Prosím o pomoc, vir přes chat na FB

[wolf1989]

Má to více než 80000 znaků můžu sem dát link, kde to bude uloženo? např. uloz.to

[motji]

Rozdělte to do dvou příspěvků, já jsem zvyklá to číst zde

[wolf1989]

OTL.txt part 1


OTL logfile created on: 2011-07-21 20:59:04 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Jan\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: yyyy-MM-dd

2.93 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 80.15% Memory free
6.06 Gb Paging File | 5.64 Gb Available in Paging File | 93.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 119.02 Gb Free Space | 41.31% Space Free | Partition Type: NTFS

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-07-21 20:57:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
PRC - [2011-07-09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009-10-29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009-07-10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-08-08 07:04:10 | 001,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE


========== Modules (SafeList) ==========

MOD - [2011-07-21 20:57:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
MOD - [2008-01-21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011-02-16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010-03-13 02:29:16 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
SRV - [2009-10-27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009-09-16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009-09-16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009-09-16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009-08-31 23:00:28 | 001,821,184 | ---- | M] (UASSOFT.COM) [Auto | Stopped] -- C:\Program Files\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2009-07-21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-07-10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009-07-08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009-07-08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009-07-07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009-05-13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009-04-13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009-02-11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009-02-05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-16 10:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006-12-29 22:24:52 | 000,110,677 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006-12-29 22:24:50 | 000,266,327 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)


========== Driver Services (SafeList) ==========

DRV - [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-04-22 21:46:25 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-12-14 04:52:59 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-12-09 21:46:06 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-09-16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009-09-16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009-09-16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009-09-16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009-09-16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009-07-16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009-05-11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-04-30 00:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009-04-07 22:04:00 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-03-23 06:40:00 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009-03-17 04:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009-03-15 12:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-02-03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008-12-29 14:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007-09-25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007-04-17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007-01-26 09:34:52 | 000,401,536 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2006-11-14 11:59:12 | 000,013,056 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2006-07-10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005-02-11 11:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2005-02-11 11:22:48 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005-02-11 11:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005-02-11 11:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005-02-11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... ensa_5635z
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011-07-21 16:33:26 | 000,000,000 | ---D | M]

[2009-10-16 19:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\extensions
[2009-10-16 19:28:11 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [KMCONFIG] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RCApp] C:\Program Files\Gigabyte\RCApp\U7000RCApp.exe ()
O4 - HKLM..\Run: [TQ566808] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [Halo2] File not found
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [JDK5SWFMZY] File not found
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [Videohost] File not found
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [WindowsSysControl] File not found
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe ()
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.74.192.252 94.74.192.244
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jan\Pictures\pic_backg_39.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan\Pictures\pic_backg_39.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8f0cd519-85bf-11de-a505-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f0cd519-85bf-11de-a505-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{d465bba2-e85e-11de-a8ab-00238bebf83b}\Shell - "" = AutoRun
O33 - MountPoints2\{d465bba2-e85e-11de-a8ab-00238bebf83b}\Shell\AutoRun\command - "" = G:\LaunchBFII.exe
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\APPInst.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup\rsrc\autorun.exe
O33 - MountPoints2\F\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Ligos Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011-07-21 20:57:33 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2011-07-21 20:18:27 | 000,000,000 | --SD | C] -- C:\potvurka32532p
[2011-07-21 19:42:15 | 004,152,264 | R--- | C] (Swearware) -- C:\Users\Jan\Desktop\potvurka.com
[2011-07-21 19:39:30 | 000,000,000 | --SD | C] -- C:\potvurka
[2011-07-21 18:46:51 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF21753.exe
[2011-07-21 18:45:14 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF21440.exe
[2011-07-21 18:31:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-07-21 18:31:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-07-21 18:31:01 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF18615.exe
[2011-07-21 18:31:01 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2011-07-21 18:31:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-07-21 18:30:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-07-21 16:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-07-21 16:23:46 | 000,000,000 | ---D | C] -- C:\rsit
[2011-07-21 16:21:59 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-07-21 11:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Antivirus
[2011-06-29 20:32:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2011-06-27 22:20:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\fotok
[2011-06-25 23:09:43 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Logika - testy
[2009-05-17 01:09:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[8 C:\Users\Jan\AppData\Roaming\*.tmp files -> C:\Users\Jan\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-07-21 21:00:06 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011-07-21 20:57:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2011-07-21 20:38:31 | 000,047,494 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011-07-21 20:38:31 | 000,011,838 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011-07-21 20:38:31 | 000,006,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-07-21 20:38:31 | 000,004,738 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-07-21 20:32:58 | 000,044,772 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011-07-21 20:32:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-07-21 19:42:02 | 004,152,264 | R--- | M] (Swearware) -- C:\Users\Jan\Desktop\potvurka.com
[2011-07-21 18:46:48 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF21753.exe
[2011-07-21 18:45:12 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF21440.exe
[2011-07-21 18:30:47 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF18615.exe
[2011-07-21 18:16:53 | 000,006,756 | ---- | M] () -- C:\Users\Jan\AppData\Local\d3d9caps.dat
[2011-07-21 17:51:38 | 001,008,041 | ---- | M] () -- C:\Users\Jan\Desktop\rkill.com
[2011-07-21 16:21:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011-07-20 22:09:02 | 000,062,745 | -H-- | M] () -- C:\treeinfo.wc
[2011-07-20 10:12:45 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jan.job
[2011-07-20 10:11:43 | 000,000,462 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3FDDB30D-3A34-4FDF-9B15-61A8842AE865}.job
[2011-07-20 10:06:01 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011-07-20 09:58:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-07-20 09:58:01 | 000,000,274 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2011-07-20 09:08:41 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011-07-20 09:07:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-07-20 09:07:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-07-19 12:58:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-07-15 09:04:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011-07-15 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011-07-13 16:05:26 | 000,037,478 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011-07-13 15:52:19 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011-07-11 22:21:58 | 000,180,224 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-07-10 20:54:03 | 003,910,656 | ---- | M] () -- C:\Users\Jan\Desktop\Evropska_revoluce_2011.pps
[2011-07-04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-07-04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011-06-26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011-06-22 12:59:26 | 000,162,614 | ---- | M] () -- C:\Users\Jan\Desktop\zadost_vraceni_platby.pdf
[8 C:\Users\Jan\AppData\Roaming\*.tmp files -> C:\Users\Jan\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-07-21 21:00:06 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011-07-21 19:03:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011-07-21 19:03:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011-07-21 18:31:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-07-21 18:31:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-07-21 18:31:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-07-21 17:51:38 | 001,008,041 | ---- | C] () -- C:\Users\Jan\Desktop\rkill.com
[2011-07-10 20:53:59 | 003,910,656 | ---- | C] () -- C:\Users\Jan\Desktop\Evropska_revoluce_2011.pps
[2011-06-22 12:59:26 | 000,162,614 | ---- | C] () -- C:\Users\Jan\Desktop\zadost_vraceni_platby.pdf
[2011-01-14 21:13:56 | 000,000,571 | ---- | C] () -- C:\Users\Jan\AppData\Local\SRDownloader.err
[2011-01-14 21:12:07 | 000,000,880 | ---- | C] () -- C:\Users\Jan\AppData\Local\SRDownloader.nast
[2010-09-05 00:15:57 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2010-09-02 13:08:31 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010-07-10 19:00:10 | 000,000,325 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\DRO817E.tmp.exe
[2010-07-10 18:59:56 | 000,000,325 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\DRO498D.tmp.exe
[2010-07-10 18:59:52 | 000,000,325 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\DRO3987.tmp.exe
[2010-07-10 18:59:34 | 000,000,325 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\DROF43D.tmp.exe
[2010-07-10 18:58:24 | 000,000,325 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\DROE34C.tmp.exe
[2010-07-10 18:58:13 | 000,000,325 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\DROB6F0.tmp.exe
[2010-07-10 18:55:14 | 000,000,325 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\DROFCA6.tmp.exe
[2010-07-10 18:41:51 | 000,000,325 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\DROB99E.tmp.exe
[2010-02-18 17:31:03 | 000,000,000 | ---- | C] () -- C:\Windows\graphedit.INI
[2010-01-31 22:21:14 | 000,000,130 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2010-01-30 14:12:41 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010-01-18 19:42:59 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010-01-08 08:20:34 | 000,000,632 | ---- | C] () -- C:\Windows\CoDUO.INI
[2009-12-30 17:40:51 | 000,000,035 | ---- | C] () -- C:\Windows\famwoman.ini
[2009-12-20 03:02:52 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2009-12-14 04:06:50 | 000,000,766 | ---- | C] () -- C:\Windows\CoD.INI
[2009-12-03 14:40:59 | 000,000,032 | ---- | C] () -- C:\Windows\Autorun.INI
[2009-11-23 21:31:12 | 000,006,756 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps.dat
[2009-10-30 02:59:40 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2009-10-28 16:05:02 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009-10-23 22:20:33 | 000,000,099 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\MPUI.ini
[2009-10-01 01:35:15 | 000,000,167 | ---- | C] () -- C:\Windows\savers.ini
[2009-09-29 21:21:08 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009-09-29 00:45:10 | 000,000,084 | ---- | C] () -- C:\Windows\WSST_Screen_Saver.ini
[2009-09-29 00:45:09 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe
[2009-09-23 15:58:25 | 000,015,047 | ---- | C] () -- C:\Windows\System32\Main.ini
[2009-09-17 19:52:32 | 001,386,496 | ---- | C] () -- C:\Windows\System32\GLaux.dll
[2009-09-16 18:04:47 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-09-16 18:04:46 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009-09-16 18:04:42 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-09-16 18:04:42 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-09-16 18:04:39 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-09-16 17:53:50 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009-08-27 00:31:02 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009-08-22 14:28:11 | 000,000,635 | ---- | C] () -- C:\Windows\Rtcw.INI
[2009-08-16 14:26:38 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009-08-16 14:26:38 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009-08-16 14:26:38 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009-08-16 14:12:55 | 000,037,478 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009-08-10 15:01:15 | 000,180,224 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-10 14:43:02 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009-08-10 14:37:13 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009-08-10 10:34:25 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009-08-10 10:34:25 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009-08-10 10:34:25 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009-08-10 10:34:25 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009-08-10 10:24:25 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009-05-17 01:06:54 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009-05-17 01:06:54 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009-05-17 01:06:54 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009-05-17 01:06:53 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009-05-17 01:06:48 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009-05-16 16:10:31 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-05-16 16:10:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008-01-21 08:46:38 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2008-01-21 08:46:38 | 000,047,494 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2008-01-21 08:46:38 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2008-01-21 08:46:38 | 000,011,838 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 000,378,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:33:01 | 000,006,990 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,004,738 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002-08-08 06:11:30 | 000,319,488 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2002-08-08 06:11:30 | 000,319,488 | R--- | C] () -- C:\Users\Jan\AppData\Roaming\MafiaSetup.exe
[2002-07-24 22:43:46 | 000,667,648 | ---- | C] () -- C:\Windows\System32\FreeImage.dll

========== LOP Check ==========

[2009-05-16 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009-05-16 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009-05-16 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Acer GameZone Console
[2009-10-19 07:07:26 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Locktime
[2011-03-24 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Opera
[2009-10-10 12:18:53 | 000,000,000 | -HSD | M] -- C:\Users\Jan\AppData\Roaming\.#
[2009-09-09 00:18:21 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Acer
[2009-05-16 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Acer GameZone Console
[2010-09-22 21:48:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Broad Intelligence
[2010-09-21 00:04:00 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\BSplayer
[2009-08-14 21:50:55 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\BSplayer Pro
[2011-07-21 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DAEMON Tools
[2009-12-03 13:51:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
[2009-08-14 03:36:18 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\EA
[2011-02-04 16:29:19 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\esmska
[2009-08-11 12:01:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\eSobi
[2011-07-21 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\GHISLER
[2011-05-19 08:29:40 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ICQ
[2009-08-10 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\InterVideo
[2009-08-19 15:34:27 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\iWin
[2009-10-19 06:57:03 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Locktime
[2010-07-01 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Mikrotik
[2009-12-16 23:22:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2010-02-24 03:55:27 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Opera
[2010-11-08 18:34:49 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Petroglyph
[2009-09-08 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PlayFirst
[2009-11-22 19:37:31 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\QIP
[2010-10-19 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\uTorrent
[2010-12-06 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\W
[2011-01-04 10:19:45 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\wargaming.net
[2010-10-01 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Youdagames
[2009-10-03 15:50:52 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\Acer
[2009-05-16 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\Acer GameZone Console
[2009-10-23 21:05:42 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\Broad Intelligence
[2009-10-24 16:31:26 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\BSplayer
[2009-12-15 20:51:17 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\DAEMON Tools Lite
[2009-08-20 12:04:28 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\eSobi
[2009-10-19 14:33:51 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\GHISLER
[2009-08-20 12:30:54 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\ICQ
[2009-10-19 06:53:08 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\Locktime
[2010-01-08 07:42:32 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\Memostation
[2009-12-19 19:35:33 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2009-08-20 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\Opera
[2009-08-27 17:21:33 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\QIP
[2010-01-05 22:53:56 | 000,000,000 | ---D | M] -- C:\Users\other\AppData\Roaming\uTorrent
[2010-02-19 14:05:30 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\DVBDream Once 20100218_170351.job
[2010-02-19 14:05:30 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\DVBDream Once 20100218_170355.job
[2011-07-15 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011-06-01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011-07-15 09:04:38 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011-07-20 10:11:43 | 000,000,462 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3FDDB30D-3A34-4FDF-9B15-61A8842AE865}.job
[2011-07-20 10:06:01 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011-07-20 09:58:01 | 000,000,274 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2009-08-10 10:24:38 | 000,068,856 | ---- | M] (Google Inc.)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008-01-21 04:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation)
"Videohost" = C:\Users\Jan\AppData\Local\Temp\d.exe
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2008-01-21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation)
"WindowsSysControl" = C:\Users\Public\winsvrcn.exe
"msnmsgr" = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -- [2008-12-02 22:39:00 | 003,882,312 | ---- | M] (Microsoft Corporation)
"Halo2" = rundll32.exe C:\Windows\system32\sshnas21.dll,GetMainWnd -- [2006-11-02 11:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation)
"JDK5SWFMZY" = C:\Users\Jan\AppData\Local\Temp\Gtl.exe
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun -- [2008-04-01 11:39:48 | 000,486,856 | ---- | M] (DT Soft Ltd)
"ICQ" = "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 -- [2011-01-05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.)

< >


< MD5 for: AGP440.SYS >
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-02-12 07:43:59 | 000,019,936 | ---- | M] (Microsoft Corporation) MD5=0FD275041F8B2197EE964361B4192A18 -- C:\Windows\System32\drivers\atapi.sys
[2009-02-12 07:43:59 | 000,019,936 | ---- | M] (Microsoft Corporation) MD5=0FD275041F8B2197EE964361B4192A18 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_90788e4d\atapi.sys
[2009-02-12 07:43:59 | 000,019,936 | ---- | M] (Microsoft Corporation) MD5=0FD275041F8B2197EE964361B4192A18 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22375_none_dd7b1aaf3adbaafe\atapi.sys
[2008-11-06 15:00:11 | 000,019,720 | ---- | M] (Microsoft Corporation) MD5=23B446FC5141012161DF4C550275BCD4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6be1d3ca\atapi.sys
[2008-11-06 15:00:11 | 000,019,720 | ---- | M] (Microsoft Corporation) MD5=23B446FC5141012161DF4C550275BCD4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22303_none_ddc4c98f3aa4b4b9\atapi.sys
[2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008-01-21 04:24:45 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2008-05-08 04:45:15 | 000,640,512 | ---- | M] (Microsoft Corporation) MD5=869204EA6335A103632F61E2E7EB1328 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.20831_none_e077dddaddcf9c19\autochk.exe
[2008-05-08 04:48:15 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=FBD95FAF4A26FBE661A747BE44071696 -- C:\Windows\System32\autochk.exe
[2008-05-08 04:48:15 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=FBD95FAF4A26FBE661A747BE44071696 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.22175_none_e236dc12db130503\autochk.exe

< MD5 for: CDROM.SYS >
[2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\drivers\cdrom.sys
[2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006-11-02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006-11-02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2008-01-21 04:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\System32\cryptsvc.dll
[2008-01-21 04:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2008-01-21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008-01-21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008-10-28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008-01-21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: FASTFAT.SYS >
[2008-01-21 04:24:13 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3C489390C2E2064563727752AF8EAB9E -- C:\Windows\System32\drivers\fastfat.sys
[2008-01-21 04:24:13 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3C489390C2E2064563727752AF8EAB9E -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6001.18000_none_aeb32b80576428df\fastfat.sys

< MD5 for: HAL.DLL >
[2008-07-04 12:44:03 | 000,177,208 | ---- | M] (Microsoft Corporation) MD5=78065E09AEC2BDDE5730CC1BB5AFAD95 -- C:\Windows\System32\hal.dll

< MD5 for: IASTOR.SYS >
[2009-02-11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009-02-11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009-02-11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009-02-11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008-01-21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008-01-21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008-01-21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006-11-02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006-11-02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008-01-21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\drivers\isapnp.sys
[2008-01-21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008-01-21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys

< MD5 for: LSASS.EXE >
[2009-06-15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009-09-10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009-02-13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2009-06-15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\System32\lsass.exe
[2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009-02-13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009-06-15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009-06-15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009-06-15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009-09-09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009-09-10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008-01-21 04:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008-01-21 04:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2009-02-13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2008-01-21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008-01-21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008-01-21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008-01-21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2008-05-08 07:24:21 | 001,061,944 | ---- | M] (Microsoft Corporation) MD5=590F19EBD9CDB256D434DBAFB97EA9F7 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20831_none_a4f51a4e38fa12bd\ntfs.sys
[2008-01-21 04:23:51 | 001,081,912 | ---- | M] (Společnost Microsoft) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\System32\drivers\ntfs.sys
[2008-01-21 04:23:51 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys

< MD5 for: NVRAID.SYS >
[2008-01-21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008-01-21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008-01-21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006-11-02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006-11-02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008-01-21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008-01-21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008-01-21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[wolf1989]

OTL.txt part 2

< MD5 for: SCECLI.DLL >
[2008-01-21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008-01-21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< MD5 for: SERVICES.EXE >
[2008-01-21 04:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008-01-21 04:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

< MD5 for: SMSS.EXE >
[2008-01-21 04:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\System32\smss.exe
[2008-01-21 04:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe

< MD5 for: SPOOLSV.EXE >
[2008-01-21 04:24:45 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\System32\spoolsv.exe
[2008-01-21 04:24:45 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008-04-26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009-08-15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009-08-14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2009-08-14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009-08-14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2008-04-26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\System32\drivers\tcpip.sys
[2008-04-26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009-08-14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2008-03-27 06:05:48 | 000,890,936 | ---- | M] (Microsoft Corporation) MD5=9081EBA4184E7EB87C55E18C089283A5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22144_none_b38070957fa0b5e0\tcpip.sys
[2008-01-21 04:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009-08-14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008-01-21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008-01-21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008-01-21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008-01-21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
[2008-01-21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2006-11-02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2008-01-21 08:40:30 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\cs-CZ\LMPRTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2009-04-09 14:32:46 | 000,000,008 | ---- | M] () -- C:\Windows\system32\drivers\1025_ACER_EX5635.MRK
[2009-02-19 10:14:44 | 000,004,184 | ---- | M] () -- C:\Windows\system32\drivers\CDConfig.bin
[2006-09-18 23:26:46 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2006-09-18 23:26:46 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt
[2009-04-09 14:32:52 | 000,002,040 | ---- | M] () -- C:\Windows\system32\drivers\MOD01SET050000004O.enc
[2008-01-21 04:23:51 | 000,000,003 | ---- | M] () -- C:\Windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2009-08-10 10:37:09 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009-08-11 11:59:15 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2008-04-26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.copy

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011-07-20 09:07:55 | 000,003,216 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-07-20 09:07:56 | 000,003,216 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-07-21 18:30:47 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\CF18615.exe
[2011-07-21 18:45:12 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\CF21440.exe
[2011-07-21 18:46:48 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\CF21753.exe
[2011-07-21 20:32:58 | 000,044,772 | ---- | M] () -- C:\Windows\system32\Config.MPF
[2011-07-21 16:21:59 | 000,002,577 | ---- | M] () -- C:\Windows\system32\config.nt
[2011-07-21 20:41:08 | 000,000,027 | ---- | M] () -- C:\Windows\system32\MPFServiceFailureCount.txt
[2011-07-21 20:38:31 | 000,011,838 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2011-07-21 20:38:31 | 000,004,738 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2011-07-21 20:38:31 | 000,047,494 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2011-07-21 20:38:31 | 000,006,990 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2011-07-21 20:38:31 | 000,052,710 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >
[2008-01-21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\system32\config\COMPONENTS.SAV
[2008-01-21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\system32\config\DEFAULT.SAV
[2008-01-21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\system32\config\SECURITY.SAV
[2006-11-02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\system32\config\SOFTWARE.SAV
[2006-11-02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\system32\config\SYSTEM.SAV

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[15 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp files -> C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp -> ]
[2 C:\Windows\System32\config\systemprofile\AppData\Roaming\CyberLink\RVInfo\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Roaming\CyberLink\RVInfo\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2009-10-10 12:18:53 | 000,000,000 | -HSD | M] -- C:\Users\Jan\AppData\Roaming\.#
[2009-09-09 00:18:21 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Acer
[2009-05-16 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Acer GameZone Console
[2009-08-11 11:53:48 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Adobe
[2010-09-22 21:48:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Broad Intelligence
[2010-09-21 00:04:00 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\BSplayer
[2009-08-14 21:50:55 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\BSplayer Pro
[2009-08-10 14:43:02 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Corel
[2009-12-22 01:57:43 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\CyberLink
[2011-07-21 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DAEMON Tools
[2009-12-03 13:51:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
[2009-09-15 19:14:23 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DivX
[2011-03-09 05:53:24 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\dvdcss
[2009-08-14 03:36:18 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\EA
[2011-02-04 16:29:19 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\esmska
[2009-08-11 12:01:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\eSobi
[2011-07-21 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\GHISLER
[2009-08-20 12:26:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Google
[2010-04-22 23:12:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Hamachi
[2011-05-19 08:29:40 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ICQ
[2009-08-10 10:26:31 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Identities
[2009-08-10 10:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\InstallShield
[2009-08-10 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\InterVideo
[2009-08-19 15:34:27 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\iWin
[2009-10-19 06:57:03 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Locktime
[2009-08-10 10:45:31 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Macromedia
[2006-11-02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Media Center Programs
[2009-09-16 18:07:13 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Media Player Classic
[2010-07-10 18:57:47 | 000,000,000 | --SD | M] -- C:\Users\Jan\AppData\Roaming\Microsoft
[2009-10-28 16:13:49 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Microsoft Games
[2010-07-01 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Mikrotik
[2009-08-20 12:25:50 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Mozilla
[2009-12-16 23:22:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2009-12-19 03:27:09 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Nero
[2010-02-24 03:55:27 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Opera
[2010-11-08 18:34:49 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Petroglyph
[2009-09-08 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PlayFirst
[2009-11-22 19:37:31 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\QIP
[2010-11-27 00:25:53 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Skype
[2010-11-26 23:39:59 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\skypePM
[2010-10-19 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\uTorrent
[2011-07-21 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\vlc
[2010-12-06 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\W
[2011-01-04 10:19:45 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\wargaming.net
[2011-07-21 16:33:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Winamp
[2009-10-19 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\WinAmp Control
[2009-10-11 14:08:30 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\WinRAR
[2010-03-09 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Xfire
[2010-10-01 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Youdagames

< %APPDATA%\*.* >
[2010-07-10 18:41:50 | 000,000,000 | R--- | M] () -- C:\Users\Jan\AppData\Roaming\BgMek.txt
[2010-07-10 18:59:52 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DRO3987.tmp.exe
[2010-07-10 18:59:56 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DRO498D.tmp.exe
[2010-07-10 19:00:10 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DRO817E.tmp.exe
[2010-07-10 18:58:13 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DROB6F0.tmp.exe
[2010-07-10 18:41:51 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DROB99E.tmp.exe
[2010-07-10 18:58:24 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DROE34C.tmp.exe
[2010-07-10 18:59:34 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DROF43D.tmp.exe
[2010-07-10 18:55:14 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DROFCA6.tmp.exe
[2010-07-10 18:57:40 | 000,000,000 | R--- | M] () -- C:\Users\Jan\AppData\Roaming\LJC8G.txt
[2010-07-10 18:57:38 | 000,000,000 | R--- | M] () -- C:\Users\Jan\AppData\Roaming\M71J6.txt
[2002-08-08 06:11:30 | 000,319,488 | R--- | M] () -- C:\Users\Jan\AppData\Roaming\MafiaSetup.exe
[2009-10-23 22:20:33 | 000,000,099 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\MPUI.ini
[8 C:\Users\Jan\AppData\Roaming\*.tmp files -> C:\Users\Jan\AppData\Roaming\*.tmp -> ]

< %APPDATA%\*.exe /s >
[2010-07-10 18:59:52 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DRO3987.tmp.exe
[2010-07-10 18:59:56 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DRO498D.tmp.exe
[2010-07-10 19:00:10 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DRO817E.tmp.exe
[2010-07-10 18:58:13 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DROB6F0.tmp.exe
[2010-07-10 18:41:51 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DROB99E.tmp.exe
[2010-07-10 18:58:24 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DROE34C.tmp.exe
[2010-07-10 18:59:34 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DROF43D.tmp.exe
[2010-07-10 18:55:14 | 000,000,325 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\DROFCA6.tmp.exe
[2002-08-08 06:11:30 | 000,319,488 | R--- | M] () -- C:\Users\Jan\AppData\Roaming\MafiaSetup.exe
[8 C:\Users\Jan\AppData\Roaming\*.tmp files -> C:\Users\Jan\AppData\Roaming\*.tmp -> ]
[2007-08-18 09:54:02 | 000,020,480 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2007-08-18 09:53:50 | 000,016,384 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\BSplayer\AC3 Filter\dialog_patch.exe
[2008-04-13 17:26:54 | 000,036,396 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\BSplayer\AC3 Filter\uninstall.exe
[2008-04-01 11:51:06 | 000,691,717 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2008-03-29 17:42:00 | 000,103,424 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2008-03-29 17:42:02 | 000,335,872 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2008-03-29 17:41:54 | 000,135,168 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2008-06-10 09:11:02 | 000,041,412 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2010-01-24 21:04:42 | 000,010,134 | R--- | M] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Installer\{98ECA868-E308-4504-A231-10B1D2B50725}\ARPPRODUCTICON.exe
[2009-09-23 16:00:33 | 000,010,134 | R--- | M] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Installer\{9A824ED3-387B-44ED-90CA-B58D5B8171AB}\ARPPRODUCTICON.exe
[2010-08-14 22:39:45 | 000,010,134 | R--- | M] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\ARPPRODUCTICON.exe
[2010-08-14 22:39:45 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Jan\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
[2010-08-14 22:39:45 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Jan\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
[2010-08-14 22:39:45 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Jan\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
[2010-08-14 22:39:46 | 000,008,854 | R--- | M] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\NewShortcut1_D98C963793DA44DBB73AB11A1192AB26.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-15 18:36:57

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2
"IGDSearcherDLL" = bitsigd.dll -- [2008-01-21 04:24:29 | 000,031,744 | ---- | M] (Microsoft Corporation)
"StateIndex" = 0

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011-07-21 21:00:06 | 000,000,512 | ---- | M] () MD5=526E437FE75000515DE37921739C29B4 -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9VFN4TK1RVDNGCMLLJG7JYFLMYUKVVGVKVF5VP4VH
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5A437AC3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DCAF903C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3064D21D
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3201AC76
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:ADE16379
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F7862839
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:ABFE9AF5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CE0A077E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:8750DCE4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:35759C73
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:41099CE9

< End of report >

[wolf1989]

EXTRAS.txt

OTL Extras logfile created on: 2011-07-21 20:59:04 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Jan\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: yyyy-MM-dd

2.93 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 80.15% Memory free
6.06 Gb Paging File | 5.64 Gb Available in Paging File | 93.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 119.02 Gb Free Space | 41.31% Space Free | Partition Type: NTFS

Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3881389102-2482362552-4048202739-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winsvrcn.exe" = C:\Users\Public\winsvrcn.exe:*:Enabled:WindowsSysControl


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F613F83-0417-4F26-8E09-120B7FF12D8B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{10801895-4011-47A5-A883-FDEB650BADD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1E4076D9-A903-4339-A5DA-740AAB221E0E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2640CFED-4155-48E1-B93F-679624AC99D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{28963205-8DC8-427F-806D-CA9FA02B2437}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A4232C3-097A-4559-827E-84308403AFB7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AE48701-CA05-4EE8-8C41-55F174640559}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CA6D4AA-9531-46B9-8F85-60677C471C1F}" = lport=138 | protocol=17 | dir=in | app=system |
"{52EEC3EB-B71D-4BBC-AD01-BC57597FF5A5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{53449F64-80E2-4C5E-B8C8-C8F1E5CECDFA}" = lport=139 | protocol=6 | dir=in | app=system |
"{583F8907-2158-448C-9365-7AC5E94E9669}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5F3C38DB-6354-43AC-87C5-85F38F2CB50F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{690A5C6B-EB6A-4A14-A9FC-116026D3E470}" = rport=445 | protocol=6 | dir=out | app=system |
"{7095C769-D5CD-4BEE-A3A9-66E5669EE564}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71406FC5-F56E-4554-BDFA-557327E3608A}" = rport=139 | protocol=6 | dir=out | app=system |
"{74C5C23A-CD3A-4D77-A294-E7B95A1754EF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7927E995-3008-4D86-894E-F742CE732153}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E02EDBE-3A7C-4B5E-93AC-BAC6FF0E40CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8940881C-D03F-466A-9047-45B03D7D584F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89904A2C-65BE-49AE-B4E8-C55CECF6C3BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{94AB9204-74EE-42F8-8269-6753009390A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9574CDC8-947E-4F6E-9AEB-63F1F1548518}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A27EB976-5B59-4512-B276-1C7D5891ED4C}" = rport=137 | protocol=17 | dir=out | app=system |
"{CE7730D0-FD03-4704-9FF6-E364B953571A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D6FABD8E-1BA9-4BE3-A8F7-FAEC07F260B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D70EB3ED-2375-44FC-8B46-2DA851DA164C}" = rport=138 | protocol=17 | dir=out | app=system |
"{E7A4DC80-E778-4CB7-9AD0-3A47264202E0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ECCBAC8A-C834-4343-B58D-AC9E1B312D2D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EF0E928C-B634-422C-A6C6-CDF93715CEB8}" = lport=445 | protocol=6 | dir=in | app=system |
"{F7EE1244-E308-42B5-BBAD-25CF236AEE3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0479063F-4ACF-4BCF-BEBE-C9C5110C7FA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{058F2979-8B48-4833-94BD-240784FC5877}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{07DCFC71-2304-476A-ACE9-E2A026714AA1}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{2052054A-C080-4AA3-9BE6-0ED1265A1EE6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{20D7EAC9-786F-41B4-A9AF-10BF741C9771}" = protocol=17 | dir=in | app=c:\program files\opera 10.50 beta\opera.exe |
"{271C2E95-61C0-47B4-BE3E-434CA4213265}" = protocol=6 | dir=in | app=c:\program files\opera 10.50 beta\opera.exe |
"{28436B60-08B1-4ED0-801F-8ADF939D4B4F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{32C5ECC2-99D0-4DAC-8699-9A1DEAFA5C08}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3387A911-6EA4-4D31-9236-9CEBD4B81CEB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3AEC9A32-E4A3-49AA-8444-8CF1D7F7C14E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E0A947A-7111-478F-8A85-98B06957DD32}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3E729AE8-2702-4AD8-80B6-D551E0DE1FFD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4413BA90-4785-4ABF-9D8B-498537BA7E35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44D6A932-BA77-4CC7-8992-F784C2B09AA6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{45A729DB-7DC3-498F-A2EC-E637A228151D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C9B6D4E-56FF-461E-A7E8-A4DBA8F1813C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{547F469A-3AC4-4AF8-ADA2-494A5E696E52}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{5A3FAB46-C8DA-49BC-9848-BA8901FBDC8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B31A94A-F235-46AB-964D-96F5F577265A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5FBCABA8-FC8E-490E-8A88-E0F16DC4AAA8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{66E7F63B-A11C-43C8-A7C8-551B31797FA9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6B26D563-C1F0-4F21-898D-11A6A21525EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B4A5774-7153-43DA-94C9-54FE5A257713}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{6B4E5546-0531-4D3A-843E-39FF2A5A814D}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{6F8B965F-04A9-4E38-BF0F-FD93223D67F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7196764F-47AA-4AB9-9DBB-8C09BEA2C36A}" = protocol=17 | dir=in | app=c:\program files\opera 10.50 beta\opera.exe |
"{7953E7FE-0D01-43D0-8F6B-EE83E3CAC280}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{85984CAF-F4E6-49ED-A1B2-1031280BF174}" = protocol=6 | dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{8615AFD4-F91C-4E09-9482-F469AA88E044}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{9393389E-68ED-4CC6-873D-EEB124761E58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E5A7A6A-6A7D-4027-888B-757E99A0EB69}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A136D65B-F0F0-4713-A6F5-D1AF9A144CB5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A1FBB379-FD3A-4C55-8475-AB88CDFF6C73}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A7BBD0CD-1E77-4DC9-98B9-D5225A882FAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD7350C1-2256-4B35-AE84-353432BF0CAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0FD0CFF-9C08-4840-B422-121FC074C6E0}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{B38CCB04-0136-4AE7-AD03-E0B3EA460922}" = protocol=6 | dir=out | app=system |
"{B4EA40D2-3DC7-4E87-AFF4-A08E682F71DD}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{BB6C0CCF-642E-44CF-89D8-01208BC61E8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C077FC43-E175-4275-98A8-AA40FA6A8BB8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C07CE9CF-5907-4263-AD8C-6954928205F6}" = protocol=17 | dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{C2382999-604C-42A3-A118-C2F82778875B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C74ECC4C-341A-4718-8091-AFE69E02EAFA}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{C7C881F3-9327-41B1-AA46-F16DF9373A74}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{CC924DF6-D9FB-44EB-A996-0988355733FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF084D4A-BB7B-4533-9702-66A863E69A74}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{D46BAB80-C90A-4C98-BDD8-FAE859D9F64B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D63671F2-7E2D-48BC-B694-3B4E484EA96D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DA6D3E82-7817-4C0C-8B30-C9902C488323}" = protocol=6 | dir=in | app=c:\program files\opera 10.50 beta\opera.exe |
"{E1DC2B3D-E399-46DE-A906-B846391FEA92}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{E62F131C-3326-4692-BB2F-9DBE372A8857}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E6BCB9AF-4B6C-40D9-BDAD-04741ACCD491}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6D9057B-B4FC-4D59-9CD2-9AF173D0E3D6}" = protocol=6 | dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{F5B7AAD7-9309-48C5-A593-D60206A3F235}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{F84FA520-4656-41CE-A9F2-FF103FE390A2}" = protocol=17 | dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"TCP Query User{09911320-AB44-4B47-AE6B-8DB29E142D28}C:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"TCP Query User{0CA7E360-2C2C-4E12-AD89-1530123B126D}C:\program files\lucasarts\star wars empire at war forces of corruption\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\fpupdate.exe |
"TCP Query User{15F09D0E-D48B-46D6-AF0F-4999A223FD5F}C:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"TCP Query User{1C07CFD9-6CA8-440B-9C07-4E8B7D4115F1}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{24907AA2-BC7E-4993-8E03-E0CCA4B32E8C}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{30D6F571-9160-4888-9E1B-18FF1B84CEC7}C:\games\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_closed_beta\worldoftanks.exe |
"TCP Query User{45C8B7C5-0C46-40D0-838E-D119DE1B21CB}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe |
"TCP Query User{54AC8804-15BB-4AC4-BAAE-751F81536EDF}C:\program files\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\company of heroes\reliccoh.exe |
"TCP Query User{55203BAC-52F8-4D46-92E9-9F98C3FF227C}C:\users\jan\desktop\sdc230\strongdc.exe" = protocol=6 | dir=in | app=c:\users\jan\desktop\sdc230\strongdc.exe |
"TCP Query User{5B577DF5-4BB5-48D9-9714-30CDED2D154B}C:\users\jan\desktop\sdc230\strongdc.exe" = protocol=6 | dir=in | app=c:\users\jan\desktop\sdc230\strongdc.exe |
"TCP Query User{712EA97D-79B1-4BDC-A12A-D9C58DA9A078}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{9040949C-1BF1-407A-B111-37B01EF5049C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{9105DE4B-273C-4F8F-BFB6-B6FBB9F3FE68}C:\program files\ea games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command and conquer generals\game.dat |
"TCP Query User{97DC31C6-99A5-4232-83E6-A7FF2C58E21B}C:\program files\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\company of heroes\reliccoh.exe |
"TCP Query User{98988A8D-2325-4935-BC37-6D9BBA0ED0FA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A7760AE7-D20A-4D0A-9944-C0F1481C8164}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{A79D0A74-AAAA-4AC3-9E9D-F91EE12D97BC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B764775F-7AEF-443C-B378-6470AFC7C667}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{C9362A30-E9EA-45C3-9D08-616FC5D1FB0E}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{C9D3A1D1-5DAA-4283-8B49-A2B7993EC914}C:\users\jan\downloads\age of empires 2\age of empires 2\empires2.exe" = protocol=6 | dir=in | app=c:\users\jan\downloads\age of empires 2\age of empires 2\empires2.exe |
"TCP Query User{E2BE436B-7EB9-426A-B34D-61318193C4AC}C:\games\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_closed_beta\worldoftanks.exe |
"TCP Query User{E75A0FD5-079C-452B-971E-84BDF1CF3F62}C:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"TCP Query User{EAEA8331-A41A-41E7-8AA2-AB8698E1EB42}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{FF1C6B44-FD31-4D36-982C-4BC48988CC95}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{068254B2-D23B-4951-B337-C8E38101DEB4}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{1729CE83-19F0-4EEB-9402-1577F9215FC5}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{22AB77E3-D054-443B-AE0D-13D88BB3BC1E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{2B3D1F15-9EF8-4A1F-9880-C4949C8480A9}C:\users\jan\desktop\sdc230\strongdc.exe" = protocol=17 | dir=in | app=c:\users\jan\desktop\sdc230\strongdc.exe |
"UDP Query User{36E4C53A-DA3C-4599-BFB1-721ABC31FEE6}C:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"UDP Query User{445EA1AE-EB2D-4EA4-83D1-D443352B7B87}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe |
"UDP Query User{56F1CFB4-D327-4736-86C7-11DAE1C4300E}C:\games\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_closed_beta\worldoftanks.exe |
"UDP Query User{59016EE7-1900-498C-BCD3-E74D28C33F3B}C:\games\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_closed_beta\worldoftanks.exe |
"UDP Query User{5E4A4CFA-43AC-4A5D-B998-CEAABEFBDC61}C:\program files\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\company of heroes\reliccoh.exe |
"UDP Query User{654293D8-6359-4B53-B1E5-9E501B896AAF}C:\users\jan\desktop\sdc230\strongdc.exe" = protocol=17 | dir=in | app=c:\users\jan\desktop\sdc230\strongdc.exe |
"UDP Query User{65F90D5F-9FCB-44FD-A196-54B81B8EA5F5}C:\users\jan\downloads\age of empires 2\age of empires 2\empires2.exe" = protocol=17 | dir=in | app=c:\users\jan\downloads\age of empires 2\age of empires 2\empires2.exe |
"UDP Query User{6E75F4C5-E6E9-4EE4-BE50-732311461F76}C:\program files\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\company of heroes\reliccoh.exe |
"UDP Query User{6F3238F7-CA11-48C1-B779-53CCC61689BE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6F457764-9480-4571-8AC7-18CAB826125E}C:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"UDP Query User{796227A5-4F4A-47AD-A12F-7EB2098AE813}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"UDP Query User{7B28BC93-1A18-4D68-8648-1A502F568326}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{90604344-0DD0-46D0-B7BA-765F2522841C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{95F36760-858D-4273-BB29-64F75D6867D4}C:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"UDP Query User{CC776D5C-1561-43AF-A517-E880652C6BFA}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{DB5334D6-8D78-46BB-BA40-3C46DD48B17E}C:\program files\lucasarts\star wars empire at war forces of corruption\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\fpupdate.exe |
"UDP Query User{E3ED0F5D-3350-4E1C-9A28-DAFCA4C05E52}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E90D1546-006A-471E-A118-9FC955C59FE1}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{EB228698-9397-4A0D-805F-25AD675E63B4}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{EB4AD9D9-CF76-4794-97C3-7C8DF4928258}C:\program files\ea games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command and conquer generals\game.dat |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E779810-ACCA-4483-BC76-12DFE055B452}" = Asistent pro přihlášení ke službě Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{20D0CDB1-5F03-4A5D-86EB-7C218053B157}" = Windows Live Messenger
"{2129C924-9FD8-4D0F-8B31-4B4D3E5E0033}" = Anglicko-český slovník pro MS Office
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}" = Cisco EAP-FAST Module
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{432282b5-d708-431a-9ada-abbbbac3f205}" = Business Contact Manager pro aplikaci Outlook 2007 SP1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4B4451CE-D1E6-4BDE-B4B2-59F03BB83B7C}" = Windows Live Sync
"{4EA44BA4-A708-4223-BC1A-22B6DA9E7D1C}" = Windows Live Essentials
"{4F0AD6E9-83F8-40DB-8ED2-6534DC26B3C0}" = Opera 10.50
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54FEAF1A-8F2A-44C1-95CA-5C1C21F4F934}" = Windows Live Mail
"{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6E5EEE1B-3907-44C3-83BA-AD4B8CE40F76}" = Windows Live Writer
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROHYBRIDR_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}_PROPLUS_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROHYBRIDR_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}_PROPLUS_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROHYBRIDR_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}_PROPLUS_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{934B3B19-8193-467A-B356-E73F82647D38}" = Cisco LEAP Module
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{98ECA868-E308-4504-A231-10B1D2B50725}" = Gigabyte U7000 TV Card Driver
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A824ED3-387B-44ED-90CA-B58D5B8171AB}" = Gigabyte U7000 TV Card Remote Control Device
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Software Bluetooth WIDCOMM
"{A13DE9CB-8C84-4889-B114-C5A9661F844E}" = Windows Live Fotogalerie
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Součásti připojení sady Microsoft Office Small Business
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.4 - Czech
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD1449B-DF0C-4118-B76D-68C54009576C}" = Cisco PEAP Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{dc83ca91-c038-42af-8be9-beefdfa27fdf}" = Nero 9 Lite
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage
"µTorrent CZ_is1" = µTorrent CZ 1.8.5 (build 17414)
"7-Zip" = 7-Zip 9.20
"A5F5C05F-717B-73C4-3160-2ABA7041614D" = Esmska
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Air Conflicts" = Air Conflicts
"avast" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battle.net" = Battle.net
"BS_Player Toolbar" = BS_Player Toolbar
"BSPlayerf" = BS.Player FREE
"Business Contact Manager" = Business Contact Manager pro aplikaci Outlook 2007 SP1
"Call of Duty" = Call of Duty
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Cradle Of Rome_is1" = Cradle Of Rome
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVB Dream_is1" = DVB Dream version 1.4i
"DVD Shrink_is1" = DVD Shrink 3.2
"EAX Unified" = EAX Unified
"ffdshow_is1" = ffdshow [rev 3207] [2010-01-18]
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Indeo® Software" = Indeo® Software
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"LManager" = Launch Manager
"Mafia Game" = Mafia Game
"MatrixMania Screensaver" = MatrixMania Screensaver
"MediaCoder" = MediaCoder 0.7.2.4526
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSC" = McAfee SecurityCenter
"NoteWorthy Composer Browser Plug-in" = NoteWorthy Composer Browser Plug-in
"NSS" = Norton Security Scan
"Opera 11.50.1074" = Opera 11.50
"Plane Arcade" = Plane Arcade
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUS" = Microsoft Office Professional Plus 2007
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.1
"Radar Screensaver_is1" = Radar Screensaver version 1.72
"Red Alert 2" = Command & Conquer Red Alert 2
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"Robin Hood: The Legend Of Sherwood" = Robin Hood: The Legend Of Sherwood
"Silent Hunter 3 čeština_is1" = SH3cz verze 1.1 final
"Sonar Screensaver_is1" = Sonar Screensaver 1.00
"STARWARS: The Battle of Endor v2.1_is1" = STARWARS: The Battle of Endor version 2.1
"STARWARS: The Battle of Yavin v1.1_is1" = STARWARS: The Battle of Yavin version 1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Matrix Reloaded" = The Matrix Reloaded
"Totalcmd" = Total Commander (Remove or Repair)
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.7
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WOLAPI" = Westwood Shared Internet Components
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3881389102-2482362552-4048202739-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP Infium" = QIP Infium 2.0.9030 RC4

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2010-07-18 15:31:20 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description =

Error - 2010-07-18 15:32:02 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description =

Error - 2010-10-09 19:31:12 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description =

Error - 2010-10-11 13:59:52 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description =

Error - 2011-07-21 04:23:55 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description =

Error - 2011-07-21 06:07:31 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description =

Error - 2011-07-21 09:26:15 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description =

Error - 2011-07-21 09:26:15 | Computer Name = Jan-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 2011-04-26 07:52:59 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-04-26 12:01:21 | Computer Name = Jan-PC | Source = McLogEvent | ID = 5051
Description = Podproces v procesu C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe trval
poi plniní požadavku déle než 90000 ms. Proces bude ukoneen . Id prodprocesu: 2144
(0x860) Adresa podprocesu 0x77429A94 Zpráva podprocesu Build VSCORE.14.0.0.435 /
5301.4018 Object being scanned = \Device\HarddiskVolume3\WoT_beta_0.6.1.5.58710_eng_setup.exe

by C:\totalcmd\TOTALCMD.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2011-04-28 16:22:44 | Computer Name = Jan-PC | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 2011-04-28 16:23:06 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-04-28 16:26:41 | Computer Name = Jan-PC | Source = McLogEvent | ID = 5051
Description = Podproces v procesu C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe trval
poi plniní požadavku déle než 90000 ms. Proces bude ukoneen . Id prodprocesu: 3872
(0xf20) Adresa podprocesu 0x771E9A94 Zpráva podprocesu Build VSCORE.14.0.0.435 /
5301.4018 Object being scanned = \Device\HarddiskVolume3\WoT_beta_0.6.1.5.58710_eng_setup.exe

by C:\totalcmd\TOTALCMD.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2011-05-01 14:56:59 | Computer Name = Jan-PC | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 2011-05-01 14:58:24 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =

Error - 2011-05-01 15:20:51 | Computer Name = Jan-PC | Source = McLogEvent | ID = 5051
Description = Podproces v procesu C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe trval
poi plniní požadavku déle než 90000 ms. Proces bude ukoneen . Id prodprocesu: 3992
(0xf98) Adresa podprocesu 0x777E9A94 Zpráva podprocesu Build VSCORE.14.0.0.435 /
5301.4018 Object being scanned = \Device\HarddiskVolume3\WoT_beta_0.6.1.5.58710_eng_setup.exe

by C:\totalcmd\TOTALCMD.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 2011-05-02 10:15:31 | Computer Name = Jan-PC | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 2011-05-02 10:16:57 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 2010-01-24 14:16:50 | Computer Name = Jan-PC | Source = ehRecvr | ID = 4
Description =

[ OSession Events ]
Error - 2011-05-12 20:19:27 | Computer Name = Jan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011-05-20 08:42:19 | Computer Name = Jan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 43046
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2011-07-21 14:33:04 | Computer Name = Jan-PC | Source = DCOM | ID = 10005
Description =

Error - 2011-07-21 14:33:11 | Computer Name = Jan-PC | Source = DCOM | ID = 10005
Description =

Error - 2011-07-21 14:33:12 | Computer Name = Jan-PC | Source = DCOM | ID = 10005
Description =

Error - 2011-07-21 14:33:19 | Computer Name = Jan-PC | Source = DCOM | ID = 10005
Description =

Error - 2011-07-21 14:33:47 | Computer Name = Jan-PC | Source = DCOM | ID = 10005
Description =

Error - 2011-07-21 14:34:03 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2011-07-21 14:34:03 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2011-07-21 14:38:38 | Computer Name = Jan-PC | Source = iaStor | ID = 262153
Description = Zařízení \Device\Ide\iaStor0 neodpovídá v periodě časového limitu.

Error - 2011-07-21 14:41:03 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 2011-07-21 14:41:06 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7031
Description =


< End of report >

[motji]

Máte tam nějak moc antivirů


Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 85 bytes ->
C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9VFN4TK1RVDNGCMLLJG7JYFLMYUKVVGVKVF5VP4VH
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5A437AC3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DCAF903C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3064D21D
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3201AC76
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:ADE16379
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F7862839
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:ABFE9AF5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CE0A077E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:8750DCE4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:35759C73
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:41099CE9
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [Halo2] File not found
O4 - HKLM..\Run: [TQ566808] File not found
O4 - HKLM..\Run: [KMCONFIG] File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... ensa_5635z
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [JDK5SWFMZY] File not found
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [Videohost] File not found
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [WindowsSysControl] File not found
O4 - HKLM..\RunOnce: [] File not found

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Users\Jan\AppData\Roaming\DRO3987.tmp.exe
 C:\Users\Jan\AppData\Roaming\DRO498D.tmp.exe
 C:\Users\Jan\AppData\Roaming\DRO817E.tmp.exe
C:\Users\Jan\AppData\Roaming\DROB6F0.tmp.exe
C:\Users\Jan\AppData\Roaming\DROB99E.tmp.exe
C:\Users\Jan\AppData\Roaming\DROE34C.tmp.exe
 C:\Users\Jan\AppData\Roaming\DROF43D.tmp.exe
 C:\Users\Jan\AppData\Roaming\DROFCA6.tmp.exe
C:\Users\Jan\AppData\Roaming\.#
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
C:\Users\Jan\AppData\Local\Temp\Gtl.exe
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\Windows\System32\ezsidmv.dat
C:\Windows\tasks\Norton Security Scan for Jan.job

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

[wolf1989]

Antivirů jsem měl více, pak jsem měl jen Avast freeantivirus, ale ten vir mi je pak všechny zase jakoby vrátil zpět, ale nejsou funkční.

[motji]

Dobře, pak to opravíme. Ted udělejte ten skript na OTL

[wolf1989]

Jste si jistá správností vašeho skriptu?
Zadám ho do bílého pole dole, kliknu na opravit a nic. Píše to u několika řádků "File not found" a pc se neresetuje, jen zmizí plocha, ale nic víc.

[motji]

Zkuste ho v nouzovém režimu. Pokud by to ani tam nešlo, pár řádků vynecháme.

[wolf1989]

já pracuji v tuto chvíli neustále v nouzovém režimu s přístupem na síť, kvůli tomu viru se nedostanu do normálního režimu.

[motji]

Zkuste tento skirpt

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 85 bytes ->
C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9VFN4TK1RVDNGCMLLJG7JYFLMYUKVVGVKVF5VP4VH
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5A437AC3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DCAF903C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3064D21D
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3201AC76
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:ADE16379
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F7862839
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:ABFE9AF5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CE0A077E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:8750DCE4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:35759C73
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:41099CE9
O4 - HKLM..\Run: [TQ566808] File not found
O4 - HKLM..\Run: [KMCONFIG] File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... ensa_5635z
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [JDK5SWFMZY] File not found

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Users\Jan\AppData\Roaming\DRO3987.tmp.exe
C:\Users\Jan\AppData\Roaming\DRO498D.tmp.exe
C:\Users\Jan\AppData\Roaming\DRO817E.tmp.exe
C:\Users\Jan\AppData\Roaming\DROB6F0.tmp.exe
C:\Users\Jan\AppData\Roaming\DROB99E.tmp.exe
C:\Users\Jan\AppData\Roaming\DROE34C.tmp.exe
C:\Users\Jan\AppData\Roaming\DROF43D.tmp.exe
C:\Users\Jan\AppData\Roaming\DROFCA6.tmp.exe
C:\Users\Jan\AppData\Roaming\.#
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
C:\Users\Jan\AppData\Local\Temp\Gtl.exe
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\Windows\System32\ezsidmv.dat
C:\Windows\tasks\Norton Security Scan for Jan.job

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

[wolf1989]

Zase nic, neresetuje se, prostě "zmrzne" a tohle se mi objeví v tom bílém poli dole:

IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... ensa_5635z
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
O4 - HKU\S-1-5-21-3881389102-2482362552-4048202739-1003..\Run: [JDK5SWFMZY] File not found

:files


Asi bych to nechal na zítra, ráno moudřejší večera, co říkáte?

[motji]

Zkuste tohle

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 85 bytes ->
C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9VFN4TK1RVDNGCMLLJG7JYFLMYUKVVGVKVF5VP4VH
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5A437AC3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DCAF903C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3064D21D
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3201AC76
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:ADE16379
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F7862839
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:ABFE9AF5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CE0A077E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:8750DCE4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:35759C73
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:41099CE9

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Users\Jan\AppData\Roaming\DRO3987.tmp.exe
C:\Users\Jan\AppData\Roaming\DRO498D.tmp.exe
C:\Users\Jan\AppData\Roaming\DRO817E.tmp.exe
C:\Users\Jan\AppData\Roaming\DROB6F0.tmp.exe
C:\Users\Jan\AppData\Roaming\DROB99E.tmp.exe
C:\Users\Jan\AppData\Roaming\DROE34C.tmp.exe
C:\Users\Jan\AppData\Roaming\DROF43D.tmp.exe
C:\Users\Jan\AppData\Roaming\DROFCA6.tmp.exe
C:\Users\Jan\AppData\Roaming\.#
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
C:\Users\Jan\AppData\Local\Temp\Gtl.exe
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\Windows\System32\ezsidmv.dat
C:\Windows\tasks\Norton Security Scan for Jan.job

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

[motji]

Pokud to stále nejde, napište, uděláme to jinak