1" = Windows Doctor 2.6
"Windows Media Encoder 7" = Windows Media Encoder 7.1
"WinRAR archiver" = WinRAR
"WmeDevKit_is1" = Wintermute Engine Development Kit 1.7.1
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Xilisoft AVI to DVD Converter 6" = Xilisoft AVI to DVD Converter 6
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.5
"YouTube Video Downloader_is1" = YouTube Video Downloader V1.1.0
"Zeallsoft Super Webcam Recorder_is1" = Zeallsoft Super Webcam Recorder 4.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CB4AF7DA-CE59-41A9-93A6-DA921F809361}" = CoffeeCup Flash Firestarter
"6b96a6d3a7084a90" = Password List Generator
"75c0e0ceac8ef0d4" = CZShare Manager
"d40b3769b1834cc3" = xD Browser
"Email Sender Deluxe" = Email Sender Deluxe
"Game Organizer" = EasyBits GO
"Gamesites.cz GUI " = Gamesites.cz GUI
"Google Chrome" = Google Chrome
"QIP 2010" = QIP 2010 3.1.5488
"QIP Infium" = QIP Infium 3.0.9044
"QipGuard" = QIP Internet Guardian
"Winamp Detect" = Winamp Detector Plug-in

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CB4AF7DA-CE59-41A9-93A6-DA921F809361}" = CoffeeCup Flash Firestarter
"6b96a6d3a7084a90" = Password List Generator
"75c0e0ceac8ef0d4" = CZShare Manager
"d40b3769b1834cc3" = xD Browser
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6.5.2011 15:07:00 | Computer Name = Michal-PC | Source = ESENT | ID = 467
Description = Windows (2592) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId tabulky SystemIndex_Gthr je poškozen (0).

Error - 6.5.2011 15:07:07 | Computer Name = Michal-PC | Source = ESENT | ID = 467
Description = Windows (2592) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId tabulky SystemIndex_Gthr je poškozen (0).

Error - 6.5.2011 15:07:11 | Computer Name = Michal-PC | Source = ESENT | ID = 467
Description = Windows (2592) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId tabulky SystemIndex_Gthr je poškozen (0).

Error - 6.5.2011 15:07:17 | Computer Name = Michal-PC | Source = ESENT | ID = 467
Description = Windows (2592) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId tabulky SystemIndex_Gthr je poškozen (0).

Error - 6.5.2011 15:07:20 | Computer Name = Michal-PC | Source = ESENT | ID = 467
Description = Windows (2592) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId tabulky SystemIndex_Gthr je poškozen (0).

Error - 6.5.2011 15:07:27 | Computer Name = Michal-PC | Source = ESENT | ID = 467
Description = Windows (2592) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId tabulky SystemIndex_Gthr je poškozen (0).

Error - 6.5.2011 15:07:31 | Computer Name = Michal-PC | Source = ESENT | ID = 467
Description = Windows (2592) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId tabulky SystemIndex_Gthr je poškozen (0).

Error - 6.5.2011 15:07:37 | Computer Name = Michal-PC | Source = ESENT | ID = 467
Description = Windows (2592) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId tabulky SystemIndex_Gthr je poškozen (0).

Error - 7.5.2011 0:59:39 | Computer Name = Michal-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace ICQ.exe, verze 7.5.0.5242, časové razítko 0x4db93eff,
chybující modul ntdll.dll, verze 6.0.6002.18327, časové razítko 0x4cb73436, kód
výjimky 0xc0000374, posun chyby 0x000b06fc, ID procesu 0xd34, čas spuštění aplikace
0x01cc0c72f924ef6b.

Error - 7.5.2011 1:05:20 | Computer Name = Michal-PC | Source = ESENT | ID = 467
Description = Windows (3472) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId tabulky SystemIndex_Gthr je poškozen (0).

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 Příspěvek od **vyosek** » 06 črc 2011 09:15

Doporucuji odinstalovat vse od IOBit - jsou to cinske smejdy, na renomovanych forech oznacovane jhako spyware. Spise skodi nez prinaseji uzitek

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - [2011.03.03 21:22:15 | 000,107,136 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE - HKU\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
FF - prefs.js..browser.startup.homepage: "http://search.hotspotshield.com/g/?c=h"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2011.07.05 19:28:30 | 000,000,000 | ---D | M]
[2011.06.24 15:29:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.27 20:16:42 | 000,000,873 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\conduit.xml
[2011.01.06 19:11:28 | 000,002,055 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\daemon-search.xml
[2011.05.30 14:29:15 | 000,000,950 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-1.xml
[2006.05.07 14:50:56 | 000,000,950 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-2.xml
[2011.03.19 12:49:52 | 000,000,950 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-3.xml
[2011.04.16 17:26:48 | 000,000,950 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-4.xml
[2011.05.30 14:19:20 | 000,000,950 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-5.xml
[2008.07.10 12:19:06 | 000,000,944 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin.xml
[2011.05.26 14:38:36 | 000,002,062 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\qip-search.xml
[2011.06.01 15:18:02 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchvsl.xml
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-1630076922-693152462-836407820-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1630076922-693152462-836407820-1001\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-1630076922-693152462-836407820-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
NetSvcs: ezGOSvc - C:\Windows\System32\ezGOSvc.dll ()
[2011.07.05 17:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Michal\*.tmp files -> C:\Users\Michal\*.tmp -> ]
@Alternate Data Stream - 64 bytes -> C:\Users\Michal\Documents\titanic.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Michal\Documents\Rytmus Macko (Gummybear) - Čo ti jebe (lepší než originál xD) CELÁ VERZE_(360p).flv:TOC.WMV

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
"Google Update"=-
"QIP Internet Guardian"=-
"ICQ"=-
 
:files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001UA.job
C:\Windows\tasks\Norton Security Scan for Michal.job
C:\Program Files\ICQ6Toolbar
C:\Program Files\RelevantKnowledge
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Michal.Król · #7 Příspěvek od **Michal.Król** » 06 črc 2011 10:40

OK iobit smažu pak

log:

All processes killed
========== OTL ==========
Service RelevantKnowledge stopped successfully!
Service RelevantKnowledge deleted successfully!
C:\Program Files\RelevantKnowledge\rlservice.exe moved successfully.
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Program Files\ICQ6Toolbar\ICQ Service.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\S-1-5-21-1630076922-693152462-836407820-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
HKU\S-1-5-21-1630076922-693152462-836407820-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1630076922-693152462-836407820-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
Registry value HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
HKU\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "http://search.hotspotshield.com/g/?c=h" removed from browser.startup.homepage
Prefs.js: "http://search.icq.com/search/afe_result ... r=1.1.9&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E19037A-12E3-4295-8915-ED48BC341614}\ not found.
C:\Program Files\RelevantKnowledge\components folder moved successfully.
C:\Program Files\RelevantKnowledge folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\conduit.xml moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\daemon-search.xml moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\m4h0qydf.default\searchplugins\qip-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchvsl.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_USERS\S-1-5-21-1630076922-693152462-836407820-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
ezGOSvc removed from NetSvcs value successfully!
Error: Unable to stop service ezGOSvc!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ezGOSvc deleted successfully.
C:\Windows\System32\ezGOSvc.dll moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge folder moved successfully.
C:\Windows\DUMP558e.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\System32\~GLH0035.TMP deleted successfully.
C:\Users\Michal\F9835182794B4F24902AE2CA9D43380F.TMP\WiseCustomCalla.dll deleted successfully.
C:\Users\Michal\F9835182794B4F24902AE2CA9D43380F.TMP folder deleted successfully.
ADS C:\Users\Michal\Documents\titanic.mp3:TOC.WMV deleted successfully.
ADS C:\Users\Michal\Documents\Rytmus Macko (Gummybear) - Čo ti jebe (lepší než originál xD) CELÁ VERZE_(360p).flv:TOC.WMV deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
========== FILES ==========
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1000UA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1630076922-693152462-836407820-1001UA.job moved successfully.
C:\Windows\tasks\Norton Security Scan for Michal.job moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
File\Folder C:\Program Files\RelevantKnowledge not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: apache2triad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Flash cache emptied: 41620 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Janička
->Temp folder emptied: 304480014 bytes
->Temporary Internet Files folder emptied: 107894278 bytes
->Java cache emptied: 11626 bytes
->FireFox cache emptied: 100586795 bytes
->Google Chrome cache emptied: 233314996 bytes
->Flash cache emptied: 13435 bytes

User: Michal
->Temp folder emptied: 10614161533 bytes
->Temporary Internet Files folder emptied: 84682746 bytes
->Java cache emptied: 44220915 bytes
->FireFox cache emptied: 60023914 bytes
->Google Chrome cache emptied: 244075299 bytes
->Flash cache emptied: 2142 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66872849 bytes
RecycleBin emptied: 2492295859 bytes

Total Files Cleaned = 13 688,00 mb

[EMPTYFLASH]

User: All Users

User: apache2triad
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Janička
->Flash cache emptied: 0 bytes

User: Michal
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.26.0 log created on 07062011_104631

Files\Folders moved on Reboot...
C:\Users\Janička\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUX3EDO3\getBanner[2].htm moved successfully.

Registry entries deleted on Reboot...

#8 Příspěvek od **vyosek** » 06 črc 2011 11:16

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

VIRY.CZ

Prosím o preventivku

Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku