Ahoj,zde zasilám svůj potřebný log z RSIT :
Logfile of random's system information tool 1.09 (written by random/random)
Run by Josef at 2011-08-22 18:52:46
Microsoft Windows 7 Ultimate
System drive H: has 6 GB (1%) free of 477 GB
Total RAM: 2013 MB (26% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:52:49, on 22.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal
Running processes:
H:\games\steam.exe
H:\Program Files (x86)\uTorrent\uTorrent.exe
H:\Program Files (x86)\Skype\Phone\Skype.exe
H:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
H:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
H:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
H:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
H:\Program Files (x86)\ICQ7.0\ICQ.exe
H:\Program Files (x86)\Bluetooth PC Dialer\BluetoothPCDialer.exe
H:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
H:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
H:\Program Files (x86)\4Storko\PrePatch.exe
H:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
H:\Windows\Samsung\PanelMgr\SSMMgr.exe
H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
H:\Windows\update.tray-7-0\svchost.exe
H:\Windows\update.tray-12-0\svchost.exe
H:\Windows\l1rezerv.exe
H:\Windows\systemup.exe
H:\Program Files (x86)\Opera\opera.exe
H:\Program Files\trend micro\Josef.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = H:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll
R3 - URLSearchHook: Hot MP3 Toolbar - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - H:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hot MP3 Toolbar - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - H:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Brothersoft - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - H:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - H:\Program Files (x86)\MediaGet DB Toolbar\tbcore3.dll (file missing)
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Hot MP3 Toolbar - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - H:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [4StoryPrePatch] H:\Program Files (x86)\4Storko\PrePatch.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] H:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DATAMNGR] H:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "H:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [wxpdrv] H:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] H:\Windows\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] H:\Windows\update.tray-12-0\svchost.exe
O4 - HKLM\..\Run: [6174124.exe] "H:\Windows\Temp\6174124.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "H:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "H:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [3991055.exe] "H:\Users\Josef\AppData\Local\Temp\3991055.exe"
O4 - HKLM\..\Run: [5651145.exe] "H:\Windows\Temp\5651145.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "H:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [46359562-loader2.exe] "H:\Windows\Temp\46359562-loader2.exe"
O4 - HKLM\..\Run: [55220678-loader2.exe] "H:\Windows\Temp\55220678-loader2.exe"
O4 - HKLM\..\Run: [57123688-loader2.exe] "H:\Windows\Temp\57123688-loader2.exe"
O4 - HKLM\..\Run: [72619303-loader2.exe] "H:\Windows\Temp\72619303-loader2.exe"
O4 - HKLM\..\Run: [90841799-loader2.exe] "H:\Windows\Temp\90841799-loader2.exe"
O4 - HKLM\..\Run: [23519038-loader2.exe] "H:\Windows\Temp\23519038-loader2.exe"
O4 - HKLM\..\Run: [avast] "H:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [36151428-loader2.exe] "H:\Windows\Temp\36151428-loader2.exe"
O4 - HKLM\..\Run: [11002160-loader2.exe] "H:\Windows\Temp\11002160-loader2.exe"
O4 - HKLM\..\Run: [2809727-loader2.exe] "H:\Windows\Temp\2809727-loader2.exe"
O4 - HKLM\..\Run: [42677668-loader2.exe] "H:\Windows\Temp\42677668-loader2.exe"
O4 - HKLM\..\Run: [3757569.exe] "H:\Windows\Temp\3757569.exe"
O4 - HKLM\..\Run: [46035077-loader2.exe] "H:\Windows\Temp\46035077-loader2.exe"
O4 - HKLM\..\Run: [68897641-loader2.exe] "H:\Windows\Temp\68897641-loader2.exe"
O4 - HKLM\..\Run: [20167167-loader2.exe] "H:\Windows\Temp\20167167-loader2.exe"
O4 - HKLM\..\Run: [systemup] "H:\Windows\systemup.exe" stand
O4 - HKLM\..\Run: [65913245-loader2.exe] "H:\Windows\Temp\65913245-loader2.exe"
O4 - HKLM\..\Run: [82227236-loader2.exe] "H:\Windows\Temp\82227236-loader2.exe"
O4 - HKLM\..\Run: [90226483-loader2.exe] "H:\Windows\Temp\90226483-loader2.exe"
O4 - HKLM\..\Run: [29461405-loader2.exe] "H:\Users\Josef\AppData\Local\Temp\29461405-loader2.exe"
O4 - HKLM\..\Run: [5157460-loader2.exe] "H:\Windows\TEMP\5157460-loader2.exe"
O4 - HKLM\..\Run: [97917401-loader2.exe] "H:\Users\Josef\AppData\Local\Temp\97917401-loader2.exe"
O4 - HKCU\..\Run: [Steam] "h:\games\steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] H:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [EA Core] "H:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Windows Update] H:\Windows\system32\firefox.exe
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [FlashGet 3] "H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
O4 - HKCU\..\Run: [IpSharkk] "H:\Program Files\IpSharkk\IpSharkk.exe" /auto
O4 - HKCU\..\Run: [JP595IR86O] H:\Users\Josef\AppData\Local\Temp\Xhv.exe
O4 - HKCU\..\Run: [NVIDIA driver monitor] h:\users\public\nvsvc32.exe
O4 - HKCU\..\Run: [Skype] "H:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] H:\Program Files (x86)\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "H:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "H:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "H:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Bluetooth PC Dialer.lnk = H:\Program Files (x86)\Bluetooth PC Dialer\BluetoothPCDialer.exe
O4 - Startup: OpenOffice.org 3.0.lnk = H:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\Windows\system32\GPhotos.scr/200
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - H:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - H:\Program Files (x86)\ICQ7.0\ICQ.exe
O10 - Unknown file in Winsock LSP: h:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: h:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - H:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: h:\progra~2\wia6eb~1\datamngr\datamngr.dll h:\progra~2\wia6eb~1\datamngr\iebho.dll h:\progra~2\bandoo\bndhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - H:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - H:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - H:\Program Files (x86)\Bandoo\Bandoo.exe
O23 - Service: ddservice - Unknown owner - H:\Windows\update.7.1\svchostdriver.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - H:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - H:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - H:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - H:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - H:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - H:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - H:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - H:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - H:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - H:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - H:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - H:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - H:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - H:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - H:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - H:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - H:\Windows\sysdriver32.exe
O23 - Service: Steam Client Service - Valve Corporation - H:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - H:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - H:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - H:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - H:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - H:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - H:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - H:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Unknown owner - H:\Windows\update.1\svchost.exe
--
End of file - 16459 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
H:\Windows\system32\services.exe
H:\Windows\system32\lsass.exe
H:\Windows\system32\lsm.exe
H:\Windows\system32\svchost.exe -k DcomLaunch
H:\Windows\system32\svchost.exe -k RPCSS
H:\Windows\system32\Ati2evxx.exe
H:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
H:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
H:\Windows\system32\svchost.exe -k netsvcs
H:\Windows\system32\svchost.exe -k LocalService
Ati2evxx.exe -Client
H:\Windows\system32\svchost.exe -k NetworkService
H:\Windows\System32\spoolsv.exe
H:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"H:\Windows\system32\Dwm.exe"
"taskhost.exe"
H:\Windows\system32\svchost.exe -k bthsvcs
H:\Windows\update.7.1\svchostdriver.exe srv
H:\Windows\Explorer.EXE
"H:\Windows\System32\igfxtray.exe"
"H:\Windows\System32\hkcmd.exe"
"H:\Windows\System32\igfxpers.exe"
"H:\games\steam.exe" -silent
"H:\Program Files (x86)\uTorrent\uTorrent.exe"
H:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"H:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"H:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"H:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"H:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
H:\Windows\SysWOW64\PnkBstrA.exe
H:\Windows\SysWOW64\PnkBstrB.exe
H:\Windows\update.5.0\svchost.exe srv
H:\Windows\update.2\svchost.exe srv
"H:\Windows\update.5.0\svchost.exe" stand
H:\Windows\sysdriver32.exe srv
H:\Windows\system32\svchost.exe -k imgsvc
"H:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
"H:\Windows\update.2\svchost.exe" stand
"H:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"H:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
"H:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
"H:\Program Files (x86)\Bluetooth PC Dialer\BluetoothPCDialer.exe"
"H:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"H:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"H:\Program Files (x86)\4Storko\PrePatch.exe"
"H:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2H:\\Program Files (x86)\\OpenOffice.org 3\\program"
"H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"H:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun
H:\Windows\Samsung\PanelMgr\caller64.exe Samsung PanelMgr
"H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe"
"H:\Windows\update.tray-7-0\svchost.exe"
H:\Windows\update.1\svchost.exe srv
"H:\Windows\update.tray-12-0\svchost.exe"
WLIDSvcM.exe 3132
"H:\Program Files (x86)\Bandoo\Bandoo.exe"
"H:\Windows\l1rezerv.exe"
H:\Windows\system32\SearchIndexer.exe /Embedding
"H:\Windows\systemup.exe" stand
H:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"H:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-58a86a96-b1ab-4e4d-8705-6debe8661f05 -SystemEventPortName:HostProcess-c57ad2e3-786f-41c3-a04c-0e6b3fff8f69 -IoCancelEventPortName:HostProcess-27753d94-e104-45d5-aa22-668a30365114 -NonStateChangingEventPortName:HostProcess-e912cb9c-40fe-4368-811e-6ee064439b01 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:88bea3a9-95f6-4bdf-a32d-cb78f9709497
H:\Windows\System32\svchost.exe -k secsvcs
"H:\Windows\system32\wuauclt.exe"
"H:\Program Files (x86)\Opera\opera.exe"
H:\Windows\system32\wbem\wmiprvse.exe
H:\Windows\ufa\ufa.exe -o http://127.0.0.1:52231
\??\H:\Windows\system32\conhost.exe "8368544241501732933130110362219803216-305910115-1771281584-11947335092074661070
"taskhost.exe"
"H:\Windows\update.7.1\svchostdriver.exe" stand
taskeng.exe {871B41E8-A4BF-43B8-8121-2D56BB1FC9D2}
H:\Windows\System32\svchost.exe -k WerSvcGroup
"H:\Users\Josef\Desktop\RSITx64.exe"
======Scheduled tasks folder======
H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
H:\Windows\tasks\RegPowerClean.job
H:\Windows\tasks\RPCReminder.job
H:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
=========Mozilla firefox=========
ProfilePath - H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "radiobar@toolbar:1.0.0, {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, DTToolbar@toolbarnet.com:1.1.2.0185, toolbar@ask.com:3.11.3.15590, battlefieldheroespatcher@ea.com:4.0.53.0, {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.7.2.0, {DDABDBA1-2377-4A30-A027-25697B99E254}:3.1, illimitux@illimitux.net:4.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://dts.search-results.com/sr?src=ff ... mid=101&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=H:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=H:\Windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=H:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=H:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=H:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=H:\ProgramData\id Software\QuakeLive\npquakezero.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=h:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=H:\ProgramData\NexonEU\NGM\npNxGameeu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=H:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=H:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Webzen.com/NPGameWebStarter]
"Description"=Webzen Game Controller
"Path"=H:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
H:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
H:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npijjiFFPlugin1.xpt
H:\Program Files (x86)\Mozilla Firefox\plugins\
libdivx.dll
np-mswmp.dll
npdeploytk.dll
npdivx32.dll
npdivx32.xpt
npDivxPlayerPlugin.dll
npijjiFFPlugin1.dll
nppdf32.dll
nsIDivxPlayerPlugin.xpt
ssldivx.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
H:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
SearchResults.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\
battlefieldheroespatcher@ea.com
engine@conduit.com
ffox@bandoo.com
illimitux@illimitux.net
radiobar@toolbar
toolbar@ask.com
{99079a25-328f-4bd4-be04-00955acaa0a7}
{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
{ea614400-e918-4741-9a97-7a972ff7c30b}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\
askcom.xml
conduit.xml
daemon-search.xml
icqplugin.xml
search.xml
SearchResults.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - H:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
Loader Class - H:\PROGRA~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL [2011-07-13 118168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - H:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - H:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - H:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - H:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
Hot MP3 Toolbar - H:\Program Files (x86)\Hot_MP3\tbHot_.dll [2010-02-22 2353176]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll [2011-07-12 88976]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
Loader Class - H:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL [2011-07-13 101272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
Brothersoft Toolbar - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
BandooIEPlugin Class - H:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll [2011-07-13 2645392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - H:\Program Files (x86)\MediaGet DB Toolbar\tbcore3.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - H:\Program Files (x86)\BS_Player\tbBS_P.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - H:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - H:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-04-12 1018616]
{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - Brothersoft Toolbar - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll [2011-01-17 175912]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - H:\Program Files (x86)\BS_Player\tbBS_P.dll [2009-12-31 2349080]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll []
{9384bd4c-dd14-4be9-80f7-f6277511e4f5} - Hot MP3 Toolbar - H:\Program Files (x86)\Hot_MP3\tbHot_.dll [2010-02-22 2353176]
{99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar - H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll [2011-07-12 88976]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - H:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=H:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"IgfxTray"=H:\Windows\system32\igfxtray.exe [2011-06-03 162584]
"HotKeysCmds"=H:\Windows\system32\hkcmd.exe [2011-06-03 386840]
"Persistence"=H:\Windows\system32\igfxpers.exe [2011-06-03 417560]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=h:\games\steam.exe [2011-08-02 1242448]
"Pando Media Booster"=H:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-07-29 3077528]
"EA Core"=H:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []
"Windows Update"=H:\Windows\system32\firefox.exe []
"uTorrent"=H:\Program Files (x86)\uTorrent\uTorrent.exe [2010-12-21 395640]
"FlashGet 3"=H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe -minimize []
"IpSharkk"=H:\Program Files\IpSharkk\IpSharkk.exe /auto []
"JP595IR86O"=H:\Users\Josef\AppData\Local\Temp\Xhv.exe []
"NVIDIA driver monitor"=h:\users\public\nvsvc32.exe []
"Skype"=H:\Program Files (x86)\Skype\Phone\Skype.exe [2010-12-03 14944136]
"DAEMON Tools Lite"=H:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"Sony Ericsson PC Companion"=H:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2009-12-08 774144]
"msnmsgr"=H:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background []
"DAEMON Tools Pro Agent"=H:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2011-03-17 842048]
"ICQ"=H:\Program Files (x86)\ICQ7.0\ICQ.exe [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=H:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"4StoryPrePatch"=H:\Program Files (x86)\4Storko\PrePatch.exe [2010-10-20 319488]
"Samsung PanelMgr"=H:\Windows\Samsung\PanelMgr\SSMMgr.exe [2010-06-07 618496]
"Adobe Reader Speed Launcher"=H:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"DATAMNGR"=H:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE [2011-07-13 1546640]
"LogMeIn Hamachi Ui"=H:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
"wxpdrv"=H:\Windows\services32.exe [2011-08-20 1182208]
"tray_ico"= []
"tray_ico0"=H:\Windows\update.tray-7-0\svchost.exe [2011-08-20 1182208]
"tray_ico1"=H:\Windows\update.tray-12-0\svchost.exe [2011-08-20 1182208]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"6174124.exe"=H:\Windows\Temp\6174124.exe [2011-08-20 258048]
"sysdriver32.exe"=H:\Windows\sysdriver32.exe [2011-08-20 258048]
"sysdriver32_.exe"=H:\Windows\sysdriver32_.exe [2011-08-20 258048]
"3991055.exe"=H:\Users\Josef\AppData\Local\Temp\3991055.exe [2011-08-20 258048]
"5651145.exe"=H:\Windows\Temp\5651145.exe [2011-08-20 258048]
"l1rezerv.exe"=H:\Windows\l1rezerv.exe [2011-08-20 232960]
"46359562-loader2.exe"=H:\Windows\Temp\46359562-loader2.exe [2011-08-20 258048]
"55220678-loader2.exe"=H:\Windows\Temp\55220678-loader2.exe [2011-08-20 258048]
"57123688-loader2.exe"=H:\Windows\Temp\57123688-loader2.exe [2011-08-20 258048]
"72619303-loader2.exe"=H:\Windows\Temp\72619303-loader2.exe [2011-08-20 258048]
"90841799-loader2.exe"=H:\Windows\Temp\90841799-loader2.exe [2011-08-21 258048]
"23519038-loader2.exe"=H:\Windows\Temp\23519038-loader2.exe [2011-08-21 258048]
"avast"=H:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []
"36151428-loader2.exe"=H:\Windows\Temp\36151428-loader2.exe [2011-08-21 258048]
"11002160-loader2.exe"=H:\Windows\Temp\11002160-loader2.exe [2011-08-21 258048]
"2809727-loader2.exe"=H:\Windows\Temp\2809727-loader2.exe [2011-08-21 258048]
"42677668-loader2.exe"=H:\Windows\Temp\42677668-loader2.exe [2011-08-21 258048]
"3757569.exe"=H:\Windows\Temp\3757569.exe [2011-08-21 634880]
"46035077-loader2.exe"=H:\Windows\Temp\46035077-loader2.exe [2011-08-21 258048]
"68897641-loader2.exe"=H:\Windows\Temp\68897641-loader2.exe [2011-08-21 258048]
"20167167-loader2.exe"=H:\Windows\Temp\20167167-loader2.exe [2011-08-21 258048]
"systemup"=H:\Windows\systemup.exe [2011-08-22 137728]
"65913245-loader2.exe"=H:\Windows\Temp\65913245-loader2.exe [2011-08-22 258048]
"82227236-loader2.exe"=H:\Windows\Temp\82227236-loader2.exe [2011-08-22 258048]
"90226483-loader2.exe"=H:\Windows\Temp\90226483-loader2.exe [2011-08-22 258048]
"29461405-loader2.exe"=H:\Users\Josef\AppData\Local\Temp\29461405-loader2.exe [2011-08-22 258048]
"5157460-loader2.exe"=H:\Windows\TEMP\5157460-loader2.exe [2011-08-22 258048]
"97917401-loader2.exe"=H:\Users\Josef\AppData\Local\Temp\97917401-loader2.exe [2011-08-22 258048]
H:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth PC Dialer.lnk - H:\Program Files (x86)\Bluetooth PC Dialer\BluetoothPCDialer.exe
OpenOffice.org 3.0.lnk - H:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="H:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll H:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
H:\Windows\system32\igfxdev.dll [2011-06-03 272896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe"="H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
"H:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="H:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine.exe"
"H:\Nexon\Combat Arms EU\CombatArms.exe"="H:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"H:\Nexon\Combat Arms EU\Engine.exe"="H:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"H:\Users\Josef\Desktop\Flash-Player.exe"="H:\Users\Josef\Desktop\Flash-Player.exe:*:Enabled:H:\Users\Josef\Desktop\Flash-Player.exe"
"H:\Windows\update.1\svchost.exe"="H:\Windows\update.1\svchost.exe:*:Enabled:H:\Windows\update.1\svchost.exe"
"H:\Windows\update.tray-7-0\svchost.exe"="H:\Windows\update.tray-7-0\svchost.exe:*:Enabled:H:\Windows\update.tray-7-0\svchost.exe"
"H:\Windows\update.2\svchost.exe"="H:\Windows\update.2\svchost.exe:*:Enabled:H:\Windows\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=H:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
======File associations======
.js - edit - H:\Windows\System32\Notepad.exe %1
.js - open - H:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-08-22 18:43:17 ----D---- H:\rsit
2011-08-22 18:43:17 ----D---- H:\Program Files\trend micro
2011-08-22 10:53:56 ----A---- H:\Windows\systemup.exe
2011-08-21 22:12:41 ----D---- H:\Program Files (x86)\IP Changer Premium
2011-08-21 12:17:37 ----HD---- H:\Windows\update.tray-12-0-lnk
2011-08-21 12:17:37 ----HD---- H:\Windows\update.tray-12-0
2011-08-21 12:03:45 ----HD---- H:\ProgramData\Common Files
2011-08-21 12:03:39 ----D---- H:\ProgramData\MFAData
2011-08-21 11:43:18 ----A---- H:\Windows\system32\drivers\aswSnx.sys
2011-08-20 09:56:42 ----D---- H:\Program Files (x86)\AMD APP
2011-08-20 09:38:24 ----D---- H:\Windows\ufa
2011-08-20 09:38:24 ----D---- H:\Windows\rpcminer
2011-08-20 09:38:24 ----D---- H:\Windows\phoenix
2011-08-20 09:36:33 ----A---- H:\Windows\l1rezerv.exe
2011-08-20 09:36:25 ----A---- H:\Windows\btc_client_iplist.txt
2011-08-20 09:35:59 ----HD---- H:\Windows\update.5.0
2011-08-20 09:35:53 ----A---- H:\Windows\iecheck_iplist.txt
2011-08-20 09:35:27 ----HD---- H:\Windows\update.2
2011-08-20 09:35:09 ----HD---- H:\Windows\update.7.1
2011-08-20 09:33:31 ----A---- H:\Windows\unrar.exe
2011-08-20 09:32:32 ----A---- H:\Windows\iplist.txt
2011-08-20 09:31:56 ----A---- H:\Windows\sysdriver32_.exe
2011-08-20 09:31:42 ----A---- H:\Windows\sysdriver32.exe
2011-08-20 09:31:09 ----A---- H:\Windows\front_ip_list.txt
2011-08-20 09:30:52 ----D---- H:\Windows\av_ico
2011-08-20 09:29:20 ----HD---- H:\Windows\update.1
2011-08-20 09:29:19 ----HD---- H:\Windows\update.tray-7-0-lnk
2011-08-20 09:29:19 ----HD---- H:\Windows\update.tray-7-0
2011-08-20 09:18:11 ----A---- H:\Windows\winlog-ids.txt
2011-08-20 09:18:11 ----A---- H:\Windows\winlog-dirs.txt
2011-08-20 09:18:06 ----A---- H:\Windows\services32.exe
2011-08-15 14:33:30 ----D---- H:\Program Files (x86)\Garena Classic
2011-08-10 11:04:05 ----A---- H:\Windows\SYSWOW64\xmllite.dll
2011-08-10 11:04:05 ----A---- H:\Windows\system32\xmllite.dll
2011-08-10 11:04:03 ----A---- H:\Windows\SYSWOW64\odbctrac.dll
2011-08-10 11:04:03 ----A---- H:\Windows\SYSWOW64\odbcjt32.dll
2011-08-10 11:04:03 ----A---- H:\Windows\SYSWOW64\odbccu32.dll
2011-08-10 11:04:03 ----A---- H:\Windows\SYSWOW64\odbccr32.dll
2011-08-10 11:04:03 ----A---- H:\Windows\SYSWOW64\odbccp32.dll
2011-08-10 11:04:03 ----A---- H:\Windows\system32\odbctrac.dll
2011-08-10 11:04:03 ----A---- H:\Windows\system32\odbccu32.dll
2011-08-10 11:04:03 ----A---- H:\Windows\system32\odbccr32.dll
2011-08-10 11:04:03 ----A---- H:\Windows\system32\odbccp32.dll
2011-08-10 11:04:00 ----A---- H:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 11:03:46 ----A---- H:\Windows\system32\kernel32.dll
2011-08-10 11:03:46 ----A---- H:\Windows\system32\conhost.exe
2011-08-10 11:03:45 ----A---- H:\Windows\system32\wow64.dll
2011-08-10 11:03:45 ----A---- H:\Windows\system32\winsrv.dll
2011-08-10 11:03:45 ----A---- H:\Windows\system32\KernelBase.dll
2011-08-10 11:03:44 ----A---- H:\Windows\SYSWOW64\setup16.exe
2011-08-10 11:03:44 ----A---- H:\Windows\SYSWOW64\ntvdm64.dll
2011-08-10 11:03:44 ----A---- H:\Windows\system32\wow64win.dll
2011-08-10 11:03:44 ----A---- H:\Windows\system32\wow64cpu.dll
2011-08-10 11:03:44 ----A---- H:\Windows\system32\ntvdm64.dll
2011-08-10 11:03:40 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 11:03:40 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 11:03:40 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 11:03:40 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 11:03:40 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 11:03:40 ----AH---- H:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 11:03:40 ----A---- H:\Windows\SYSWOW64\wow32.dll
2011-08-10 11:03:40 ----A---- H:\Windows\SYSWOW64\KernelBase.dll
2011-08-10 11:03:40 ----A---- H:\Windows\SYSWOW64\kernel32.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 11:03:39 ----AH---- H:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 11:03:38 ----AH---- H:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 11:03:37 ----AH---- H:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 11:03:37 ----AH---- H:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 11:03:37 ----AH---- H:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 11:03:37 ----A---- H:\Windows\SYSWOW64\instnm.exe
2011-08-10 11:03:36 ----A---- H:\Windows\SYSWOW64\user.exe
2011-08-10 11:03:34 ----A---- H:\Windows\system32\drivers\tcpip.sys
2011-08-10 11:03:27 ----A---- H:\Windows\system32\mshtml.dll
2011-08-10 11:03:19 ----A---- H:\Windows\system32\ieframe.dll
2011-08-10 11:03:17 ----A---- H:\Windows\SYSWOW64\iertutil.dll
2011-08-10 11:03:17 ----A---- H:\Windows\system32\iertutil.dll
2011-08-10 11:03:15 ----A---- H:\Windows\SYSWOW64\ieframe.dll
2011-08-10 11:03:12 ----A---- H:\Windows\SYSWOW64\mshtml.dll
2011-08-10 11:03:11 ----A---- H:\Windows\system32\urlmon.dll
2011-08-10 11:03:10 ----A---- H:\Windows\SYSWOW64\urlmon.dll
2011-08-10 11:03:10 ----A---- H:\Windows\system32\wininet.dll
2011-08-10 11:03:09 ----A---- H:\Windows\SYSWOW64\wininet.dll
2011-08-10 11:03:09 ----A---- H:\Windows\SYSWOW64\msfeeds.dll
2011-08-10 11:03:09 ----A---- H:\Windows\system32\msfeeds.dll
2011-08-10 11:03:08 ----A---- H:\Windows\system32\iedkcs32.dll
2011-08-10 11:03:07 ----A---- H:\Windows\SYSWOW64\url.dll
2011-08-10 11:03:07 ----A---- H:\Windows\SYSWOW64\mstime.dll
2011-08-10 11:03:07 ----A---- H:\Windows\SYSWOW64\mshtmled.dll
2011-08-10 11:03:07 ----A---- H:\Windows\SYSWOW64\msfeedsbs.dll
2011-08-10 11:03:07 ----A---- H:\Windows\SYSWOW64\ieui.dll
2011-08-10 11:03:07 ----A---- H:\Windows\SYSWOW64\iepeers.dll
2011-08-10 11:03:07 ----A---- H:\Windows\SYSWOW64\iedkcs32.dll
2011-08-10 11:03:07 ----A---- H:\Windows\system32\url.dll
2011-08-10 11:03:07 ----A---- H:\Windows\system32\mstime.dll
2011-08-10 11:03:07 ----A---- H:\Windows\system32\mshtmled.dll
2011-08-10 11:03:07 ----A---- H:\Windows\system32\msfeedsbs.dll
2011-08-10 11:03:07 ----A---- H:\Windows\system32\ieui.dll
2011-08-10 11:03:07 ----A---- H:\Windows\system32\iepeers.dll
2011-08-10 11:03:06 ----A---- H:\Windows\SYSWOW64\licmgr10.dll
2011-08-10 11:03:06 ----A---- H:\Windows\SYSWOW64\jsproxy.dll
2011-08-10 11:03:06 ----A---- H:\Windows\system32\licmgr10.dll
2011-08-10 11:03:06 ----A---- H:\Windows\system32\jsproxy.dll
2011-08-10 11:03:05 ----A---- H:\Windows\SYSWOW64\msfeedssync.exe
2011-08-10 11:03:05 ----A---- H:\Windows\system32\msfeedssync.exe
2011-08-10 11:02:59 ----A---- H:\Windows\system32\ntoskrnl.exe
2011-08-10 11:02:57 ----A---- H:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-10 11:02:56 ----A---- H:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-08 18:39:45 ----D---- H:\Program Files (x86)\LogMeIn Hamachi
2011-08-04 23:51:26 ----A---- H:\Windows\War3Unin.dat
2011-08-04 23:51:24 ----A---- H:\Windows\War3Unin.pif
2011-08-04 23:51:24 ----A---- H:\Windows\War3Unin.exe
2011-08-04 23:49:22 ----D---- H:\Program Files (x86)\W3
2011-07-31 22:07:34 ----D---- H:\Users\Josef\AppData\Roaming\.minecraft
2011-07-29 19:43:40 ----D---- H:\Users\Josef\AppData\Roaming\LolClient
2011-07-26 11:42:00 ----D---- H:\TopCD
2011-07-26 11:17:51 ----A---- H:\Windows\system32\drivers\dtsoftbus01.sys
2011-07-26 11:17:31 ----D---- H:\Program Files (x86)\DAEMON Tools Pro
2011-07-24 10:13:33 ----D---- H:\Users\Josef\AppData\Roaming\DAEMON Tools
2011-07-24 10:05:34 ----D---- H:\Program Files (x86)\DAEMON Tools Lite
======List of files/folders modified in the last 1 month======
2011-08-22 18:52:48 ----D---- H:\Windows\Temp
2011-08-22 18:50:50 ----D---- H:\Windows\Prefetch
2011-08-22 18:48:59 ----D---- H:\ProgramData\Easybits GO
2011-08-22 18:48:30 ----D---- H:\Users\Josef\AppData\Roaming\uTorrent
2011-08-22 18:46:01 ----D---- H:\Users\Josef\AppData\Roaming\Skype
2011-08-22 18:43:17 ----RD---- H:\Program Files
2011-08-22 18:19:42 ----D---- H:\games
2011-08-22 18:15:20 ----D---- H:\Users\Josef\AppData\Roaming\go
2011-08-22 16:31:10 ----D---- H:\Program Files (x86)\Mozilla Firefox
2011-08-22 16:24:14 ----D---- H:\Windows\system32\config
2011-08-22 16:13:02 ----SHD---- H:\System Volume Information
2011-08-22 15:31:15 ----D---- H:\Windows\system32\NDF
2011-08-22 15:16:09 ----D---- H:\Program Files (x86)\QuadCoreM2
2011-08-22 15:12:04 ----D---- H:\Windows
2011-08-21 22:12:41 ----D---- H:\Program Files (x86)
2011-08-21 20:50:13 ----D---- H:\Windows\Logs
2011-08-21 20:24:10 ----SHD---- H:\Windows\Installer
2011-08-21 20:23:29 ----HD---- H:\ProgramData
2011-08-21 14:05:59 ----D---- H:\Windows\Tasks
2011-08-21 14:05:59 ----D---- H:\Windows\system32\wfp
2011-08-21 14:05:59 ----D---- H:\Windows\system32\DriverStore
2011-08-21 14:05:59 ----D---- H:\Windows\system32\catroot2
2011-08-21 14:05:58 ----D---- H:\Windows\system32\drivers\etc
2011-08-21 14:05:58 ----D---- H:\Windows\system32\drivers
2011-08-21 14:05:58 ----D---- H:\Windows\System32
2011-08-21 14:05:58 ----D---- H:\Windows\inf
2011-08-21 14:05:57 ----D---- H:\Windows\system32\wbem
2011-08-21 14:05:57 ----D---- H:\ProgramData\PMB Files
2011-08-21 14:05:56 ----D---- H:\Windows\registration
2011-08-21 11:52:19 ----D---- H:\Windows\system32\Tasks
2011-08-21 11:42:35 ----D---- H:\Windows\SysWOW64
2011-08-12 11:48:21 ----RSD---- H:\Windows\assembly
2011-08-12 11:48:21 ----D---- H:\Windows\Microsoft.NET
2011-08-11 10:37:42 ----D---- H:\Windows\winsxs
2011-08-11 10:33:57 ----D---- H:\Windows\AppPatch
2011-08-11 10:33:56 ----D---- H:\Windows\SYSWOW64\migration
2011-08-11 10:33:56 ----D---- H:\Program Files\Internet Explorer
2011-08-11 10:33:56 ----D---- H:\Program Files (x86)\Internet Explorer
2011-08-11 10:33:54 ----D---- H:\Windows\system32\migration
2011-08-11 01:19:05 ----D---- H:\Windows\system32\catroot
2011-08-11 01:18:09 ----A---- H:\Windows\SYSWOW64\PerfStringBackup.INI
2011-08-11 01:17:41 ----A---- H:\Windows\system32\PerfStringBackup.INI
2011-08-05 21:26:07 ----D---- H:\Program Files (x86)\DsNET Corp
2011-08-05 14:54:00 ----D---- H:\Program Files (x86)\Valve
2011-08-02 19:59:07 ----D---- H:\Program Files (x86)\Warcraft3
2011-07-31 22:29:35 ----HD---- H:\Program Files (x86)\InstallShield Installation Information
2011-07-26 11:59:29 ----D---- H:\Program Files (x86)\SystemRequirementsLab
2011-07-24 14:30:50 ----D---- H:\Users\Josef\AppData\Roaming\BitTorrent
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; H:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; H:\Windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
R0 BtHidBus;Bluetooth HID Bus Service; H:\Windows\System32\Drivers\BtHidBus.sys [2009-09-24 23304]
R0 rdyboost;ReadyBoost; H:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; H:\Windows\System32\Drivers\sptd.sys [2011-05-27 526392]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; H:\Windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
R1 Avgtdia;AVG TDI Driver; H:\Windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; H:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; H:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-26 272448]
R3 hamachi;Hamachi Network Interface; H:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
R3 igfx;igfx; H:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-03 10628800]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); H:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]
R3 LgBttPort;LGE Bluetooth TransPort; H:\Windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator; H:\Windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
R3 LGVMODEM;LGE Virtual Modem; H:\Windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
R3 MTsensor;ATK0110 ACPI UTILITY; H:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
S1 Avgldx64;AVG AVI Loader Driver; H:\Windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S2 DgiVecp;DgiVecp; \??\H:\Windows\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\H:\Windows\system32\Drivers\SSPORT.sys []
S3 ATICDSDr;ATICDSDr; \??\H:\Users\Josef\AppData\Local\Temp\ATICDSDr.sys []
S3 atikmdag;atikmdag; H:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 5352960]
S3 AVGIDSFilter;AVGIDSFilter; H:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 BT;Bluetooth PAN Network Adapter; H:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 btnetBUs;Bluetooth PAN Bus Service; H:\Windows\System32\Drivers\btnetBus.sys [2009-09-24 27776]
S3 cpuz135;cpuz135; \??\H:\Windows\TEMP\cpuz135\cpuz135_x64.sys []
S3 dump_wmimmc;dump_wmimmc; \??\H:\Program Files (x86)\BlackShot\BlackShot\system\GameGuard\dump_wmimmc.sys []
S3 EagleX64;EagleX64; \??\H:\Windows\system32\drivers\EagleX64.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\H:\Program Files (x86)\Garena Classic\safedrv.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; H:\Windows\System32\Drivers\IvtBtBus.sys [2009-08-26 30344]
S3 NPPTNT2;NPPTNT2; \??\H:\Windows\syswow64\npptNT2.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; H:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; H:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; H:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); H:\Windows\system32\DRIVERS\s1039bus.sys [2009-11-19 127600]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; H:\Windows\system32\DRIVERS\s1039mdfl.sys [2009-11-19 19568]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; H:\Windows\system32\DRIVERS\s1039mdm.sys [2009-11-19 161904]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); H:\Windows\system32\DRIVERS\s1039mgmt.sys [2009-11-19 141424]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); H:\Windows\system32\DRIVERS\s1039nd5.sys [2009-11-19 34416]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; H:\Windows\system32\DRIVERS\s1039obex.sys [2009-11-19 137328]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); H:\Windows\system32\DRIVERS\s1039unic.sys [2009-11-19 158320]
S3 s3cap;s3cap; H:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; H:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbbus;LGE Mobile Composite USB Device; H:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-19 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; H:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-19 27136]
S3 USBModem;LGE Mobile USB Modem; H:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-19 33792]
S3 usbscan;Ovladač skeneru USB; H:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VComm;Virtual Serial port driver; H:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; H:\Windows\System32\Drivers\VcommMgr.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; H:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; H:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; H:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati External Event Utility;Ati External Event Utility; H:\Windows\system32\Ati2evxx.exe [2010-02-11 952320]
R2 Bandoo Coordinator;Bandoo Coordinator; H:\Program Files (x86)\Bandoo\Bandoo.exe [2011-07-13 2051472]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; H:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ddservice;ddservice; H:\Windows\update.7.1\svchostdriver.exe [2011-08-20 382464]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; H:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
R2 ICQ Service;ICQ Service; H:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-04-12 246520]
R2 PnkBstrA;PnkBstrA; H:\Windows\syswow64\PnkBstrA.exe [2010-11-21 75136]
R2 PnkBstrB;PnkBstrB; H:\Windows\syswow64\PnkBstrB.exe [2011-07-04 214520]
R2 srvbtcclient;srvbtcclient; H:\Windows\update.5.0\svchost.exe [2011-08-21 355840]
R2 srviecheck;srviecheck; H:\Windows\update.2\svchost.exe [2011-08-21 634880]
R2 srvsysdriver32;srvsysdriver32; H:\Windows\sysdriver32.exe [2011-08-20 258048]
R2 wlidsvc;Windows Live ID Sign-in Assistant; H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; H:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); H:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176]
S3 AppMgmt;@appmgmts.dll,-3250; H:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; H:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; H:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
S3 gupdatem;Služba Google Update (gupdatem); H:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176]
S3 gusvc;Google Updater Service; H:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; H:\Windows\syswow64\GameMon.des [2011-01-28 3988144]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; H:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; H:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S3 Steam Client Service;Steam Client Service; H:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-08-03 411432]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; H:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; H:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-27 1255736]
S4 NetMsmqActivator;@H:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; H:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@H:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; H:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@H:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; H:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
FcB virus.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: FcB virus.
Zdravim a pekny vecer preji 
Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Zvolte moznost 2 a potvrte enterem
- Utilita provede svou cinnost a da log - ten sem vlozte
- Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: FcB virus.
Děkuji za velmi rychlou odpověď,zde :
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Josef [Admin rights]
Mode: Remove -- Date : 08/22/2011 19:22:45
Bad processes: 0
Registry Entries: 32
[SUSP PATH] HKCU\[...]\Run : JP595IR86O (H:\Users\Josef\AppData\Local\Temp\Xhv.exe) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (H:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (H:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (H:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (H:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (H:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (H:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (H:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (H:\Windows\update.1\svchost.exe srv) -> DELETED
[SUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : h:\users\josef\appdata\local\temp\xhv.exe -> ERROR
[SUSP PATH] {00C857A1-0284-4845-B95D-804521C72561}.job : h:\users\josef\desktop\sindicate\sindicatem2\launcher.exe -> DELETED
[SUSP PATH] {03C09A86-4B3A-4394-BB16-672B011FB204}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {0EA1DB8B-AD11-4AC2-9542-BCEC0C97EF3D}.job : h:\users\josef\desktop\sindicatefull109.exe -> DELETED
[SUSP PATH] {2593AFCD-A00C-41F3-A7DE-8D8F95D9508E}.job : h:\users\josef\appdata\local\temp\hprogram files (x86)opera\opera.exe -> DELETED
[SUSP PATH] {32B0C754-C5C2-4EBF-82BD-999F213382F4}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {4C9B75FB-35DA-4E45-9662-358EA4B08935}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {5728900B-BAE3-4AA4-9862-DA688E87F7CE}.job : h:\users\josef\desktop\doom-3-demo.exe -> DELETED
[SUSP PATH] {5E58373A-843D-4E64-94FB-77871FC14879}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {6CDCE1AC-A652-473F-AA54-6C5FDD37DCE5}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {80C3D967-2518-488F-B1CB-0E2B79DD56B7}.job : h:\users\josef\desktop\sindicatefull109.exe -> DELETED
[SUSP PATH] {86B94D83-A3C8-4D9F-86F5-5CF8BC377555}.job : h:\users\josef\desktop\sindicatefull109.exe -> DELETED
[SUSP PATH] {94E88B4E-41F4-45FF-89C7-FCB0B7F7BB68}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {C40095D3-A8FE-447E-8AD4-21D2E631E3DF}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {E0056CD9-D8E6-4D46-8AB0-1E2C9F86FC29}.job : h:\users\josef\desktop\sindicatefull109.exe -> DELETED
[SUSP PATH] {E34E47D9-82EA-48B6-B8AC-0EAF32C54F07}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {E34FAB47-5E83-4442-B7FB-B8334315723B}.job : h:\users\josef\desktop\battlefront.exe -> DELETED
[SUSP PATH] {E5A4D957-7B17-46E5-B516-53FD0B1CB026}.job : h:\users\josef\desktop\sindicate\sindicatem2\launcher.exe -> DELETED
[SUSP PATH] {F69763B1-5B9F-44FB-A485-35FFFB1E2D76}.job : h:\users\josef\desktop\sindicatefull109.exe -> DELETED
[SUSP PATH] {FE160242-942D-4E02-B2EC-51ECFFF4221E}.job : h:\users\josef\desktop\doom-3-demo.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Particular Files / Folders:
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
zde je ten druhý :
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Josef [Admin rights]
Mode: HOSTSFix -- Date : 08/22/2011 19:25:32
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
A poslední :
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Josef [Admin rights]
Mode: ProxyFix -- Date : 08/22/2011 19:26:44
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Josef [Admin rights]
Mode: Remove -- Date : 08/22/2011 19:22:45
Bad processes: 0
Registry Entries: 32
[SUSP PATH] HKCU\[...]\Run : JP595IR86O (H:\Users\Josef\AppData\Local\Temp\Xhv.exe) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (H:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (H:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (H:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (H:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (H:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (H:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (H:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (H:\Windows\update.1\svchost.exe srv) -> DELETED
[SUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : h:\users\josef\appdata\local\temp\xhv.exe -> ERROR
[SUSP PATH] {00C857A1-0284-4845-B95D-804521C72561}.job : h:\users\josef\desktop\sindicate\sindicatem2\launcher.exe -> DELETED
[SUSP PATH] {03C09A86-4B3A-4394-BB16-672B011FB204}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {0EA1DB8B-AD11-4AC2-9542-BCEC0C97EF3D}.job : h:\users\josef\desktop\sindicatefull109.exe -> DELETED
[SUSP PATH] {2593AFCD-A00C-41F3-A7DE-8D8F95D9508E}.job : h:\users\josef\appdata\local\temp\hprogram files (x86)opera\opera.exe -> DELETED
[SUSP PATH] {32B0C754-C5C2-4EBF-82BD-999F213382F4}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {4C9B75FB-35DA-4E45-9662-358EA4B08935}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {5728900B-BAE3-4AA4-9862-DA688E87F7CE}.job : h:\users\josef\desktop\doom-3-demo.exe -> DELETED
[SUSP PATH] {5E58373A-843D-4E64-94FB-77871FC14879}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {6CDCE1AC-A652-473F-AA54-6C5FDD37DCE5}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {80C3D967-2518-488F-B1CB-0E2B79DD56B7}.job : h:\users\josef\desktop\sindicatefull109.exe -> DELETED
[SUSP PATH] {86B94D83-A3C8-4D9F-86F5-5CF8BC377555}.job : h:\users\josef\desktop\sindicatefull109.exe -> DELETED
[SUSP PATH] {94E88B4E-41F4-45FF-89C7-FCB0B7F7BB68}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {C40095D3-A8FE-447E-8AD4-21D2E631E3DF}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {E0056CD9-D8E6-4D46-8AB0-1E2C9F86FC29}.job : h:\users\josef\desktop\sindicatefull109.exe -> DELETED
[SUSP PATH] {E34E47D9-82EA-48B6-B8AC-0EAF32C54F07}.job : h:\users\josef\desktop\sindicate\sindicate\launcher.exe -> DELETED
[SUSP PATH] {E34FAB47-5E83-4442-B7FB-B8334315723B}.job : h:\users\josef\desktop\battlefront.exe -> DELETED
[SUSP PATH] {E5A4D957-7B17-46E5-B516-53FD0B1CB026}.job : h:\users\josef\desktop\sindicate\sindicatem2\launcher.exe -> DELETED
[SUSP PATH] {F69763B1-5B9F-44FB-A485-35FFFB1E2D76}.job : h:\users\josef\desktop\sindicatefull109.exe -> DELETED
[SUSP PATH] {FE160242-942D-4E02-B2EC-51ECFFF4221E}.job : h:\users\josef\desktop\doom-3-demo.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Particular Files / Folders:
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
zde je ten druhý :
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Josef [Admin rights]
Mode: HOSTSFix -- Date : 08/22/2011 19:25:32
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
A poslední :
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Josef [Admin rights]
Mode: ProxyFix -- Date : 08/22/2011 19:26:44
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Re: FcB virus.
Fajn, jdeme dale
Stahnete OTL (viz muj podpis) a ulozte jej na plochu
Stahnete OTL (viz muj podpis) a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
CREATERESTOREPOINT netsvcs drivers32 savembr:0 /md5start adp3132.sys AGP440.sys ahcix86.sys ahcix86s.sys atapi.sys autochk.exe cdrom.sys cngaudit.dll cryptsvc.dll eNetHook.dll eventlog.dll explorer.exe hal.dll Changer.sys iaStor.sys iastorv.sys IdeChnDr.sys isapnp.sys JakNDis.sys KR10N.sys logevent.dll lsass.exe mv61xx.sys ndis.sys netlogon.dll ntelogon.dll nvata.sys nvatabus.sys nvgts.sys nvraid.sys nvrd32.sys nvstor.sys nvstor32.sys scecli.dll sceclt.dll smss.exe svchost.exe symmpi.sys tcpip.sys userinit.exe vaxscsi.sys viamraid.sys viasraid.sys ViPrt.sys winlogon.exe ws2_32.dll /md5stop %systemroot%*.* /U /s %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 %SYSTEMDRIVE%\*.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s type c:\boot.ini >> test.txt /c %SystemDrive%\PhysicalMBR.bin /md5- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: FcB virus.
Promiňte,sken mi trval trochu déle. OTL log nelze zaslat do jednoho příspěvků celý,jsem nucen napsat ho po částech.
OTL logfile created on: 22.8.2011 19:48:31 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = H:\Users\Josef\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,97 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,83% Memory free
3,93 Gb Paging File | 2,19 Gb Available in Paging File | 55,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive G: | 136,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 465,75 Gb Total Space | 5,07 Gb Free Space | 1,09% Space Free | Partition Type: NTFS
Computer Name: JOSEF-PC | User Name: Josef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.08.22 19:32:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- H:\Users\Josef\Desktop\OTL.exe
PRC - [2011.08.20 09:35:08 | 000,382,464 | ---- | M] () -- H:\Windows\update.7.1\svchostdriver.exe
PRC - [2011.08.02 10:06:18 | 001,242,448 | ---- | M] (Valve Corporation) -- H:\games\steam.exe
PRC - [2011.07.13 19:54:34 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- H:\Program Files (x86)\Bandoo\Bandoo.exe
PRC - [2011.07.13 17:47:23 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.07.04 18:06:30 | 000,214,520 | ---- | M] () -- H:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011.06.29 12:20:24 | 000,743,936 | ---- | M] (Ufasoft) -- H:\Windows\ufa\ufa.exe
PRC - [2011.05.27 07:02:03 | 000,941,936 | ---- | M] (Opera Software) -- H:\Program Files (x86)\Opera\opera.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- H:\Program Files (x86)\ICQ7.0\ICQ.exe
PRC - [2010.11.21 13:18:26 | 000,075,136 | ---- | M] () -- H:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.06.07 12:35:35 | 000,618,496 | ---- | M] () -- H:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2010.04.12 23:56:48 | 000,246,520 | ---- | M] () -- H:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.08 08:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- H:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009.08.24 19:17:44 | 000,196,608 | ---- | M] (BlueShareware.com) -- H:\Program Files (x86)\Bluetooth PC Dialer\BluetoothPCDialer.exe
PRC - [2009.01.15 19:42:46 | 007,430,144 | ---- | M] (OpenOffice.org) -- H:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.15 19:42:44 | 007,434,240 | ---- | M] (OpenOffice.org) -- H:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
========== Modules (No Company Name) ==========
MOD - [2011.08.03 10:16:05 | 014,401,832 | ---- | M] () -- H:\games\bin\libcef.dll
MOD - [2011.08.03 10:15:59 | 000,914,216 | ---- | M] () -- H:\games\bin\avcodec-52.dll
MOD - [2011.08.03 10:15:59 | 000,190,248 | ---- | M] () -- H:\games\bin\chromehtml.dll
MOD - [2011.08.03 10:15:59 | 000,155,432 | ---- | M] () -- H:\games\bin\avformat-52.dll
MOD - [2011.08.03 10:15:59 | 000,091,432 | ---- | M] () -- H:\games\bin\avutil-50.dll
MOD - [2011.05.27 07:02:18 | 000,275,968 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2011.05.27 07:02:18 | 000,078,336 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2011.05.27 07:02:18 | 000,064,000 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2011.05.27 07:02:18 | 000,046,592 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2011.05.27 07:02:17 | 000,776,704 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2011.05.27 07:02:17 | 000,316,928 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2011.05.27 07:02:17 | 000,168,448 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2011.05.27 07:02:17 | 000,106,496 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreelements.dll
MOD - [2011.05.27 07:02:17 | 000,098,816 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2011.05.27 07:02:17 | 000,098,816 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2011.05.27 07:02:17 | 000,076,800 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2011.05.27 07:02:17 | 000,068,608 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2011.05.27 07:02:17 | 000,045,568 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2011.01.05 10:18:56 | 000,733,184 | ---- | M] () -- H:\Program Files (x86)\ICQ7.0\MDb.dll
MOD - [2010.06.07 12:35:35 | 000,618,496 | ---- | M] () -- H:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009.01.14 21:23:42 | 000,963,072 | ---- | M] () -- H:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.02.11 07:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- H:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.08.20 09:35:08 | 000,382,464 | ---- | M] () [Auto | Running] -- H:\Windows\update.7.1\svchostdriver.exe -- (ddservice)
SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- H:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.03 10:16:06 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.13 19:54:34 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- H:\Program Files (x86)\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011.07.04 18:06:30 | 000,214,520 | ---- | M] () [Auto | Running] -- H:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011.03.01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- H:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.01.28 05:28:30 | 003,988,144 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- H:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.11.21 13:18:26 | 000,075,136 | ---- | M] () [Auto | Running] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.04.12 23:56:48 | 000,246,520 | ---- | M] () [Auto | Running] -- H:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- H:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.07.26 11:39:12 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- H:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.03 13:34:12 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.27 21:44:18 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- H:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.04.05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.03.16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- H:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.02.22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.02.10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.01.07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- H:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010.02.11 09:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.02.03 16:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.11.19 15:06:43 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.11.19 15:06:43 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2009.11.19 15:06:43 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.11.19 15:06:41 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.11.19 15:06:40 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2009.11.19 15:06:39 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2009.11.19 15:06:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV:64bit: - [2009.09.29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009.09.29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009.09.29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009.09.24 13:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009.09.24 05:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- H:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009.08.26 11:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.29 02:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- H:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- H:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 92 6F C5 66 B8 CA 01 [binary data]
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {DDABDBA1-2377-4A30-A027-25697B99E254}:3.1
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ff ... mid=101&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:9000/proxy.pac"
FF - prefs.js..network.proxy.type: 0
FF - user.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: H:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: H:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: H:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: H:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: H:\PROGRA~1\AVASTS~1\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: H:\Program Files (x86)\Mozilla Firefox\components [2011.05.15 17:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: H:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.29 14:08:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com [2011.07.17 13:53:59 | 000,000,000 | ---D | M]
[2011.07.17 13:54:31 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Josef\AppData\Roaming\Mozilla\Extensions
[2011.08.15 22:45:19 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions
[2011.07.17 13:54:18 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.08.15 14:51:12 | 000,000,000 | ---D | M] (Brothersoft Community Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
[2011.07.23 12:07:08 | 000,000,000 | ---D | M] (Seznam lištička) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2011.08.15 22:45:19 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010.05.10 10:12:48 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\battlefieldheroespatcher@ea.com
[2011.03.29 20:14:51 | 000,000,000 | ---D | M] (Conduit Engine) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com
[2011.07.17 13:53:59 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com
[2010.09.06 17:42:47 | 000,000,000 | ---D | M] (Illimitux) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\illimitux@illimitux.net
[2010.08.26 13:15:12 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\radiobar@toolbar
[2011.08.08 20:21:56 | 000,000,000 | ---D | M] ("Ask Toolbar") -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com
[2011.08.22 16:18:00 | 000,002,395 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\askcom.xml
[2010.01.20 13:13:52 | 000,000,921 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\conduit.xml
[2011.02.03 13:41:28 | 000,002,059 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\daemon-search.xml
[2011.08.16 16:29:18 | 000,000,945 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\icqplugin.xml
[2011.02.26 21:13:16 | 000,002,374 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\search.xml
[2011.07.17 13:54:09 | 000,002,501 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\SearchResults.xml
[2011.07.17 13:54:31 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2010.12.22 21:15:50 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.29 18:57:36 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011.03.29 18:57:36 | 000,000,000 | ---D | M] (Seznam lištička) -- H:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) --
[2011.07.17 13:54:31 | 000,000,000 | ---D | M] (DataMngr) -- H:\PROGRAM FILES (X86)\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
() (No name found) -- H:\USERS\JOSEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XHY3RGC4.DEFAULT\EXTENSIONS\{DDABDBA1-2377-4A30-A027-25697B99E254}.XPI
[2011.05.15 17:35:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.28 19:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.07.17 13:54:09 | 000,002,501 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2011.08.22 19:25:32 | 000,000,726 | ---- | M]) - H:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found
O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O2 - BHO: (Hot MP3 Toolbar) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - H:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O3 - HKLM\..\Toolbar: (Hot MP3 Toolbar) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (Hot MP3 Toolbar) - {9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] H:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] H:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] H:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] H:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [11002160-loader2.exe] H:\Windows\Temp\11002160-loader2.exe ()
O4 - HKLM..\Run: [20167167-loader2.exe] H:\Windows\Temp\20167167-loader2.exe ()
O4 - HKLM..\Run: [23519038-loader2.exe] H:\Windows\Temp\23519038-loader2.exe ()
O4 - HKLM..\Run: [2809727-loader2.exe] H:\Windows\Temp\2809727-loader2.exe ()
O4 - HKLM..\Run: [29461405-loader2.exe] H:\Users\Josef\AppData\Local\Temp\29461405-loader2.exe ()
O4 - HKLM..\Run: [36151428-loader2.exe] H:\Windows\Temp\36151428-loader2.exe ()
O4 - HKLM..\Run: [3757569.exe] H:\Windows\Temp\3757569.exe ()
O4 - HKLM..\Run: [3991055.exe] H:\Users\Josef\AppData\Local\Temp\3991055.exe ()
O4 - HKLM..\Run: [42677668-loader2.exe] H:\Windows\Temp\42677668-loader2.exe ()
O4 - HKLM..\Run: [46035077-loader2.exe] H:\Windows\Temp\46035077-loader2.exe ()
O4 - HKLM..\Run: [46359562-loader2.exe] H:\Windows\Temp\46359562-loader2.exe ()
O4 - HKLM..\Run: [4StoryPrePatch] H:\Program Files (x86)\4Storko\PrePatch.exe (Zamiinc)
O4 - HKLM..\Run: [5157460-loader2.exe] H:\Windows\TEMP\5157460-loader2.exe ()
O4 - HKLM..\Run: [55220678-loader2.exe] H:\Windows\Temp\55220678-loader2.exe ()
O4 - HKLM..\Run: [5651145.exe] H:\Windows\Temp\5651145.exe ()
O4 - HKLM..\Run: [57123688-loader2.exe] H:\Windows\Temp\57123688-loader2.exe ()
O4 - HKLM..\Run: [6174124.exe] H:\Windows\Temp\6174124.exe ()
O4 - HKLM..\Run: [65913245-loader2.exe] H:\Windows\Temp\65913245-loader2.exe ()
O4 - HKLM..\Run: [68897641-loader2.exe] H:\Windows\Temp\68897641-loader2.exe ()
O4 - HKLM..\Run: [72619303-loader2.exe] H:\Windows\Temp\72619303-loader2.exe ()
O4 - HKLM..\Run: [82227236-loader2.exe] H:\Windows\Temp\82227236-loader2.exe ()
O4 - HKLM..\Run: [90226483-loader2.exe] H:\Windows\Temp\90226483-loader2.exe ()
O4 - HKLM..\Run: [90841799-loader2.exe] H:\Windows\Temp\90841799-loader2.exe ()
O4 - HKLM..\Run: [97917401-loader2.exe] H:\Users\Josef\AppData\Local\Temp\97917401-loader2.exe ()
O4 - HKLM..\Run: [avast] File not found
O4 - HKLM..\Run: [DATAMNGR] H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [l1rezerv.exe] H:\Windows\l1rezerv.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] H:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] H:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [sysdriver32.exe] H:\Windows\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] H:\Windows\sysdriver32_.exe ()
O4 - HKLM..\Run: [systemup] H:\Windows\systemup.exe ()
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] H:\Windows\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] H:\Windows\update.tray-12-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [wxpdrv] H:\Windows\services32.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [DAEMON Tools Lite] H:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [DAEMON Tools Pro Agent] H:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [FlashGet 3] File not found
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [ICQ] H:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [IpSharkk] File not found
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [NVIDIA driver monitor] File not found
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [Pando Media Booster] H:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [Sony Ericsson PC Companion] H:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [Steam] h:\games\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [uTorrent] H:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [Windows Update] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: H:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth PC Dialer.lnk = H:\Program Files (x86)\Bluetooth PC Dialer\BluetoothPCDialer.exe (BlueShareware.com)
O4 - Startup: H:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = H:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O8:64bit: - Extra context menu item: 使用快车3下载 - H:\Users\Josef\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - H:\Users\Josef\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - H:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: 使用快车3下载 - H:\Users\Josef\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - H:\Users\Josef\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - H:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - H:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (H:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (H:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (h:\progra~2\wia6eb~1\datamngr\datamngr.dll) - h:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (h:\progra~2\wia6eb~1\datamngr\iebho.dll) - h:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (h:\progra~2\bandoo\bndhook.dll) - h:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (H:\Windows\system32\userinit.exe) - H:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - H:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - H:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.24 03:46:54 | 000,000,046 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3423ed64-ade5-11e0-a33b-a6b5f4e3c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{3423ed64-ade5-11e0-a33b-a6b5f4e3c2d1}\Shell\AutoRun\command - "" = L:\LGAutoRun.exe
O33 - MountPoints2\{3ee071fc-2456-11df-a478-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3ee071fc-2456-11df-a478-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LGInstaller.exe -- [2010.02.22 06:51:44 | 000,519,680 | R--- | M] ()
O33 - MountPoints2\{3f5975c0-fe15-11df-9f33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3f5975c0-fe15-11df-9f33-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe
O33 - MountPoints2\{6da4121c-b76a-11e0-b08f-a6b5f4e3c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{6da4121c-b76a-11e0-b08f-a6b5f4e3c2d1}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{82fbfa9b-89cc-11e0-b401-a6b5f4e3c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{82fbfa9b-89cc-11e0-b401-a6b5f4e3c2d1}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{e1f37fa5-b5c9-11e0-9b33-a6b5f4e3c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{e1f37fa5-b5c9-11e0-9b33-a6b5f4e3c2d1}\Shell\AutoRun\command - "" = D:\autoplay.exe
O33 - MountPoints2\{eb968a8c-8899-11e0-8d72-a6b5f4e3c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{eb968a8c-8899-11e0-8d72-a6b5f4e3c2d1}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"English" /KBD:2 /wow /dir:"H:\PROGRA~1\AVASTS~1\Avast\defs\11070401") - H:\Windows\SysWow64\aswBoot.exe (AVAST Software)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
OTL logfile created on: 22.8.2011 19:48:31 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = H:\Users\Josef\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,97 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,83% Memory free
3,93 Gb Paging File | 2,19 Gb Available in Paging File | 55,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive G: | 136,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 465,75 Gb Total Space | 5,07 Gb Free Space | 1,09% Space Free | Partition Type: NTFS
Computer Name: JOSEF-PC | User Name: Josef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.08.22 19:32:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- H:\Users\Josef\Desktop\OTL.exe
PRC - [2011.08.20 09:35:08 | 000,382,464 | ---- | M] () -- H:\Windows\update.7.1\svchostdriver.exe
PRC - [2011.08.02 10:06:18 | 001,242,448 | ---- | M] (Valve Corporation) -- H:\games\steam.exe
PRC - [2011.07.13 19:54:34 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- H:\Program Files (x86)\Bandoo\Bandoo.exe
PRC - [2011.07.13 17:47:23 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.07.04 18:06:30 | 000,214,520 | ---- | M] () -- H:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011.06.29 12:20:24 | 000,743,936 | ---- | M] (Ufasoft) -- H:\Windows\ufa\ufa.exe
PRC - [2011.05.27 07:02:03 | 000,941,936 | ---- | M] (Opera Software) -- H:\Program Files (x86)\Opera\opera.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- H:\Program Files (x86)\ICQ7.0\ICQ.exe
PRC - [2010.11.21 13:18:26 | 000,075,136 | ---- | M] () -- H:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.06.07 12:35:35 | 000,618,496 | ---- | M] () -- H:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2010.04.12 23:56:48 | 000,246,520 | ---- | M] () -- H:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.08 08:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- H:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009.08.24 19:17:44 | 000,196,608 | ---- | M] (BlueShareware.com) -- H:\Program Files (x86)\Bluetooth PC Dialer\BluetoothPCDialer.exe
PRC - [2009.01.15 19:42:46 | 007,430,144 | ---- | M] (OpenOffice.org) -- H:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.15 19:42:44 | 007,434,240 | ---- | M] (OpenOffice.org) -- H:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
========== Modules (No Company Name) ==========
MOD - [2011.08.03 10:16:05 | 014,401,832 | ---- | M] () -- H:\games\bin\libcef.dll
MOD - [2011.08.03 10:15:59 | 000,914,216 | ---- | M] () -- H:\games\bin\avcodec-52.dll
MOD - [2011.08.03 10:15:59 | 000,190,248 | ---- | M] () -- H:\games\bin\chromehtml.dll
MOD - [2011.08.03 10:15:59 | 000,155,432 | ---- | M] () -- H:\games\bin\avformat-52.dll
MOD - [2011.08.03 10:15:59 | 000,091,432 | ---- | M] () -- H:\games\bin\avutil-50.dll
MOD - [2011.05.27 07:02:18 | 000,275,968 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2011.05.27 07:02:18 | 000,078,336 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2011.05.27 07:02:18 | 000,064,000 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2011.05.27 07:02:18 | 000,046,592 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2011.05.27 07:02:17 | 000,776,704 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2011.05.27 07:02:17 | 000,316,928 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2011.05.27 07:02:17 | 000,168,448 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2011.05.27 07:02:17 | 000,106,496 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreelements.dll
MOD - [2011.05.27 07:02:17 | 000,098,816 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2011.05.27 07:02:17 | 000,098,816 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2011.05.27 07:02:17 | 000,076,800 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2011.05.27 07:02:17 | 000,068,608 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2011.05.27 07:02:17 | 000,045,568 | ---- | M] () -- H:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2011.01.05 10:18:56 | 000,733,184 | ---- | M] () -- H:\Program Files (x86)\ICQ7.0\MDb.dll
MOD - [2010.06.07 12:35:35 | 000,618,496 | ---- | M] () -- H:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009.01.14 21:23:42 | 000,963,072 | ---- | M] () -- H:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.02.11 07:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- H:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.08.20 09:35:08 | 000,382,464 | ---- | M] () [Auto | Running] -- H:\Windows\update.7.1\svchostdriver.exe -- (ddservice)
SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- H:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.03 10:16:06 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.13 19:54:34 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- H:\Program Files (x86)\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011.07.04 18:06:30 | 000,214,520 | ---- | M] () [Auto | Running] -- H:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011.03.01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- H:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.01.28 05:28:30 | 003,988,144 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- H:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.11.21 13:18:26 | 000,075,136 | ---- | M] () [Auto | Running] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.04.12 23:56:48 | 000,246,520 | ---- | M] () [Auto | Running] -- H:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- H:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.07.26 11:39:12 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- H:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.03 13:34:12 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.27 21:44:18 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- H:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.04.05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.03.16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- H:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.02.22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.02.10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.01.07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- H:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010.02.11 09:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.02.03 16:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.11.19 15:06:43 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.11.19 15:06:43 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2009.11.19 15:06:43 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.11.19 15:06:41 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.11.19 15:06:40 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2009.11.19 15:06:39 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2009.11.19 15:06:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV:64bit: - [2009.09.29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009.09.29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009.09.29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009.09.24 13:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009.09.24 05:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- H:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009.08.26 11:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- H:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.29 02:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- H:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- H:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 92 6F C5 66 B8 CA 01 [binary data]
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {DDABDBA1-2377-4A30-A027-25697B99E254}:3.1
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ff ... mid=101&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:9000/proxy.pac"
FF - prefs.js..network.proxy.type: 0
FF - user.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: H:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: H:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: H:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: H:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: H:\PROGRA~1\AVASTS~1\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: H:\Program Files (x86)\Mozilla Firefox\components [2011.05.15 17:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: H:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.29 14:08:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com [2011.07.17 13:53:59 | 000,000,000 | ---D | M]
[2011.07.17 13:54:31 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Josef\AppData\Roaming\Mozilla\Extensions
[2011.08.15 22:45:19 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions
[2011.07.17 13:54:18 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.08.15 14:51:12 | 000,000,000 | ---D | M] (Brothersoft Community Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
[2011.07.23 12:07:08 | 000,000,000 | ---D | M] (Seznam lištička) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2011.08.15 22:45:19 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010.05.10 10:12:48 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\battlefieldheroespatcher@ea.com
[2011.03.29 20:14:51 | 000,000,000 | ---D | M] (Conduit Engine) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com
[2011.07.17 13:53:59 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com
[2010.09.06 17:42:47 | 000,000,000 | ---D | M] (Illimitux) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\illimitux@illimitux.net
[2010.08.26 13:15:12 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\radiobar@toolbar
[2011.08.08 20:21:56 | 000,000,000 | ---D | M] ("Ask Toolbar") -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com
[2011.08.22 16:18:00 | 000,002,395 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\askcom.xml
[2010.01.20 13:13:52 | 000,000,921 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\conduit.xml
[2011.02.03 13:41:28 | 000,002,059 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\daemon-search.xml
[2011.08.16 16:29:18 | 000,000,945 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\icqplugin.xml
[2011.02.26 21:13:16 | 000,002,374 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\search.xml
[2011.07.17 13:54:09 | 000,002,501 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\SearchResults.xml
[2011.07.17 13:54:31 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2010.12.22 21:15:50 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.29 18:57:36 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011.03.29 18:57:36 | 000,000,000 | ---D | M] (Seznam lištička) -- H:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) --
[2011.07.17 13:54:31 | 000,000,000 | ---D | M] (DataMngr) -- H:\PROGRAM FILES (X86)\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
() (No name found) -- H:\USERS\JOSEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XHY3RGC4.DEFAULT\EXTENSIONS\{DDABDBA1-2377-4A30-A027-25697B99E254}.XPI
[2011.05.15 17:35:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.28 19:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.07.17 13:54:09 | 000,002,501 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2011.08.22 19:25:32 | 000,000,726 | ---- | M]) - H:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found
O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O2 - BHO: (Hot MP3 Toolbar) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - H:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O3 - HKLM\..\Toolbar: (Hot MP3 Toolbar) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (Hot MP3 Toolbar) - {9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] H:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] H:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] H:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] H:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [11002160-loader2.exe] H:\Windows\Temp\11002160-loader2.exe ()
O4 - HKLM..\Run: [20167167-loader2.exe] H:\Windows\Temp\20167167-loader2.exe ()
O4 - HKLM..\Run: [23519038-loader2.exe] H:\Windows\Temp\23519038-loader2.exe ()
O4 - HKLM..\Run: [2809727-loader2.exe] H:\Windows\Temp\2809727-loader2.exe ()
O4 - HKLM..\Run: [29461405-loader2.exe] H:\Users\Josef\AppData\Local\Temp\29461405-loader2.exe ()
O4 - HKLM..\Run: [36151428-loader2.exe] H:\Windows\Temp\36151428-loader2.exe ()
O4 - HKLM..\Run: [3757569.exe] H:\Windows\Temp\3757569.exe ()
O4 - HKLM..\Run: [3991055.exe] H:\Users\Josef\AppData\Local\Temp\3991055.exe ()
O4 - HKLM..\Run: [42677668-loader2.exe] H:\Windows\Temp\42677668-loader2.exe ()
O4 - HKLM..\Run: [46035077-loader2.exe] H:\Windows\Temp\46035077-loader2.exe ()
O4 - HKLM..\Run: [46359562-loader2.exe] H:\Windows\Temp\46359562-loader2.exe ()
O4 - HKLM..\Run: [4StoryPrePatch] H:\Program Files (x86)\4Storko\PrePatch.exe (Zamiinc)
O4 - HKLM..\Run: [5157460-loader2.exe] H:\Windows\TEMP\5157460-loader2.exe ()
O4 - HKLM..\Run: [55220678-loader2.exe] H:\Windows\Temp\55220678-loader2.exe ()
O4 - HKLM..\Run: [5651145.exe] H:\Windows\Temp\5651145.exe ()
O4 - HKLM..\Run: [57123688-loader2.exe] H:\Windows\Temp\57123688-loader2.exe ()
O4 - HKLM..\Run: [6174124.exe] H:\Windows\Temp\6174124.exe ()
O4 - HKLM..\Run: [65913245-loader2.exe] H:\Windows\Temp\65913245-loader2.exe ()
O4 - HKLM..\Run: [68897641-loader2.exe] H:\Windows\Temp\68897641-loader2.exe ()
O4 - HKLM..\Run: [72619303-loader2.exe] H:\Windows\Temp\72619303-loader2.exe ()
O4 - HKLM..\Run: [82227236-loader2.exe] H:\Windows\Temp\82227236-loader2.exe ()
O4 - HKLM..\Run: [90226483-loader2.exe] H:\Windows\Temp\90226483-loader2.exe ()
O4 - HKLM..\Run: [90841799-loader2.exe] H:\Windows\Temp\90841799-loader2.exe ()
O4 - HKLM..\Run: [97917401-loader2.exe] H:\Users\Josef\AppData\Local\Temp\97917401-loader2.exe ()
O4 - HKLM..\Run: [avast] File not found
O4 - HKLM..\Run: [DATAMNGR] H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [l1rezerv.exe] H:\Windows\l1rezerv.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] H:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] H:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [sysdriver32.exe] H:\Windows\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] H:\Windows\sysdriver32_.exe ()
O4 - HKLM..\Run: [systemup] H:\Windows\systemup.exe ()
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] H:\Windows\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] H:\Windows\update.tray-12-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [wxpdrv] H:\Windows\services32.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [DAEMON Tools Lite] H:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [DAEMON Tools Pro Agent] H:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [FlashGet 3] File not found
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [ICQ] H:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [IpSharkk] File not found
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [NVIDIA driver monitor] File not found
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [Pando Media Booster] H:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [Sony Ericsson PC Companion] H:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [Steam] h:\games\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [uTorrent] H:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [Windows Update] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: H:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth PC Dialer.lnk = H:\Program Files (x86)\Bluetooth PC Dialer\BluetoothPCDialer.exe (BlueShareware.com)
O4 - Startup: H:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = H:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O8:64bit: - Extra context menu item: 使用快车3下载 - H:\Users\Josef\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - H:\Users\Josef\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - H:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: 使用快车3下载 - H:\Users\Josef\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - H:\Users\Josef\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - H:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - H:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (H:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (H:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (h:\progra~2\wia6eb~1\datamngr\datamngr.dll) - h:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (h:\progra~2\wia6eb~1\datamngr\iebho.dll) - h:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (h:\progra~2\bandoo\bndhook.dll) - h:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (H:\Windows\system32\userinit.exe) - H:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - H:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - H:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.24 03:46:54 | 000,000,046 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3423ed64-ade5-11e0-a33b-a6b5f4e3c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{3423ed64-ade5-11e0-a33b-a6b5f4e3c2d1}\Shell\AutoRun\command - "" = L:\LGAutoRun.exe
O33 - MountPoints2\{3ee071fc-2456-11df-a478-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3ee071fc-2456-11df-a478-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LGInstaller.exe -- [2010.02.22 06:51:44 | 000,519,680 | R--- | M] ()
O33 - MountPoints2\{3f5975c0-fe15-11df-9f33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3f5975c0-fe15-11df-9f33-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe
O33 - MountPoints2\{6da4121c-b76a-11e0-b08f-a6b5f4e3c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{6da4121c-b76a-11e0-b08f-a6b5f4e3c2d1}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{82fbfa9b-89cc-11e0-b401-a6b5f4e3c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{82fbfa9b-89cc-11e0-b401-a6b5f4e3c2d1}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{e1f37fa5-b5c9-11e0-9b33-a6b5f4e3c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{e1f37fa5-b5c9-11e0-9b33-a6b5f4e3c2d1}\Shell\AutoRun\command - "" = D:\autoplay.exe
O33 - MountPoints2\{eb968a8c-8899-11e0-8d72-a6b5f4e3c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{eb968a8c-8899-11e0-8d72-a6b5f4e3c2d1}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"English" /KBD:2 /wow /dir:"H:\PROGRA~1\AVASTS~1\Avast\defs\11070401") - H:\Windows\SysWow64\aswBoot.exe (AVAST Software)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Re: FcB virus.
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs:64bit: AppMgmt - H:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - H:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - H:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.CFHD - H:\Windows\SysWow64\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - H:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - H:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FMVC - H:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - H:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - H:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - H:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - H:\Windows\SysWow64\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to H:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2011.08.22 19:32:49 | 000,580,096 | ---- | C] (OldTimer Tools) -- H:\Users\Josef\Desktop\OTL.exe
[2011.08.22 19:22:45 | 000,000,000 | ---D | C] -- H:\Users\Josef\Desktop\RK_Quarantine
[2011.08.22 18:43:17 | 000,000,000 | ---D | C] -- H:\Program Files\trend micro
[2011.08.22 18:43:17 | 000,000,000 | ---D | C] -- H:\rsit
[2011.08.21 22:12:41 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\IP Changer Premium
[2011.08.21 20:24:20 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.08.21 12:17:37 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-12-0-lnk
[2011.08.21 12:17:37 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-12-0
[2011.08.21 12:03:45 | 000,000,000 | -H-D | C] -- H:\ProgramData\Common Files
[2011.08.21 12:03:39 | 000,000,000 | ---D | C] -- H:\ProgramData\MFAData
[2011.08.21 12:03:31 | 005,570,224 | ---- | C] (AVG Technologies) -- H:\Users\Josef\Desktop\avg_free_stb_eu_2011_1391_free.exe
[2011.08.21 11:43:18 | 000,600,920 | ---- | C] (AVAST Software) -- H:\Windows\SysNative\drivers\aswSnx.sys
[2011.08.20 09:56:42 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\AMD APP
[2011.08.20 09:38:24 | 000,000,000 | ---D | C] -- H:\Windows\ufa
[2011.08.20 09:38:24 | 000,000,000 | ---D | C] -- H:\Windows\rpcminer
[2011.08.20 09:38:24 | 000,000,000 | ---D | C] -- H:\Windows\phoenix
[2011.08.20 09:35:59 | 000,000,000 | -H-D | C] -- H:\Windows\update.5.0
[2011.08.20 09:35:27 | 000,000,000 | -H-D | C] -- H:\Windows\update.2
[2011.08.20 09:35:09 | 000,000,000 | -H-D | C] -- H:\Windows\update.7.1
[2011.08.20 09:30:52 | 000,000,000 | ---D | C] -- H:\Windows\av_ico
[2011.08.20 09:29:20 | 000,000,000 | -H-D | C] -- H:\Windows\update.1
[2011.08.20 09:29:19 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-7-0-lnk
[2011.08.20 09:29:19 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-7-0
[1 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
[1 H:\Windows\SysNative\drivers\*.tmp files -> H:\Windows\SysNative\drivers\*.tmp -> ]
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.08.22 19:50:00 | 000,000,512 | ---- | M] () -- H:\PhysicalMBR.bin
[2011.08.22 19:49:03 | 000,000,286 | -H-- | M] () -- H:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.08.22 19:35:00 | 000,000,950 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.22 19:32:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- H:\Users\Josef\Desktop\OTL.exe
[2011.08.22 19:25:32 | 000,000,726 | ---- | M] () -- H:\Windows\SysNative\drivers\etc\hosts
[2011.08.22 19:18:40 | 000,569,856 | ---- | M] () -- H:\Users\Josef\Desktop\RogueKiller.exe
[2011.08.22 18:42:13 | 000,935,175 | ---- | M] () -- H:\Users\Josef\Desktop\RSITx64.exe
[2011.08.22 18:26:15 | 000,014,224 | -H-- | M] () -- H:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 18:26:15 | 000,014,224 | -H-- | M] () -- H:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 18:19:50 | 005,589,370 | ---- | M] () -- H:\Windows\phoenix.rar
[2011.08.22 18:19:50 | 001,075,284 | ---- | M] () -- H:\Windows\rpcminer.rar
[2011.08.22 18:19:50 | 000,246,272 | ---- | M] () -- H:\Windows\unrar.exe
[2011.08.22 18:19:50 | 000,182,617 | ---- | M] () -- H:\Windows\ufa.rar
[2011.08.22 18:19:48 | 000,001,937 | ---- | M] () -- H:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.08.22 18:18:52 | 000,000,734 | ---- | M] () -- H:\Windows\SysNative\drivers\etc\hîsts
[2011.08.22 18:18:28 | 000,000,946 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.22 18:18:25 | 000,000,458 | ---- | M] () -- H:\Windows\tasks\RegPowerClean.job
[2011.08.22 18:18:14 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2011.08.22 18:18:11 | 1583,177,728 | -HS- | M] () -- H:\hiberfil.sys
[2011.08.22 16:07:54 | 000,051,078 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\room_v3.dat
[2011.08.22 15:11:52 | 000,000,202 | ---- | M] () -- H:\Windows\info1
[2011.08.22 15:11:51 | 000,137,728 | ---- | M] () -- H:\Windows\systemup.exe
[2011.08.21 22:15:47 | 000,332,524 | ---- | M] () -- H:\Users\Josef\Desktop\FastIPChangerV1.8 Beta release 4.zip
[2011.08.21 20:24:12 | 000,000,000 | ---- | M] () -- H:\Windows\SysWow64\config.nt
[2011.08.21 12:03:36 | 005,570,224 | ---- | M] (AVG Technologies) -- H:\Users\Josef\Desktop\avg_free_stb_eu_2011_1391_free.exe
[2011.08.21 11:41:26 | 056,167,608 | ---- | M] () -- H:\Users\Josef\Desktop\setup_av_free.exe
[2011.08.20 09:36:29 | 000,232,960 | ---- | M] () -- H:\Windows\l1rezerv.exe
[2011.08.20 09:33:31 | 000,904,792 | ---- | M] () -- H:\Windows\geoiplist.rar
[2011.08.20 09:32:04 | 000,000,000 | ---- | M] () -- H:\Windows\loader2.exe_ok
[2011.08.20 09:31:10 | 000,258,048 | ---- | M] () -- H:\Windows\sysdriver32_.exe
[2011.08.20 09:31:10 | 000,258,048 | ---- | M] () -- H:\Windows\sysdriver32.exe
[2011.08.20 09:17:17 | 001,182,208 | ---- | M] () -- H:\Windows\services32.exe
[2011.08.20 09:17:17 | 001,182,208 | ---- | M] () -- H:\Users\Josef\Desktop\Flash-Player.exe
[2011.08.18 21:33:01 | 176,664,241 | ---- | M] () -- H:\Users\Josef\Desktop\soundtrack-henry-proper.rar
[2011.08.18 21:13:34 | 058,327,040 | ---- | M] () -- H:\Users\Josef\Desktop\Henry-Proper-SOUNDTRACK.rar
[2011.08.18 19:47:45 | 1682,972,992 | ---- | M] () -- H:\Users\Josef\Desktop\Henry-Proper-a-Šutr-mudrců---Vyborná-kvalita-by-Reznik.avi
[2011.08.18 16:34:48 | 1112,764,416 | ---- | M] () -- H:\Users\Josef\Desktop\Harry-Potter---Tajemství-zvětšujících-se-slipů.avi
[2011.08.18 14:44:11 | 010,069,850 | ---- | M] () -- H:\Users\Josef\Desktop\Rusko Everyday (Netsky Remix).mp3
[2011.08.18 14:08:02 | 000,091,191 | ---- | M] () -- H:\Users\Josef\Desktop\Ukf_Dnb_Logo.jpg
[1 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
[1 H:\Windows\SysNative\drivers\*.tmp files -> H:\Windows\SysNative\drivers\*.tmp -> ]
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.08.22 19:37:18 | 000,000,512 | ---- | C] () -- H:\PhysicalMBR.bin
[2011.08.22 19:18:39 | 000,569,856 | ---- | C] () -- H:\Users\Josef\Desktop\RogueKiller.exe
[2011.08.22 18:42:11 | 000,935,175 | ---- | C] () -- H:\Users\Josef\Desktop\RSITx64.exe
[2011.08.22 10:53:56 | 000,137,728 | ---- | C] () -- H:\Windows\systemup.exe
[2011.08.21 22:15:47 | 000,332,524 | ---- | C] () -- H:\Users\Josef\Desktop\FastIPChangerV1.8 Beta release 4.zip
[2011.08.21 20:24:20 | 000,001,937 | ---- | C] () -- H:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.08.21 11:40:14 | 056,167,608 | ---- | C] () -- H:\Users\Josef\Desktop\setup_av_free.exe
[2011.08.20 09:38:23 | 005,589,370 | ---- | C] () -- H:\Windows\phoenix.rar
[2011.08.20 09:38:23 | 001,075,284 | ---- | C] () -- H:\Windows\rpcminer.rar
[2011.08.20 09:38:23 | 000,182,617 | ---- | C] () -- H:\Windows\ufa.rar
[2011.08.20 09:36:33 | 000,232,960 | ---- | C] () -- H:\Windows\l1rezerv.exe
[2011.08.20 09:35:09 | 000,000,202 | ---- | C] () -- H:\Windows\info1
[2011.08.20 09:33:33 | 004,636,907 | ---- | C] () -- H:\Windows\geoiplist
[2011.08.20 09:33:31 | 000,904,792 | ---- | C] () -- H:\Windows\geoiplist.rar
[2011.08.20 09:33:31 | 000,246,272 | ---- | C] () -- H:\Windows\unrar.exe
[2011.08.20 09:31:59 | 000,000,000 | ---- | C] () -- H:\Windows\loader2.exe_ok
[2011.08.20 09:31:56 | 000,258,048 | ---- | C] () -- H:\Windows\sysdriver32_.exe
[2011.08.20 09:31:42 | 000,258,048 | ---- | C] () -- H:\Windows\sysdriver32.exe
[2011.08.20 09:18:06 | 001,182,208 | ---- | C] () -- H:\Windows\services32.exe
[2011.08.20 09:17:12 | 001,182,208 | ---- | C] () -- H:\Users\Josef\Desktop\Flash-Player.exe
[2011.08.18 21:21:53 | 176,664,241 | ---- | C] () -- H:\Users\Josef\Desktop\soundtrack-henry-proper.rar
[2011.08.18 21:10:17 | 058,327,040 | ---- | C] () -- H:\Users\Josef\Desktop\Henry-Proper-SOUNDTRACK.rar
[2011.08.18 18:13:22 | 1682,972,992 | ---- | C] () -- H:\Users\Josef\Desktop\Henry-Proper-a-Šutr-mudrců---Vyborná-kvalita-by-Reznik.avi
[2011.08.18 15:20:48 | 1112,764,416 | ---- | C] () -- H:\Users\Josef\Desktop\Harry-Potter---Tajemství-zvětšujících-se-slipů.avi
[2011.08.18 14:43:59 | 010,069,850 | ---- | C] () -- H:\Users\Josef\Desktop\Rusko Everyday (Netsky Remix).mp3
[2011.08.18 14:08:02 | 000,091,191 | ---- | C] () -- H:\Users\Josef\Desktop\Ukf_Dnb_Logo.jpg
[2011.08.04 23:51:26 | 000,048,670 | ---- | C] () -- H:\Windows\War3Unin.dat
[2011.05.27 23:05:21 | 000,051,078 | ---- | C] () -- H:\Users\Josef\AppData\Roaming\room_v3.dat
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- H:\Windows\SysWow64\OVDecode.dll
[2011.03.22 19:39:35 | 000,046,742 | ---- | C] () -- H:\Users\Josef\AppData\Roaming\room.dat
[2011.03.01 16:14:44 | 000,482,408 | ---- | C] () -- H:\Windows\ssndii.exe
[2011.02.12 23:34:23 | 000,000,888 | ---- | C] () -- H:\Users\Josef\AppData\Local\SRDownloader.nast
[2010.12.08 17:09:04 | 000,005,120 | ---- | C] () -- H:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.21 22:32:56 | 000,000,146 | ---- | C] () -- H:\Windows\XIIIHooligans.ini
[2010.08.18 09:05:56 | 000,000,248 | ---- | C] () -- H:\Windows\SysWow64\secustat.dat
[2010.08.18 08:57:58 | 000,000,305 | ---- | C] () -- H:\Windows\SysWow64\secushr.dat
[2010.08.18 08:57:30 | 000,000,025 | ---- | C] () -- H:\Windows\libem.INI
[2010.08.17 10:53:29 | 000,794,408 | ---- | C] () -- H:\Windows\SysWow64\pbsvc(2).exe
[2010.07.29 09:42:04 | 000,021,840 | ---- | C] () -- H:\Windows\SysWow64\SIntfNT.dll
[2010.07.29 09:42:04 | 000,017,212 | ---- | C] () -- H:\Windows\SysWow64\SIntf32.dll
[2010.07.29 09:42:04 | 000,012,067 | ---- | C] () -- H:\Windows\SysWow64\SIntf16.dll
[2010.07.21 16:34:58 | 000,043,520 | ---- | C] () -- H:\Windows\SysWow64\CmdLineExt03.dll
[2010.06.30 19:04:19 | 000,000,023 | ---- | C] () -- H:\Windows\BlendSettings.ini
[2010.06.19 22:33:50 | 000,098,404 | ---- | C] () -- H:\Windows\Yang-Hack.exe
[2010.06.12 19:51:50 | 000,004,096 | ---- | C] () -- H:\Windows\d3dx.dat
[2010.05.20 19:12:27 | 000,214,520 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2010.05.20 19:12:25 | 000,075,136 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2010.05.10 10:23:49 | 002,427,248 | ---- | C] () -- H:\Windows\SysWow64\pbsvc_heroes.exe
[2010.02.28 23:13:23 | 000,000,093 | ---- | C] () -- H:\Users\Josef\AppData\Local\fusioncache.dat
[2010.02.28 15:35:49 | 001,582,918 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.28 15:33:23 | 000,794,408 | ---- | C] () -- H:\Windows\SysWow64\pbsvc.exe
[2010.02.28 13:46:43 | 000,000,056 | -H-- | C] () -- H:\ProgramData\ezsidmv.dat
[2010.02.28 12:47:49 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2010.02.20 08:22:26 | 000,982,240 | ---- | C] () -- H:\Windows\SysWow64\igkrng500.bin
[2010.02.20 08:22:26 | 000,439,308 | ---- | C] () -- H:\Windows\SysWow64\igcompkrng500.bin
[2010.02.20 08:22:26 | 000,092,356 | ---- | C] () -- H:\Windows\SysWow64\igfcg500m.bin
[2010.02.12 13:56:34 | 000,005,632 | ---- | C] () -- H:\Windows\SysWow64\StarOpen.sys
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- H:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- H:\Windows\SysWow64\igfcg500.bin
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2002.08.29 19:33:56 | 000,319,488 | R--- | C] () -- H:\Windows\SysWow64\MafiaSetup.exe
[2002.08.29 19:33:56 | 000,319,488 | R--- | C] () -- H:\Users\Josef\AppData\Roaming\MafiaSetup.exe
========== LOP Check ==========
[2011.01.26 18:53:05 | 000,000,000 | ---D | M] -- H:\Users\GN0SYS\AppData\Roaming\Opera
[2011.07.21 14:51:16 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\.minecraft
[2011.07.17 14:17:26 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Bandoo
[2010.10.24 09:21:02 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BITS
[2011.07.24 14:30:50 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BitTorrent
[2011.07.15 09:59:51 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Bluetooth PC Dialer
[2010.10.19 22:16:16 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BSplayer
[2010.07.25 22:42:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BSplayer Pro
[2010.09.28 21:59:37 | 000,000,000 | -H-D | M] -- H:\Users\Josef\AppData\Roaming\Config
[2011.07.24 10:13:33 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools
[2010.04.17 12:42:39 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Lite
[2010.12.24 00:04:49 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Net
[2010.12.02 15:11:46 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Pro
[2011.01.05 15:35:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Driver Smith
[2011.03.24 15:56:28 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\EasyMp3Downloader
[2010.08.18 08:57:25 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FlashGet
[2010.08.18 08:57:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FlashGetBHO
[2011.01.07 10:47:55 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FOG Downloader
[2010.04.11 18:08:27 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\GHISLER
[2011.08.22 18:15:20 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\go
[2011.07.18 14:40:06 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\ICQ
[2010.04.24 14:56:57 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\inkscape
[2010.08.27 12:29:03 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Kecal
[2011.07.29 19:43:40 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\LolClient
[2011.03.24 17:27:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\MP3Rocket
[2010.12.23 15:19:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Mumble
[2010.07.05 17:08:35 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Need for Speed World
[2010.03.23 18:47:05 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\OpenOffice.org
[2011.05.19 13:51:56 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Opera
[2011.03.26 15:04:02 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Publish Providers
[2010.04.21 16:26:47 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Soldat
[2010.10.29 19:33:19 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Sony
[2010.03.14 19:34:28 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\TeamViewer
[2011.08.22 19:19:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\uTorrent
[2011.04.15 21:33:37 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Zoner
[2011.08.22 18:18:25 | 000,000,458 | ---- | M] () -- H:\Windows\Tasks\RegPowerClean.job
[2011.02.11 10:29:22 | 000,000,444 | ---- | M] () -- H:\Windows\Tasks\RPCReminder.job
[2011.07.01 11:00:12 | 000,032,554 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.22 19:49:03 | 000,000,286 | -H-- | M] () -- H:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- H:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- H:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- H:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- H:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- H:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- H:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- H:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2010.11.20 15:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- H:\Windows\SysNative\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- H:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- H:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- H:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- H:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- H:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- H:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- H:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- H:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- H:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- H:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- H:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- H:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- H:\Windows\SysNative\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- H:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- H:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- H:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- H:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
< MD5 for: NDIS.SYS >
[2010.11.20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- H:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- H:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- H:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- H:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- H:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- H:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- H:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2010.11.20 15:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011.03.11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- H:\Windows\SysNative\drivers\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- H:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011.03.11 08:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- H:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- H:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- H:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- H:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- H:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- H:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- H:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- H:\Windows\SysNative\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- H:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2011.08.20 09:17:17 | 001,182,208 | -H-- | M] () MD5=539402D3ABA48D6E55D8CDC645FC315F -- H:\Windows\update.1\svchost.exe
[2011.08.20 09:17:17 | 001,182,208 | -H-- | M] () MD5=539402D3ABA48D6E55D8CDC645FC315F -- H:\Windows\update.tray-12-0\svchost.exe
[2011.08.20 09:17:17 | 001,182,208 | -H-- | M] () MD5=539402D3ABA48D6E55D8CDC645FC315F -- H:\Windows\update.tray-12-0-lnk\svchost.exe
[2011.08.20 09:17:17 | 001,182,208 | -H-- | M] () MD5=539402D3ABA48D6E55D8CDC645FC315F -- H:\Windows\update.tray-7-0\svchost.exe
[2011.08.20 09:17:17 | 001,182,208 | -H-- | M] () MD5=539402D3ABA48D6E55D8CDC645FC315F -- H:\Windows\update.tray-7-0-lnk\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- H:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- H:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011.08.21 20:33:58 | 000,355,840 | ---- | M] () MD5=6C447372C1C601DCE714F7CDB354DAAD -- H:\Windows\update.5.0\svchost.exe
[2011.08.21 14:49:41 | 000,634,880 | ---- | M] () MD5=9D64674977EAD38F922E6DD0355D9D7C -- H:\Windows\update.2\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- H:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- H:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010.11.20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011.06.21 08:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011.04.25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011.06.21 08:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011.06.21 08:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- H:\Windows\SysNative\drivers\tcpip.sys
[2011.06.21 08:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011.06.21 08:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- H:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- H:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- H:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- H:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010.11.20 15:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- H:\Windows\SysNative\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- H:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- H:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- H:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
[1 H:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> H:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[10 H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[3 H:\Windows\Installer\*.tmp files -> H:\Windows\Installer\*.tmp -> ]
[1 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
[1 H:\Windows\SysWOW64\*.tmp files -> H:\Windows\SysWOW64\*.tmp -> ]
[65 H:\Windows\Temp\*.tmp files -> H:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- H:\install.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.07.21 14:51:16 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\.minecraft
[2010.08.18 13:36:07 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Adobe
[2010.03.07 12:23:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\ATI
[2011.07.17 14:17:26 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Bandoo
[2010.10.24 09:21:02 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BITS
[2011.07.24 14:30:50 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BitTorrent
[2011.07.15 09:59:51 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Bluetooth PC Dialer
[2010.10.19 22:16:16 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BSplayer
[2010.07.25 22:42:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BSplayer Pro
[2010.09.28 21:59:37 | 000,000,000 | -H-D | M] -- H:\Users\Josef\AppData\Roaming\Config
[2011.07.24 10:13:33 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools
[2010.04.17 12:42:39 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Lite
[2010.12.24 00:04:49 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Net
[2010.12.02 15:11:46 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Pro
[2011.07.18 14:08:25 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DivX
[2011.01.05 15:35:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Driver Smith
[2011.03.24 15:56:28 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\EasyMp3Downloader
[2010.08.18 08:57:25 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FlashGet
[2010.08.18 08:57:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FlashGetBHO
[2011.01.07 10:47:55 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FOG Downloader
[2010.04.11 18:08:27 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\GHISLER
[2011.08.22 18:15:20 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\go
[2010.12.30 20:02:30 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Hamachi
[2011.07.18 14:40:06 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\ICQ
[2010.02.28 13:04:20 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Identities
[2010.04.24 14:56:57 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\inkscape
[2010.08.27 12:29:03 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Kecal
[2011.07.29 19:43:40 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\LolClient
[2010.02.28 13:21:50 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Macromedia
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Media Center Programs
[2011.07.17 22:56:15 | 000,000,000 | --SD | M] -- H:\Users\Josef\AppData\Roaming\Microsoft
[2011.06.07 13:19:02 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\mIRC
[2010.02.28 13:15:24 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Mozilla
[2011.03.24 17:27:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\MP3Rocket
[2010.12.23 15:19:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Mumble
[2010.07.05 17:08:35 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Need for Speed World
[2010.03.23 18:47:05 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\OpenOffice.org
[2010.03.23 18:45:50 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\OpenOffice.org2
[2011.05.19 13:51:56 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Opera
[2011.03.26 15:04:02 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Publish Providers
[2011.08.22 19:19:13 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Skype
[2011.05.28 09:02:59 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\skypePM
[2010.04.21 16:26:47 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Soldat
[2010.10.29 19:33:19 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Sony
[2010.03.14 19:34:28 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\TeamViewer
[2011.08.22 19:19:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\uTorrent
[2010.07.24 17:20:32 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\vlc
[2010.03.10 12:40:32 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\WinRAR
[2011.04.15 21:33:37 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2002.08.29 19:33:56 | 000,319,488 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\MafiaSetup.exe
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2009.11.14 19:11:36 | 000,113,152 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2009.11.14 19:33:40 | 000,357,888 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2009.11.14 19:11:36 | 000,136,704 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.02.23 16:00:42 | 000,042,288 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2011.06.30 14:37:13 | 000,057,344 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
[2011.06.30 14:37:13 | 000,061,440 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
[2011.06.30 14:37:13 | 000,061,440 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
[2011.06.30 14:37:13 | 000,065,536 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
[2011.06.30 14:37:13 | 000,008,854 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\Uninstall_THAW_3293C06B003F40278380FFD79E38167D.exe
[2011.07.15 09:59:52 | 000,005,430 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}\ARPPRODUCTICON.exe
[2011.07.15 09:59:53 | 000,045,056 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}\NewShortcut1_31C30ABA960848C399A3EA37FE010825.exe
[2011.07.15 09:59:53 | 000,045,056 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}\NewShortcut2_6A293E8C50A64AF995D5612415EFFD9D.exe
[2010.07.29 15:29:36 | 000,001,078 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{6C472DFC-6D44-4947-9E1A-F79A2469D953}\_1DA131122C66AE2AF93D01.exe
[2010.07.29 15:29:36 | 000,001,078 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{6C472DFC-6D44-4947-9E1A-F79A2469D953}\_C7135D8DD8E38D24DFF917.exe
[2010.06.18 17:46:00 | 000,010,134 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
[2010.07.09 11:26:26 | 000,010,134 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.02.26 13:00:30 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2011.02.01 20:04:18 | 000,052,616 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\content\issigned.exe
[2011.05.11 18:46:59 | 003,485,576 | ---- | M] (Ask) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 H:\Windows\system32\*.tmp files -> H:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[1 H:\Windows\system32\*.tmp files -> H:\Windows\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2011.08.21 20:24:12 | 000,000,000 | ---- | M] () -- H:\Windows\system32\config.nt
[1 H:\Windows\system32\*.tmp files -> H:\Windows\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- H:\install.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Steam" = "h:\games\steam.exe" -silent -- [2011.08.02 10:06:18 | 001,242,448 | ---- | M] (Valve Corporation)
"Pando Media Booster" = H:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe -- [2011.07.29 14:07:34 | 003,077,528 | ---- | M] ()
"EA Core" = "H:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
"Windows Update" = H:\Windows\system32\firefox.exe
"uTorrent" = "H:\Program Files (x86)\uTorrent\uTorrent.exe" -- [2010.12.21 17:31:02 | 000,395,640 | ---- | M] (BitTorrent, Inc.)
"FlashGet 3" = "H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
"IpSharkk" = "H:\Program Files\IpSharkk\IpSharkk.exe" /auto
"NVIDIA driver monitor" = h:\users\public\nvsvc32.exe
"Skype" = "H:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.12.03 17:46:34 | 014,944,136 | R--- | M] (Skype Technologies S.A.)
"DAEMON Tools Lite" = H:\Program Files (x86)\DAEMON Tools Lite\daemon.exe -autorun -- [2008.12.29 12:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd)
"Sony Ericsson PC Companion" = "H:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon -- [2009.12.08 08:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB)
"msnmsgr" = "H:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
"DAEMON Tools Pro Agent" = "H:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun -- [2011.03.17 10:15:04 | 000,842,048 | ---- | M] (DT Soft Ltd)
"ICQ" = "H:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4 -- [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.)
< >
< type c:\boot.ini >> test.txt /c >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.22 19:50:00 | 000,000,512 | ---- | M] () MD5=B8225DDE99B0FBAD3FB99BF0DF3051B0 -- H:\PhysicalMBR.bin
< End of report >
Restore point Set: OTL Restore Point
NetSvcs:64bit: AppMgmt - H:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - H:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - H:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.CFHD - H:\Windows\SysWow64\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - H:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - H:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FMVC - H:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - H:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - H:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - H:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - H:\Windows\SysWow64\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to H:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2011.08.22 19:32:49 | 000,580,096 | ---- | C] (OldTimer Tools) -- H:\Users\Josef\Desktop\OTL.exe
[2011.08.22 19:22:45 | 000,000,000 | ---D | C] -- H:\Users\Josef\Desktop\RK_Quarantine
[2011.08.22 18:43:17 | 000,000,000 | ---D | C] -- H:\Program Files\trend micro
[2011.08.22 18:43:17 | 000,000,000 | ---D | C] -- H:\rsit
[2011.08.21 22:12:41 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\IP Changer Premium
[2011.08.21 20:24:20 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.08.21 12:17:37 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-12-0-lnk
[2011.08.21 12:17:37 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-12-0
[2011.08.21 12:03:45 | 000,000,000 | -H-D | C] -- H:\ProgramData\Common Files
[2011.08.21 12:03:39 | 000,000,000 | ---D | C] -- H:\ProgramData\MFAData
[2011.08.21 12:03:31 | 005,570,224 | ---- | C] (AVG Technologies) -- H:\Users\Josef\Desktop\avg_free_stb_eu_2011_1391_free.exe
[2011.08.21 11:43:18 | 000,600,920 | ---- | C] (AVAST Software) -- H:\Windows\SysNative\drivers\aswSnx.sys
[2011.08.20 09:56:42 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\AMD APP
[2011.08.20 09:38:24 | 000,000,000 | ---D | C] -- H:\Windows\ufa
[2011.08.20 09:38:24 | 000,000,000 | ---D | C] -- H:\Windows\rpcminer
[2011.08.20 09:38:24 | 000,000,000 | ---D | C] -- H:\Windows\phoenix
[2011.08.20 09:35:59 | 000,000,000 | -H-D | C] -- H:\Windows\update.5.0
[2011.08.20 09:35:27 | 000,000,000 | -H-D | C] -- H:\Windows\update.2
[2011.08.20 09:35:09 | 000,000,000 | -H-D | C] -- H:\Windows\update.7.1
[2011.08.20 09:30:52 | 000,000,000 | ---D | C] -- H:\Windows\av_ico
[2011.08.20 09:29:20 | 000,000,000 | -H-D | C] -- H:\Windows\update.1
[2011.08.20 09:29:19 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-7-0-lnk
[2011.08.20 09:29:19 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-7-0
[1 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
[1 H:\Windows\SysNative\drivers\*.tmp files -> H:\Windows\SysNative\drivers\*.tmp -> ]
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.08.22 19:50:00 | 000,000,512 | ---- | M] () -- H:\PhysicalMBR.bin
[2011.08.22 19:49:03 | 000,000,286 | -H-- | M] () -- H:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.08.22 19:35:00 | 000,000,950 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.22 19:32:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- H:\Users\Josef\Desktop\OTL.exe
[2011.08.22 19:25:32 | 000,000,726 | ---- | M] () -- H:\Windows\SysNative\drivers\etc\hosts
[2011.08.22 19:18:40 | 000,569,856 | ---- | M] () -- H:\Users\Josef\Desktop\RogueKiller.exe
[2011.08.22 18:42:13 | 000,935,175 | ---- | M] () -- H:\Users\Josef\Desktop\RSITx64.exe
[2011.08.22 18:26:15 | 000,014,224 | -H-- | M] () -- H:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 18:26:15 | 000,014,224 | -H-- | M] () -- H:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 18:19:50 | 005,589,370 | ---- | M] () -- H:\Windows\phoenix.rar
[2011.08.22 18:19:50 | 001,075,284 | ---- | M] () -- H:\Windows\rpcminer.rar
[2011.08.22 18:19:50 | 000,246,272 | ---- | M] () -- H:\Windows\unrar.exe
[2011.08.22 18:19:50 | 000,182,617 | ---- | M] () -- H:\Windows\ufa.rar
[2011.08.22 18:19:48 | 000,001,937 | ---- | M] () -- H:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.08.22 18:18:52 | 000,000,734 | ---- | M] () -- H:\Windows\SysNative\drivers\etc\hîsts
[2011.08.22 18:18:28 | 000,000,946 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.22 18:18:25 | 000,000,458 | ---- | M] () -- H:\Windows\tasks\RegPowerClean.job
[2011.08.22 18:18:14 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2011.08.22 18:18:11 | 1583,177,728 | -HS- | M] () -- H:\hiberfil.sys
[2011.08.22 16:07:54 | 000,051,078 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\room_v3.dat
[2011.08.22 15:11:52 | 000,000,202 | ---- | M] () -- H:\Windows\info1
[2011.08.22 15:11:51 | 000,137,728 | ---- | M] () -- H:\Windows\systemup.exe
[2011.08.21 22:15:47 | 000,332,524 | ---- | M] () -- H:\Users\Josef\Desktop\FastIPChangerV1.8 Beta release 4.zip
[2011.08.21 20:24:12 | 000,000,000 | ---- | M] () -- H:\Windows\SysWow64\config.nt
[2011.08.21 12:03:36 | 005,570,224 | ---- | M] (AVG Technologies) -- H:\Users\Josef\Desktop\avg_free_stb_eu_2011_1391_free.exe
[2011.08.21 11:41:26 | 056,167,608 | ---- | M] () -- H:\Users\Josef\Desktop\setup_av_free.exe
[2011.08.20 09:36:29 | 000,232,960 | ---- | M] () -- H:\Windows\l1rezerv.exe
[2011.08.20 09:33:31 | 000,904,792 | ---- | M] () -- H:\Windows\geoiplist.rar
[2011.08.20 09:32:04 | 000,000,000 | ---- | M] () -- H:\Windows\loader2.exe_ok
[2011.08.20 09:31:10 | 000,258,048 | ---- | M] () -- H:\Windows\sysdriver32_.exe
[2011.08.20 09:31:10 | 000,258,048 | ---- | M] () -- H:\Windows\sysdriver32.exe
[2011.08.20 09:17:17 | 001,182,208 | ---- | M] () -- H:\Windows\services32.exe
[2011.08.20 09:17:17 | 001,182,208 | ---- | M] () -- H:\Users\Josef\Desktop\Flash-Player.exe
[2011.08.18 21:33:01 | 176,664,241 | ---- | M] () -- H:\Users\Josef\Desktop\soundtrack-henry-proper.rar
[2011.08.18 21:13:34 | 058,327,040 | ---- | M] () -- H:\Users\Josef\Desktop\Henry-Proper-SOUNDTRACK.rar
[2011.08.18 19:47:45 | 1682,972,992 | ---- | M] () -- H:\Users\Josef\Desktop\Henry-Proper-a-Šutr-mudrců---Vyborná-kvalita-by-Reznik.avi
[2011.08.18 16:34:48 | 1112,764,416 | ---- | M] () -- H:\Users\Josef\Desktop\Harry-Potter---Tajemství-zvětšujících-se-slipů.avi
[2011.08.18 14:44:11 | 010,069,850 | ---- | M] () -- H:\Users\Josef\Desktop\Rusko Everyday (Netsky Remix).mp3
[2011.08.18 14:08:02 | 000,091,191 | ---- | M] () -- H:\Users\Josef\Desktop\Ukf_Dnb_Logo.jpg
[1 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
[1 H:\Windows\SysNative\drivers\*.tmp files -> H:\Windows\SysNative\drivers\*.tmp -> ]
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.08.22 19:37:18 | 000,000,512 | ---- | C] () -- H:\PhysicalMBR.bin
[2011.08.22 19:18:39 | 000,569,856 | ---- | C] () -- H:\Users\Josef\Desktop\RogueKiller.exe
[2011.08.22 18:42:11 | 000,935,175 | ---- | C] () -- H:\Users\Josef\Desktop\RSITx64.exe
[2011.08.22 10:53:56 | 000,137,728 | ---- | C] () -- H:\Windows\systemup.exe
[2011.08.21 22:15:47 | 000,332,524 | ---- | C] () -- H:\Users\Josef\Desktop\FastIPChangerV1.8 Beta release 4.zip
[2011.08.21 20:24:20 | 000,001,937 | ---- | C] () -- H:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.08.21 11:40:14 | 056,167,608 | ---- | C] () -- H:\Users\Josef\Desktop\setup_av_free.exe
[2011.08.20 09:38:23 | 005,589,370 | ---- | C] () -- H:\Windows\phoenix.rar
[2011.08.20 09:38:23 | 001,075,284 | ---- | C] () -- H:\Windows\rpcminer.rar
[2011.08.20 09:38:23 | 000,182,617 | ---- | C] () -- H:\Windows\ufa.rar
[2011.08.20 09:36:33 | 000,232,960 | ---- | C] () -- H:\Windows\l1rezerv.exe
[2011.08.20 09:35:09 | 000,000,202 | ---- | C] () -- H:\Windows\info1
[2011.08.20 09:33:33 | 004,636,907 | ---- | C] () -- H:\Windows\geoiplist
[2011.08.20 09:33:31 | 000,904,792 | ---- | C] () -- H:\Windows\geoiplist.rar
[2011.08.20 09:33:31 | 000,246,272 | ---- | C] () -- H:\Windows\unrar.exe
[2011.08.20 09:31:59 | 000,000,000 | ---- | C] () -- H:\Windows\loader2.exe_ok
[2011.08.20 09:31:56 | 000,258,048 | ---- | C] () -- H:\Windows\sysdriver32_.exe
[2011.08.20 09:31:42 | 000,258,048 | ---- | C] () -- H:\Windows\sysdriver32.exe
[2011.08.20 09:18:06 | 001,182,208 | ---- | C] () -- H:\Windows\services32.exe
[2011.08.20 09:17:12 | 001,182,208 | ---- | C] () -- H:\Users\Josef\Desktop\Flash-Player.exe
[2011.08.18 21:21:53 | 176,664,241 | ---- | C] () -- H:\Users\Josef\Desktop\soundtrack-henry-proper.rar
[2011.08.18 21:10:17 | 058,327,040 | ---- | C] () -- H:\Users\Josef\Desktop\Henry-Proper-SOUNDTRACK.rar
[2011.08.18 18:13:22 | 1682,972,992 | ---- | C] () -- H:\Users\Josef\Desktop\Henry-Proper-a-Šutr-mudrců---Vyborná-kvalita-by-Reznik.avi
[2011.08.18 15:20:48 | 1112,764,416 | ---- | C] () -- H:\Users\Josef\Desktop\Harry-Potter---Tajemství-zvětšujících-se-slipů.avi
[2011.08.18 14:43:59 | 010,069,850 | ---- | C] () -- H:\Users\Josef\Desktop\Rusko Everyday (Netsky Remix).mp3
[2011.08.18 14:08:02 | 000,091,191 | ---- | C] () -- H:\Users\Josef\Desktop\Ukf_Dnb_Logo.jpg
[2011.08.04 23:51:26 | 000,048,670 | ---- | C] () -- H:\Windows\War3Unin.dat
[2011.05.27 23:05:21 | 000,051,078 | ---- | C] () -- H:\Users\Josef\AppData\Roaming\room_v3.dat
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- H:\Windows\SysWow64\OVDecode.dll
[2011.03.22 19:39:35 | 000,046,742 | ---- | C] () -- H:\Users\Josef\AppData\Roaming\room.dat
[2011.03.01 16:14:44 | 000,482,408 | ---- | C] () -- H:\Windows\ssndii.exe
[2011.02.12 23:34:23 | 000,000,888 | ---- | C] () -- H:\Users\Josef\AppData\Local\SRDownloader.nast
[2010.12.08 17:09:04 | 000,005,120 | ---- | C] () -- H:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.21 22:32:56 | 000,000,146 | ---- | C] () -- H:\Windows\XIIIHooligans.ini
[2010.08.18 09:05:56 | 000,000,248 | ---- | C] () -- H:\Windows\SysWow64\secustat.dat
[2010.08.18 08:57:58 | 000,000,305 | ---- | C] () -- H:\Windows\SysWow64\secushr.dat
[2010.08.18 08:57:30 | 000,000,025 | ---- | C] () -- H:\Windows\libem.INI
[2010.08.17 10:53:29 | 000,794,408 | ---- | C] () -- H:\Windows\SysWow64\pbsvc(2).exe
[2010.07.29 09:42:04 | 000,021,840 | ---- | C] () -- H:\Windows\SysWow64\SIntfNT.dll
[2010.07.29 09:42:04 | 000,017,212 | ---- | C] () -- H:\Windows\SysWow64\SIntf32.dll
[2010.07.29 09:42:04 | 000,012,067 | ---- | C] () -- H:\Windows\SysWow64\SIntf16.dll
[2010.07.21 16:34:58 | 000,043,520 | ---- | C] () -- H:\Windows\SysWow64\CmdLineExt03.dll
[2010.06.30 19:04:19 | 000,000,023 | ---- | C] () -- H:\Windows\BlendSettings.ini
[2010.06.19 22:33:50 | 000,098,404 | ---- | C] () -- H:\Windows\Yang-Hack.exe
[2010.06.12 19:51:50 | 000,004,096 | ---- | C] () -- H:\Windows\d3dx.dat
[2010.05.20 19:12:27 | 000,214,520 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2010.05.20 19:12:25 | 000,075,136 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2010.05.10 10:23:49 | 002,427,248 | ---- | C] () -- H:\Windows\SysWow64\pbsvc_heroes.exe
[2010.02.28 23:13:23 | 000,000,093 | ---- | C] () -- H:\Users\Josef\AppData\Local\fusioncache.dat
[2010.02.28 15:35:49 | 001,582,918 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.28 15:33:23 | 000,794,408 | ---- | C] () -- H:\Windows\SysWow64\pbsvc.exe
[2010.02.28 13:46:43 | 000,000,056 | -H-- | C] () -- H:\ProgramData\ezsidmv.dat
[2010.02.28 12:47:49 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2010.02.20 08:22:26 | 000,982,240 | ---- | C] () -- H:\Windows\SysWow64\igkrng500.bin
[2010.02.20 08:22:26 | 000,439,308 | ---- | C] () -- H:\Windows\SysWow64\igcompkrng500.bin
[2010.02.20 08:22:26 | 000,092,356 | ---- | C] () -- H:\Windows\SysWow64\igfcg500m.bin
[2010.02.12 13:56:34 | 000,005,632 | ---- | C] () -- H:\Windows\SysWow64\StarOpen.sys
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- H:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- H:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- H:\Windows\SysWow64\igfcg500.bin
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2002.08.29 19:33:56 | 000,319,488 | R--- | C] () -- H:\Windows\SysWow64\MafiaSetup.exe
[2002.08.29 19:33:56 | 000,319,488 | R--- | C] () -- H:\Users\Josef\AppData\Roaming\MafiaSetup.exe
========== LOP Check ==========
[2011.01.26 18:53:05 | 000,000,000 | ---D | M] -- H:\Users\GN0SYS\AppData\Roaming\Opera
[2011.07.21 14:51:16 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\.minecraft
[2011.07.17 14:17:26 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Bandoo
[2010.10.24 09:21:02 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BITS
[2011.07.24 14:30:50 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BitTorrent
[2011.07.15 09:59:51 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Bluetooth PC Dialer
[2010.10.19 22:16:16 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BSplayer
[2010.07.25 22:42:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BSplayer Pro
[2010.09.28 21:59:37 | 000,000,000 | -H-D | M] -- H:\Users\Josef\AppData\Roaming\Config
[2011.07.24 10:13:33 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools
[2010.04.17 12:42:39 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Lite
[2010.12.24 00:04:49 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Net
[2010.12.02 15:11:46 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Pro
[2011.01.05 15:35:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Driver Smith
[2011.03.24 15:56:28 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\EasyMp3Downloader
[2010.08.18 08:57:25 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FlashGet
[2010.08.18 08:57:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FlashGetBHO
[2011.01.07 10:47:55 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FOG Downloader
[2010.04.11 18:08:27 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\GHISLER
[2011.08.22 18:15:20 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\go
[2011.07.18 14:40:06 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\ICQ
[2010.04.24 14:56:57 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\inkscape
[2010.08.27 12:29:03 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Kecal
[2011.07.29 19:43:40 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\LolClient
[2011.03.24 17:27:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\MP3Rocket
[2010.12.23 15:19:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Mumble
[2010.07.05 17:08:35 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Need for Speed World
[2010.03.23 18:47:05 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\OpenOffice.org
[2011.05.19 13:51:56 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Opera
[2011.03.26 15:04:02 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Publish Providers
[2010.04.21 16:26:47 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Soldat
[2010.10.29 19:33:19 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Sony
[2010.03.14 19:34:28 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\TeamViewer
[2011.08.22 19:19:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\uTorrent
[2011.04.15 21:33:37 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Zoner
[2011.08.22 18:18:25 | 000,000,458 | ---- | M] () -- H:\Windows\Tasks\RegPowerClean.job
[2011.02.11 10:29:22 | 000,000,444 | ---- | M] () -- H:\Windows\Tasks\RPCReminder.job
[2011.07.01 11:00:12 | 000,032,554 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.22 19:49:03 | 000,000,286 | -H-- | M] () -- H:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- H:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- H:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- H:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- H:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- H:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- H:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- H:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2010.11.20 15:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- H:\Windows\SysNative\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- H:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- H:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- H:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- H:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- H:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- H:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- H:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- H:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- H:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- H:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- H:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- H:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- H:\Windows\SysNative\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- H:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- H:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- H:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- H:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
< MD5 for: NDIS.SYS >
[2010.11.20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- H:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- H:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- H:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- H:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- H:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- H:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- H:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2010.11.20 15:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011.03.11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- H:\Windows\SysNative\drivers\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- H:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011.03.11 08:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- H:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- H:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- H:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- H:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- H:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- H:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- H:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- H:\Windows\SysNative\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- H:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2011.08.20 09:17:17 | 001,182,208 | -H-- | M] () MD5=539402D3ABA48D6E55D8CDC645FC315F -- H:\Windows\update.1\svchost.exe
[2011.08.20 09:17:17 | 001,182,208 | -H-- | M] () MD5=539402D3ABA48D6E55D8CDC645FC315F -- H:\Windows\update.tray-12-0\svchost.exe
[2011.08.20 09:17:17 | 001,182,208 | -H-- | M] () MD5=539402D3ABA48D6E55D8CDC645FC315F -- H:\Windows\update.tray-12-0-lnk\svchost.exe
[2011.08.20 09:17:17 | 001,182,208 | -H-- | M] () MD5=539402D3ABA48D6E55D8CDC645FC315F -- H:\Windows\update.tray-7-0\svchost.exe
[2011.08.20 09:17:17 | 001,182,208 | -H-- | M] () MD5=539402D3ABA48D6E55D8CDC645FC315F -- H:\Windows\update.tray-7-0-lnk\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- H:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- H:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011.08.21 20:33:58 | 000,355,840 | ---- | M] () MD5=6C447372C1C601DCE714F7CDB354DAAD -- H:\Windows\update.5.0\svchost.exe
[2011.08.21 14:49:41 | 000,634,880 | ---- | M] () MD5=9D64674977EAD38F922E6DD0355D9D7C -- H:\Windows\update.2\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- H:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- H:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010.11.20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011.06.21 08:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011.04.25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011.06.21 08:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011.06.21 08:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- H:\Windows\SysNative\drivers\tcpip.sys
[2011.06.21 08:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011.06.21 08:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- H:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- H:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- H:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- H:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- H:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010.11.20 15:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- H:\Windows\SysNative\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- H:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- H:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- H:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- H:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
[1 H:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> H:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[10 H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[3 H:\Windows\Installer\*.tmp files -> H:\Windows\Installer\*.tmp -> ]
[1 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
[1 H:\Windows\SysWOW64\*.tmp files -> H:\Windows\SysWOW64\*.tmp -> ]
[65 H:\Windows\Temp\*.tmp files -> H:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- H:\install.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.07.21 14:51:16 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\.minecraft
[2010.08.18 13:36:07 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Adobe
[2010.03.07 12:23:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\ATI
[2011.07.17 14:17:26 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Bandoo
[2010.10.24 09:21:02 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BITS
[2011.07.24 14:30:50 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BitTorrent
[2011.07.15 09:59:51 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Bluetooth PC Dialer
[2010.10.19 22:16:16 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BSplayer
[2010.07.25 22:42:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\BSplayer Pro
[2010.09.28 21:59:37 | 000,000,000 | -H-D | M] -- H:\Users\Josef\AppData\Roaming\Config
[2011.07.24 10:13:33 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools
[2010.04.17 12:42:39 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Lite
[2010.12.24 00:04:49 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Net
[2010.12.02 15:11:46 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DAEMON Tools Pro
[2011.07.18 14:08:25 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\DivX
[2011.01.05 15:35:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Driver Smith
[2011.03.24 15:56:28 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\EasyMp3Downloader
[2010.08.18 08:57:25 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FlashGet
[2010.08.18 08:57:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FlashGetBHO
[2011.01.07 10:47:55 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\FOG Downloader
[2010.04.11 18:08:27 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\GHISLER
[2011.08.22 18:15:20 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\go
[2010.12.30 20:02:30 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Hamachi
[2011.07.18 14:40:06 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\ICQ
[2010.02.28 13:04:20 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Identities
[2010.04.24 14:56:57 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\inkscape
[2010.08.27 12:29:03 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Kecal
[2011.07.29 19:43:40 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\LolClient
[2010.02.28 13:21:50 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Macromedia
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Media Center Programs
[2011.07.17 22:56:15 | 000,000,000 | --SD | M] -- H:\Users\Josef\AppData\Roaming\Microsoft
[2011.06.07 13:19:02 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\mIRC
[2010.02.28 13:15:24 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Mozilla
[2011.03.24 17:27:22 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\MP3Rocket
[2010.12.23 15:19:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Mumble
[2010.07.05 17:08:35 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Need for Speed World
[2010.03.23 18:47:05 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\OpenOffice.org
[2010.03.23 18:45:50 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\OpenOffice.org2
[2011.05.19 13:51:56 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Opera
[2011.03.26 15:04:02 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Publish Providers
[2011.08.22 19:19:13 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Skype
[2011.05.28 09:02:59 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\skypePM
[2010.04.21 16:26:47 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Soldat
[2010.10.29 19:33:19 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Sony
[2010.03.14 19:34:28 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\TeamViewer
[2011.08.22 19:19:38 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\uTorrent
[2010.07.24 17:20:32 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\vlc
[2010.03.10 12:40:32 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\WinRAR
[2011.04.15 21:33:37 | 000,000,000 | ---D | M] -- H:\Users\Josef\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2002.08.29 19:33:56 | 000,319,488 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\MafiaSetup.exe
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2009.11.14 19:11:36 | 000,113,152 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2009.11.14 19:33:40 | 000,357,888 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2009.11.14 19:11:36 | 000,136,704 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.02.23 16:00:42 | 000,042,288 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2011.06.30 14:37:13 | 000,057,344 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
[2011.06.30 14:37:13 | 000,061,440 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
[2011.06.30 14:37:13 | 000,061,440 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
[2011.06.30 14:37:13 | 000,065,536 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
[2011.06.30 14:37:13 | 000,008,854 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\Uninstall_THAW_3293C06B003F40278380FFD79E38167D.exe
[2011.07.15 09:59:52 | 000,005,430 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}\ARPPRODUCTICON.exe
[2011.07.15 09:59:53 | 000,045,056 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}\NewShortcut1_31C30ABA960848C399A3EA37FE010825.exe
[2011.07.15 09:59:53 | 000,045,056 | R--- | M] (Macrovision Corporation) -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}\NewShortcut2_6A293E8C50A64AF995D5612415EFFD9D.exe
[2010.07.29 15:29:36 | 000,001,078 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{6C472DFC-6D44-4947-9E1A-F79A2469D953}\_1DA131122C66AE2AF93D01.exe
[2010.07.29 15:29:36 | 000,001,078 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{6C472DFC-6D44-4947-9E1A-F79A2469D953}\_C7135D8DD8E38D24DFF917.exe
[2010.06.18 17:46:00 | 000,010,134 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
[2010.07.09 11:26:26 | 000,010,134 | R--- | M] () -- H:\Users\Josef\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.02.26 13:00:30 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2011.02.01 20:04:18 | 000,052,616 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\content\issigned.exe
[2011.05.11 18:46:59 | 003,485,576 | ---- | M] (Ask) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 H:\Windows\system32\*.tmp files -> H:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[1 H:\Windows\system32\*.tmp files -> H:\Windows\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2011.08.21 20:24:12 | 000,000,000 | ---- | M] () -- H:\Windows\system32\config.nt
[1 H:\Windows\system32\*.tmp files -> H:\Windows\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- H:\install.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Steam" = "h:\games\steam.exe" -silent -- [2011.08.02 10:06:18 | 001,242,448 | ---- | M] (Valve Corporation)
"Pando Media Booster" = H:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe -- [2011.07.29 14:07:34 | 003,077,528 | ---- | M] ()
"EA Core" = "H:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
"Windows Update" = H:\Windows\system32\firefox.exe
"uTorrent" = "H:\Program Files (x86)\uTorrent\uTorrent.exe" -- [2010.12.21 17:31:02 | 000,395,640 | ---- | M] (BitTorrent, Inc.)
"FlashGet 3" = "H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
"IpSharkk" = "H:\Program Files\IpSharkk\IpSharkk.exe" /auto
"NVIDIA driver monitor" = h:\users\public\nvsvc32.exe
"Skype" = "H:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.12.03 17:46:34 | 014,944,136 | R--- | M] (Skype Technologies S.A.)
"DAEMON Tools Lite" = H:\Program Files (x86)\DAEMON Tools Lite\daemon.exe -autorun -- [2008.12.29 12:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd)
"Sony Ericsson PC Companion" = "H:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon -- [2009.12.08 08:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB)
"msnmsgr" = "H:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
"DAEMON Tools Pro Agent" = "H:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun -- [2011.03.17 10:15:04 | 000,842,048 | ---- | M] (DT Soft Ltd)
"ICQ" = "H:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4 -- [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.)
< >
< type c:\boot.ini >> test.txt /c >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.22 19:50:00 | 000,000,512 | ---- | M] () MD5=B8225DDE99B0FBAD3FB99BF0DF3051B0 -- H:\PhysicalMBR.bin
< End of report >
Re: FcB virus.
Omlouvám se, že Vám to píši takhle,nicméně zde je ten Extras:
OTL Extras logfile created on: 22.8.2011 19:48:31 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = H:\Users\Josef\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,97 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,83% Memory free
3,93 Gb Paging File | 2,19 Gb Available in Paging File | 55,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive G: | 136,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 465,75 Gb Total Space | 5,07 Gb Free Space | 1,09% Space Free | Partition Type: NTFS
Computer Name: JOSEF-PC | User Name: Josef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- H:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- H:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- H:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- H:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- H:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "H:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "H:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "H:\Windows\System32\rundll32.exe" "H:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "H:\Windows\System32\rundll32.exe" "H:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "H:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "H:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"H:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"H:\Nexon\Combat Arms EU\CombatArms.exe" = H:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exewallPolicy\StandardProfile\AuthorizedApplications\List
"H:\Nexon\Combat Arms EU\Engine.exe" = H:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe.dl
"H:\Users\Josef\Desktop\Flash-Player.exe" = H:\Users\Josef\Desktop\Flash-Player.exe:*:Enabled:H:\Users\Josef\Desktop\Flash-Player.exe -- ()
"H:\Windows\update.1\svchost.exe" = H:\Windows\update.1\svchost.exe:*:Enabled:H:\Windows\update.1\svchost.exe -- ()
"H:\Windows\update.tray-7-0\svchost.exe" = H:\Windows\update.tray-7-0\svchost.exe:*:Enabled:H:\Windows\update.tray-7-0\svchost.exe -- ()
"H:\Windows\update.2\svchost.exe" = H:\Windows\update.2\svchost.exe:*:Enabled:H:\Windows\update.2\svchost.exe -- ()
"H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"H:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"H:\Nexon\Combat Arms EU\CombatArms.exe" = H:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exexe
"H:\Nexon\Combat Arms EU\Engine.exe" = H:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"H:\Users\Josef\Desktop\Flash-Player.exe" = H:\Users\Josef\Desktop\Flash-Player.exe:*:Enabled:H:\Users\Josef\Desktop\Flash-Player.exe -- ()
"H:\Windows\update.1\svchost.exe" = H:\Windows\update.1\svchost.exe:*:Enabled:H:\Windows\update.1\svchost.exe -- ()
"H:\Windows\update.tray-7-0\svchost.exe" = H:\Windows\update.tray-7-0\svchost.exe:*:Enabled:H:\Windows\update.tray-7-0\svchost.exe -- ()
"H:\Windows\update.2\svchost.exe" = H:\Windows\update.2\svchost.exe:*:Enabled:H:\Windows\update.2\svchost.exe -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A324DC11-FF02-3CE8-9D6F-67EBC006D970}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Windows Movie Maker" = Windows Movie Maker
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter Mobile
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland (TM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}" = BluetoothPCDialer
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C472DFC-6D44-4947-9E1A-F79A2469D953}" = eTesty - autoškola
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CA199A8-574E-432F-A98F-A55741E233D1}_is1" = 3GP Player 2011
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F2F35B0-4019-4291-BBF5-121F51637FC7}" = VC80MFCRedist - 8.0.50727.4053
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92510C2A-30E3-4F8D-AE8A-93AB7B63EE8F}" = Gothic II Gold
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B573533-69F4-4621-8B0B-7D3DE4B5C322}" = QuadCoreM2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.2 - Czech
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8F941EA-FC3E-4915-B5EB-E91A47BF3394}" = Marc Ecko's Getting Up - Contents Under Pressure
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BF1EC9C0-9C10-11DF-BBC7-005056C00008}" = Google Earth
"{C13E90B0-4E1C-11DB-6784-0152EAA218BE}" = Call of Duty(R) 2 Patch 1.3
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D589CCA3-6B56-4237-8ED2-512152B97699}" = LG Android Drivers
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EABF2170-CA2F-4C48-9921-3D5050F30EBA}" = Hooligans - Storm over Europe
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4shared Desktop" = 4shared Desktop
"4StoryCZ_is1" = 4Story 3.4.1
"4StoryEG2.0" = 4StoryEG
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Mythology 1.0" = Age of Mythology
"Amnesia_is1" = Amnesia
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Axxin Wow Logo Creator" = Axxin Wow Logo Creator
"Bandoo" = Bandoo
"BC03CED5-3A47-AIDE-A9F0-F0AC06D57D23_is1" = Morrowind Czech
"BitTorrent" = BitTorrent
"BlackDream_is1" = BlackDream_v1.0
"Brothersoft Toolbar" = Brothersoft Toolbar
"BS_Player Toolbar" = BS_Player Toolbar
"BSPlayerf" = BS.Player FREE
"Cartoon Recorder_is1" = Cartoon Recorder 3.5
"CCleaner" = CCleaner
"CoD 2 čeština_is1" = CoD 2 čeština 1.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Counter-Strike: Source Texture Pack 1.00" = Counter-Strike: Source Texture Pack 1.00
"DAEMON Tools Pro" = DAEMON Tools Pro
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAX Unified" = EAX Unified
"Eurobattle.net1.26" = Eurobattle.net
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 2.70
"Fraps" = Fraps (remove only)
"GameParkClient_is1" = GamePark
"Garena Classic 2011" = Garena Classic 2011
"GoldWave v5.57" = GoldWave v5.57
"Google Chrome" = Google Chrome
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"G-Sector" = G-Sector
"Guild Wars" = Guild Wars
"Hot_MP3 Toolbar" = Hot_MP3 Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"ICCup Launcher_is1" = ICCup Launcher
"ICQToolbar" = ICQ Toolbar
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InterBase 6 Client Open Edition - 6.0.2.0" = InterBase 6 Client Open Edition - 6.0.2.0
"IP Changer Premium" = IP Changer Premium
"Kecal_is1" = Kecal 2.3.1
"Left 4 Dead" = Left 4 Dead
"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall
"LG PC Suite IV" = LG PC Suite IV
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia Game" = Mafia Game
"Marc Ecko's Getting Up - Contents Under Pressure SK_is1" = Marc Ecko's Getting Up - Contents Under Pressure SK 1.00
"MediaDoctor_is1" = MediaDoctor 2.0
"Metin2_is1" = Metin2
"mod_sobit" = m0d_s0beit_3.4
"Mozilla Firefox 4.0.1 (x86 cs)" = Mozilla Firefox 4.0.1 (x86 cs)
"Mumble" = Mumble and Murmur
"Opera 11.11.2109" = Opera 11.11
"Patch kamael.cz 1.00" = Patch kamael.cz 1.00
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"Samsung ML-1660 Series" = Údržba Samsung ML-1660 Series
"save2pc Light_is1" = save2pc Light 4.03
"Searchqu 101 MediaBar" = Windows Searchqu Toolbar
"Steam App 10180" = Call of Duty: Modern Warfare 2
"TiMoC1.1" = TiMoC
"uTorrent" = µTorrent
"Valve_0" = Valve
"Valve_1" = Valve
"Valve_2" = Valve
"W3_Frozen throne crack" = W3_Frozen throne crack
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZonerPhotoStudio12_EN_is1" = Zoner Photo Studio 12
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Warcraft III" = Warcraft III: All Products
"Wordmaster XP" = Překladač Wordmaster XP
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.5.2011 7:18:30 | Computer Name = Josef-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 14.5.2011 7:18:30 | Computer Name = Josef-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 14.5.2011 7:18:30 | Computer Name = Josef-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 14.5.2011 7:18:30 | Computer Name = Josef-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 15.5.2011 14:52:05 | Computer Name = Josef-PC | Source = Application Hang | ID = 1002
Description = Program mc.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: 1328 Čas
spuštění: 01cc132e9d4bf770 Čas ukončení: 83 Cesta k aplikaci: H:\Users\Josef\Desktop\Baldur
,)\mc.exe ID hlášení:
Error - 16.5.2011 10:41:49 | Computer Name = Josef-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro H:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
H:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku
3. Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu
version v prvku assemblyIdentity je neplatná.
Error - 17.5.2011 12:12:05 | Computer Name = Josef-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: wmprph.exe, verze: 12.0.7600.16385, časové
razítko: 0x4a5bd018 Název chybujícího modulu: ntdll.dll, verze: 6.1.7600.16695,
časové razítko: 0x4cc7b325 Kód výjimky: 0xc0000005 Posun chyby: 0x000000000004c8f4
ID
chybujícího procesu: 0x110c Čas spuštění chybující aplikace: 0x01cc14ad26c6e3fb Cesta
k chybující aplikaci: H:\Program Files\Windows Media Player\wmprph.exe Cesta k chybujícímu
modulu: H:\Windows\SYSTEM32\ntdll.dll ID zprávy: 67f73702-80a0-11e0-abf8-a6b5f4e3c2d1
Error - 17.5.2011 14:30:46 | Computer Name = Josef-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: wmprph.exe, verze: 12.0.7600.16385, časové
razítko: 0x4a5bd018 Název chybujícího modulu: jscript.dll, verze: 5.8.7600.16762,
časové razítko: 0x4d5e1142 Kód výjimky: 0xc000041d Posun chyby: 0x0000000000016fd4
ID
chybujícího procesu: 0x110c Čas spuštění chybující aplikace: 0x01cc14ad26c6e3fb Cesta
k chybující aplikaci: H:\Program Files\Windows Media Player\wmprph.exe Cesta k chybujícímu
modulu: H:\Windows\System32\jscript.dll ID zprávy: c7bed648-80b3-11e0-abf8-a6b5f4e3c2d1
Error - 20.5.2011 10:36:05 | Computer Name = Josef-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro H:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
H:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku
3. Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu
version v prvku assemblyIdentity je neplatná.
Error - 20.5.2011 11:35:16 | Computer Name = Josef-PC | Source = Application Hang | ID = 1002
Description = Program javaw.exe verze 6.0.180.7 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
940 Čas spuštění: 01cc17024359a3f0 Čas ukončení: 39 Cesta k aplikaci: H:\Windows\SysWOW64\javaw.exe
ID
hlášení:
[ System Events ]
Error - 22.8.2011 10:25:39 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 22.8.2011 12:18:15 | Computer Name = Josef-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (18:16:59, ?22.?8.?2011) bylo neočekávané.
Error - 22.8.2011 12:18:25 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 22.8.2011 12:18:38 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 22.8.2011 12:19:10 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Avgldx64
Error - 22.8.2011 12:19:13 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 22.8.2011 12:19:14 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 22.8.2011 13:20:35 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7034
Description = Služba srvbtcclient byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 22.8.2011 13:20:35 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7034
Description = Služba srviecheck byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 22.8.2011 13:20:35 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7034
Description = Služba wxpdrivers byla neočekávaně ukončena. Tento stav nastal již
1krát.
< End of report >
OTL Extras logfile created on: 22.8.2011 19:48:31 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = H:\Users\Josef\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,97 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,83% Memory free
3,93 Gb Paging File | 2,19 Gb Available in Paging File | 55,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive G: | 136,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 465,75 Gb Total Space | 5,07 Gb Free Space | 1,09% Space Free | Partition Type: NTFS
Computer Name: JOSEF-PC | User Name: Josef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- H:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- H:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- H:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- H:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- H:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "H:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "H:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "H:\Windows\System32\rundll32.exe" "H:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "H:\Windows\System32\rundll32.exe" "H:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "H:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "H:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"H:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"H:\Nexon\Combat Arms EU\CombatArms.exe" = H:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exewallPolicy\StandardProfile\AuthorizedApplications\List
"H:\Nexon\Combat Arms EU\Engine.exe" = H:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe.dl
"H:\Users\Josef\Desktop\Flash-Player.exe" = H:\Users\Josef\Desktop\Flash-Player.exe:*:Enabled:H:\Users\Josef\Desktop\Flash-Player.exe -- ()
"H:\Windows\update.1\svchost.exe" = H:\Windows\update.1\svchost.exe:*:Enabled:H:\Windows\update.1\svchost.exe -- ()
"H:\Windows\update.tray-7-0\svchost.exe" = H:\Windows\update.tray-7-0\svchost.exe:*:Enabled:H:\Windows\update.tray-7-0\svchost.exe -- ()
"H:\Windows\update.2\svchost.exe" = H:\Windows\update.2\svchost.exe:*:Enabled:H:\Windows\update.2\svchost.exe -- ()
"H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = H:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"H:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"H:\Nexon\Combat Arms EU\CombatArms.exe" = H:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exexe
"H:\Nexon\Combat Arms EU\Engine.exe" = H:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"H:\Users\Josef\Desktop\Flash-Player.exe" = H:\Users\Josef\Desktop\Flash-Player.exe:*:Enabled:H:\Users\Josef\Desktop\Flash-Player.exe -- ()
"H:\Windows\update.1\svchost.exe" = H:\Windows\update.1\svchost.exe:*:Enabled:H:\Windows\update.1\svchost.exe -- ()
"H:\Windows\update.tray-7-0\svchost.exe" = H:\Windows\update.tray-7-0\svchost.exe:*:Enabled:H:\Windows\update.tray-7-0\svchost.exe -- ()
"H:\Windows\update.2\svchost.exe" = H:\Windows\update.2\svchost.exe:*:Enabled:H:\Windows\update.2\svchost.exe -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A324DC11-FF02-3CE8-9D6F-67EBC006D970}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Windows Movie Maker" = Windows Movie Maker
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter Mobile
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland (TM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}" = BluetoothPCDialer
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C472DFC-6D44-4947-9E1A-F79A2469D953}" = eTesty - autoškola
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CA199A8-574E-432F-A98F-A55741E233D1}_is1" = 3GP Player 2011
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F2F35B0-4019-4291-BBF5-121F51637FC7}" = VC80MFCRedist - 8.0.50727.4053
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92510C2A-30E3-4F8D-AE8A-93AB7B63EE8F}" = Gothic II Gold
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B573533-69F4-4621-8B0B-7D3DE4B5C322}" = QuadCoreM2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.2 - Czech
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8F941EA-FC3E-4915-B5EB-E91A47BF3394}" = Marc Ecko's Getting Up - Contents Under Pressure
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BF1EC9C0-9C10-11DF-BBC7-005056C00008}" = Google Earth
"{C13E90B0-4E1C-11DB-6784-0152EAA218BE}" = Call of Duty(R) 2 Patch 1.3
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D589CCA3-6B56-4237-8ED2-512152B97699}" = LG Android Drivers
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EABF2170-CA2F-4C48-9921-3D5050F30EBA}" = Hooligans - Storm over Europe
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4shared Desktop" = 4shared Desktop
"4StoryCZ_is1" = 4Story 3.4.1
"4StoryEG2.0" = 4StoryEG
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Mythology 1.0" = Age of Mythology
"Amnesia_is1" = Amnesia
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Axxin Wow Logo Creator" = Axxin Wow Logo Creator
"Bandoo" = Bandoo
"BC03CED5-3A47-AIDE-A9F0-F0AC06D57D23_is1" = Morrowind Czech
"BitTorrent" = BitTorrent
"BlackDream_is1" = BlackDream_v1.0
"Brothersoft Toolbar" = Brothersoft Toolbar
"BS_Player Toolbar" = BS_Player Toolbar
"BSPlayerf" = BS.Player FREE
"Cartoon Recorder_is1" = Cartoon Recorder 3.5
"CCleaner" = CCleaner
"CoD 2 čeština_is1" = CoD 2 čeština 1.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Counter-Strike: Source Texture Pack 1.00" = Counter-Strike: Source Texture Pack 1.00
"DAEMON Tools Pro" = DAEMON Tools Pro
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAX Unified" = EAX Unified
"Eurobattle.net1.26" = Eurobattle.net
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 2.70
"Fraps" = Fraps (remove only)
"GameParkClient_is1" = GamePark
"Garena Classic 2011" = Garena Classic 2011
"GoldWave v5.57" = GoldWave v5.57
"Google Chrome" = Google Chrome
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"G-Sector" = G-Sector
"Guild Wars" = Guild Wars
"Hot_MP3 Toolbar" = Hot_MP3 Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"ICCup Launcher_is1" = ICCup Launcher
"ICQToolbar" = ICQ Toolbar
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InterBase 6 Client Open Edition - 6.0.2.0" = InterBase 6 Client Open Edition - 6.0.2.0
"IP Changer Premium" = IP Changer Premium
"Kecal_is1" = Kecal 2.3.1
"Left 4 Dead" = Left 4 Dead
"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall
"LG PC Suite IV" = LG PC Suite IV
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia Game" = Mafia Game
"Marc Ecko's Getting Up - Contents Under Pressure SK_is1" = Marc Ecko's Getting Up - Contents Under Pressure SK 1.00
"MediaDoctor_is1" = MediaDoctor 2.0
"Metin2_is1" = Metin2
"mod_sobit" = m0d_s0beit_3.4
"Mozilla Firefox 4.0.1 (x86 cs)" = Mozilla Firefox 4.0.1 (x86 cs)
"Mumble" = Mumble and Murmur
"Opera 11.11.2109" = Opera 11.11
"Patch kamael.cz 1.00" = Patch kamael.cz 1.00
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"Samsung ML-1660 Series" = Údržba Samsung ML-1660 Series
"save2pc Light_is1" = save2pc Light 4.03
"Searchqu 101 MediaBar" = Windows Searchqu Toolbar
"Steam App 10180" = Call of Duty: Modern Warfare 2
"TiMoC1.1" = TiMoC
"uTorrent" = µTorrent
"Valve_0" = Valve
"Valve_1" = Valve
"Valve_2" = Valve
"W3_Frozen throne crack" = W3_Frozen throne crack
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZonerPhotoStudio12_EN_is1" = Zoner Photo Studio 12
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Warcraft III" = Warcraft III: All Products
"Wordmaster XP" = Překladač Wordmaster XP
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.5.2011 7:18:30 | Computer Name = Josef-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 14.5.2011 7:18:30 | Computer Name = Josef-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 14.5.2011 7:18:30 | Computer Name = Josef-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 14.5.2011 7:18:30 | Computer Name = Josef-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .
Error - 15.5.2011 14:52:05 | Computer Name = Josef-PC | Source = Application Hang | ID = 1002
Description = Program mc.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: 1328 Čas
spuštění: 01cc132e9d4bf770 Čas ukončení: 83 Cesta k aplikaci: H:\Users\Josef\Desktop\Baldur
,)\mc.exe ID hlášení:
Error - 16.5.2011 10:41:49 | Computer Name = Josef-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro H:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
H:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku
3. Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu
version v prvku assemblyIdentity je neplatná.
Error - 17.5.2011 12:12:05 | Computer Name = Josef-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: wmprph.exe, verze: 12.0.7600.16385, časové
razítko: 0x4a5bd018 Název chybujícího modulu: ntdll.dll, verze: 6.1.7600.16695,
časové razítko: 0x4cc7b325 Kód výjimky: 0xc0000005 Posun chyby: 0x000000000004c8f4
ID
chybujícího procesu: 0x110c Čas spuštění chybující aplikace: 0x01cc14ad26c6e3fb Cesta
k chybující aplikaci: H:\Program Files\Windows Media Player\wmprph.exe Cesta k chybujícímu
modulu: H:\Windows\SYSTEM32\ntdll.dll ID zprávy: 67f73702-80a0-11e0-abf8-a6b5f4e3c2d1
Error - 17.5.2011 14:30:46 | Computer Name = Josef-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: wmprph.exe, verze: 12.0.7600.16385, časové
razítko: 0x4a5bd018 Název chybujícího modulu: jscript.dll, verze: 5.8.7600.16762,
časové razítko: 0x4d5e1142 Kód výjimky: 0xc000041d Posun chyby: 0x0000000000016fd4
ID
chybujícího procesu: 0x110c Čas spuštění chybující aplikace: 0x01cc14ad26c6e3fb Cesta
k chybující aplikaci: H:\Program Files\Windows Media Player\wmprph.exe Cesta k chybujícímu
modulu: H:\Windows\System32\jscript.dll ID zprávy: c7bed648-80b3-11e0-abf8-a6b5f4e3c2d1
Error - 20.5.2011 10:36:05 | Computer Name = Josef-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro H:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
H:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku
3. Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu
version v prvku assemblyIdentity je neplatná.
Error - 20.5.2011 11:35:16 | Computer Name = Josef-PC | Source = Application Hang | ID = 1002
Description = Program javaw.exe verze 6.0.180.7 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
940 Čas spuštění: 01cc17024359a3f0 Čas ukončení: 39 Cesta k aplikaci: H:\Windows\SysWOW64\javaw.exe
ID
hlášení:
[ System Events ]
Error - 22.8.2011 10:25:39 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 22.8.2011 12:18:15 | Computer Name = Josef-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (18:16:59, ?22.?8.?2011) bylo neočekávané.
Error - 22.8.2011 12:18:25 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 22.8.2011 12:18:38 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 22.8.2011 12:19:10 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Avgldx64
Error - 22.8.2011 12:19:13 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 22.8.2011 12:19:14 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 22.8.2011 13:20:35 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7034
Description = Služba srvbtcclient byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 22.8.2011 13:20:35 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7034
Description = Služba srviecheck byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 22.8.2011 13:20:35 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7034
Description = Služba wxpdrivers byla neočekávaně ukončena. Tento stav nastal již
1krát.
< End of report >
Re: FcB virus.
Udelal jste to presne jak jsem to chtel - pekne rozdelene...
Ted mi dejte chvili nez se tim prokousu
Ted mi dejte chvili nez se tim prokousu
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: FcB virus.
To jsem rád,samozřejmě,počkám
Re: FcB virus.
Spustte znovu OTL
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
:otl SRV - [2011.08.20 09:35:08 | 000,382,464 | ---- | M] () [Auto | Running] -- H:\Windows\update.7.1\svchostdriver.exe -- (ddservice) SRV - [2010.04.12 23:56:48 | 000,246,520 | ---- | M] () [Auto | Running] -- H:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 92 6F C5 66 B8 CA 01 [binary data] IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.) FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=244&systemid=101&q=" FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:9000/proxy.pac" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found [2011.07.17 13:54:18 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.08.15 14:51:12 | 000,000,000 | ---D | M] (Brothersoft Community Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} [2011.08.15 22:45:19 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2011.03.29 20:14:51 | 000,000,000 | ---D | M] (Conduit Engine) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com [2011.07.17 13:53:59 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com [2010.09.06 17:42:47 | 000,000,000 | ---D | M] (Illimitux) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\illimitux@illimitux.net [2010.08.26 13:15:12 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\radiobar@toolbar [2011.08.08 20:21:56 | 000,000,000 | ---D | M] ("Ask Toolbar") -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com [2011.08.22 16:18:00 | 000,002,395 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\askcom.xml [2010.01.20 13:13:52 | 000,000,921 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\conduit.xml [2011.02.03 13:41:28 | 000,002,059 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\daemon-search.xml [2011.08.16 16:29:18 | 000,000,945 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\icqplugin.xml [2011.02.26 21:13:16 | 000,002,374 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\search.xml [2011.07.17 13:54:09 | 000,002,501 | ---- | M] () -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\SearchResults.xml File not found (No name found) -- O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O2 - BHO: (Hot MP3 Toolbar) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.) O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - H:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O3 - HKLM\..\Toolbar: (Hot MP3 Toolbar) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (Hot MP3 Toolbar) - {9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - H:\Program Files (x86)\Hot_MP3\tbHot_.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - H:\Program Files (x86)\Brothersoft\prxtbBro0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - H:\Program Files (x86)\BS_Player\tbBS_P.dll (Conduit Ltd.) O4 - HKLM..\Run: [11002160-loader2.exe] H:\Windows\Temp\11002160-loader2.exe () O4 - HKLM..\Run: [20167167-loader2.exe] H:\Windows\Temp\20167167-loader2.exe () O4 - HKLM..\Run: [23519038-loader2.exe] H:\Windows\Temp\23519038-loader2.exe () O4 - HKLM..\Run: [2809727-loader2.exe] H:\Windows\Temp\2809727-loader2.exe () O4 - HKLM..\Run: [29461405-loader2.exe] H:\Users\Josef\AppData\Local\Temp\29461405-loader2.exe () O4 - HKLM..\Run: [36151428-loader2.exe] H:\Windows\Temp\36151428-loader2.exe () O4 - HKLM..\Run: [3757569.exe] H:\Windows\Temp\3757569.exe () O4 - HKLM..\Run: [3991055.exe] H:\Users\Josef\AppData\Local\Temp\3991055.exe () O4 - HKLM..\Run: [42677668-loader2.exe] H:\Windows\Temp\42677668-loader2.exe () O4 - HKLM..\Run: [46035077-loader2.exe] H:\Windows\Temp\46035077-loader2.exe () O4 - HKLM..\Run: [46359562-loader2.exe] H:\Windows\Temp\46359562-loader2.exe () O4 - HKLM..\Run: [4StoryPrePatch] H:\Program Files (x86)\4Storko\PrePatch.exe (Zamiinc) O4 - HKLM..\Run: [5157460-loader2.exe] H:\Windows\TEMP\5157460-loader2.exe () O4 - HKLM..\Run: [55220678-loader2.exe] H:\Windows\Temp\55220678-loader2.exe () O4 - HKLM..\Run: [5651145.exe] H:\Windows\Temp\5651145.exe () O4 - HKLM..\Run: [57123688-loader2.exe] H:\Windows\Temp\57123688-loader2.exe () O4 - HKLM..\Run: [6174124.exe] H:\Windows\Temp\6174124.exe () O4 - HKLM..\Run: [65913245-loader2.exe] H:\Windows\Temp\65913245-loader2.exe () O4 - HKLM..\Run: [68897641-loader2.exe] H:\Windows\Temp\68897641-loader2.exe () O4 - HKLM..\Run: [72619303-loader2.exe] H:\Windows\Temp\72619303-loader2.exe () O4 - HKLM..\Run: [82227236-loader2.exe] H:\Windows\Temp\82227236-loader2.exe () O4 - HKLM..\Run: [90226483-loader2.exe] H:\Windows\Temp\90226483-loader2.exe () O4 - HKLM..\Run: [90841799-loader2.exe] H:\Windows\Temp\90841799-loader2.exe () O4 - HKLM..\Run: [97917401-loader2.exe] H:\Users\Josef\AppData\Local\Temp\97917401-loader2.exe () O4 - HKLM..\Run: [avast] File not found O4 - HKLM..\Run: [DATAMNGR] H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [l1rezerv.exe] H:\Windows\l1rezerv.exe () O4 - HKLM..\Run: [sysdriver32.exe] H:\Windows\sysdriver32.exe () O4 - HKLM..\Run: [sysdriver32_.exe] H:\Windows\sysdriver32_.exe () O4 - HKLM..\Run: [systemup] H:\Windows\systemup.exe () O4 - HKLM..\Run: [tray_ico] File not found O4 - HKLM..\Run: [tray_ico0] H:\Windows\update.tray-7-0\svchost.exe () O4 - HKLM..\Run: [tray_ico1] H:\Windows\update.tray-12-0\svchost.exe () O4 - HKLM..\Run: [tray_ico2] File not found O4 - HKLM..\Run: [tray_ico3] File not found O4 - HKLM..\Run: [tray_ico4] File not found O4 - HKLM..\Run: [wxpdrv] H:\Windows\services32.exe () O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [EA Core] File not found O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [FlashGet 3] File not found O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [IpSharkk] File not found O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [msnmsgr] File not found O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [NVIDIA driver monitor] File not found O4 - HKU\S-1-5-21-3665194971-35141123-3770490494-1000..\Run: [Windows Update] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20:64bit: - AppInit_DLLs: (H:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (H:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (h:\progra~2\wia6eb~1\datamngr\datamngr.dll) - h:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (h:\progra~2\wia6eb~1\datamngr\iebho.dll) - h:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O31 - SafeBoot: AlternateShell - services32.exe O33 - MountPoints2\{3423ed64-ade5-11e0-a33b-a6b5f4e3c2d1}\Shell - "" = AutoRun O33 - MountPoints2\{3ee071fc-2456-11df-a478-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3f5975c0-fe15-11df-9f33-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6da4121c-b76a-11e0-b08f-a6b5f4e3c2d1}\Shell - "" = AutoRun O33 - MountPoints2\{82fbfa9b-89cc-11e0-b401-a6b5f4e3c2d1}\Shell - "" = AutoRun O33 - MountPoints2\{e1f37fa5-b5c9-11e0-9b33-a6b5f4e3c2d1}\Shell - "" = AutoRun O33 - MountPoints2\{eb968a8c-8899-11e0-8d72-a6b5f4e3c2d1}\Shell - "" = AutoRun O33 - MountPoints2\G\Shell - "" = AutoRun [2011.08.21 12:17:37 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-12-0-lnk [2011.08.21 12:17:37 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-12-0 [2011.08.20 09:38:24 | 000,000,000 | ---D | C] -- H:\Windows\ufa [2011.08.20 09:38:24 | 000,000,000 | ---D | C] -- H:\Windows\rpcminer [2011.08.20 09:38:24 | 000,000,000 | ---D | C] -- H:\Windows\phoenix [2011.08.20 09:35:59 | 000,000,000 | -H-D | C] -- H:\Windows\update.5.0 [2011.08.20 09:35:27 | 000,000,000 | -H-D | C] -- H:\Windows\update.2 [2011.08.20 09:35:09 | 000,000,000 | -H-D | C] -- H:\Windows\update.7.1 [2011.08.20 09:30:52 | 000,000,000 | ---D | C] -- H:\Windows\av_ico [2011.08.20 09:29:20 | 000,000,000 | -H-D | C] -- H:\Windows\update.1 [2011.08.20 09:29:19 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-7-0-lnk [2011.08.20 09:29:19 | 000,000,000 | -H-D | C] -- H:\Windows\update.tray-7-0 [1 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ] [1 H:\Windows\SysNative\drivers\*.tmp files -> H:\Windows\SysNative\drivers\*.tmp -> ] [1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ] [2011.08.22 19:49:03 | 000,000,286 | -H-- | M] () -- H:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.08.22 19:35:00 | 000,000,950 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.22 18:19:50 | 005,589,370 | ---- | M] () -- H:\Windows\phoenix.rar [2011.08.22 18:19:50 | 001,075,284 | ---- | M] () -- H:\Windows\rpcminer.rar [2011.08.22 18:19:50 | 000,246,272 | ---- | M] () -- H:\Windows\unrar.exe [2011.08.22 18:19:50 | 000,182,617 | ---- | M] () -- H:\Windows\ufa.rar [2011.08.22 18:18:52 | 000,000,734 | ---- | M] () -- H:\Windows\SysNative\drivers\etc\hîsts [2011.08.22 18:18:28 | 000,000,946 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.22 18:18:25 | 000,000,458 | ---- | M] () -- H:\Windows\tasks\RegPowerClean.job [2011.08.22 15:11:52 | 000,000,202 | ---- | M] () -- H:\Windows\info1 [2011.08.22 15:11:51 | 000,137,728 | ---- | M] () -- H:\Windows\systemup.exe [2011.08.20 09:36:29 | 000,232,960 | ---- | M] () -- H:\Windows\l1rezerv.exe [2011.08.20 09:33:31 | 000,904,792 | ---- | M] () -- H:\Windows\geoiplist.rar [2011.08.20 09:32:04 | 000,000,000 | ---- | M] () -- H:\Windows\loader2.exe_ok [2011.08.20 09:31:10 | 000,258,048 | ---- | M] () -- H:\Windows\sysdriver32_.exe [2011.08.20 09:31:10 | 000,258,048 | ---- | M] () -- H:\Windows\sysdriver32.exe [2011.08.20 09:17:17 | 001,182,208 | ---- | M] () -- H:\Windows\services32.exe [2011.08.20 09:17:17 | 001,182,208 | ---- | M] () -- H:\Users\Josef\Desktop\Flash-Player.exe [2011.08.20 09:38:23 | 005,589,370 | ---- | C] () -- H:\Windows\phoenix.rar [2011.08.20 09:38:23 | 001,075,284 | ---- | C] () -- H:\Windows\rpcminer.rar [2011.08.20 09:38:23 | 000,182,617 | ---- | C] () -- H:\Windows\ufa.rar [2011.08.20 09:36:33 | 000,232,960 | ---- | C] () -- H:\Windows\l1rezerv.exe [2011.08.20 09:35:09 | 000,000,202 | ---- | C] () -- H:\Windows\info1 [2011.08.20 09:33:33 | 004,636,907 | ---- | C] () -- H:\Windows\geoiplist [2011.08.20 09:33:31 | 000,904,792 | ---- | C] () -- H:\Windows\geoiplist.rar [2011.08.20 09:33:31 | 000,246,272 | ---- | C] () -- H:\Windows\unrar.exe [2011.08.20 09:31:59 | 000,000,000 | ---- | C] () -- H:\Windows\loader2.exe_ok [2011.08.20 09:31:56 | 000,258,048 | ---- | C] () -- H:\Windows\sysdriver32_.exe [2011.08.20 09:31:42 | 000,258,048 | ---- | C] () -- H:\Windows\sysdriver32.exe [2011.08.20 09:18:06 | 001,182,208 | ---- | C] () -- H:\Windows\services32.exe [2011.08.20 09:17:12 | 001,182,208 | ---- | C] () -- H:\Users\Josef\Desktop\Flash-Player.exe [2011.08.22 19:49:03 | 000,000,286 | -H-- | M] () -- H:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.08.22 18:18:25 | 000,000,458 | ---- | M] () -- H:\Windows\Tasks\RegPowerClean.job [2011.02.11 10:29:22 | 000,000,444 | ---- | M] () -- H:\Windows\Tasks\RPCReminder.job [1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ] [1 H:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> H:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ] [10 H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ] [3 H:\Windows\Installer\*.tmp files -> H:\Windows\Installer\*.tmp -> ] [1 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ] [1 H:\Windows\SysWOW64\*.tmp files -> H:\Windows\SysWOW64\*.tmp -> ] [65 H:\Windows\Temp\*.tmp files -> H:\Windows\Temp\*.tmp -> ] [2011.05.11 18:46:59 | 003,485,576 | ---- | M] (Ask) -- H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe :services gupdate gupdatem gusvc :reg [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "H:\Users\Josef\Desktop\Flash-Player.exe"=- "H:\Windows\update.1\svchost.exe"=- "H:\Windows\update.tray-7-0\svchost.exe"=- "H:\Windows\update.2\svchost.exe"=- :files H:\Windows\update.7.1 H:\Program Files (x86)\Ask.com H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar H:\Program Files (x86)\DAEMON Tools Toolbar H:\Program Files (x86)\Windows Searchqu Toolbar H:\Windows\ufa H:\Program Files (x86)\ICQ6Toolbar %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Nasledne kliknete na Opravit
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: FcB virus.
ty okénka a stáří souboru mám nechat být ? či je upravit jako minule ?
Re: FcB virus.
Nechte je byt, ty nastavuji skenovani, my uz budem opravovat - nemaji okenka na opravu vliv
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: FcB virus.
log:
All processes killed
========== OTL ==========
Service ddservice stopped successfully!
Service ddservice deleted successfully!
H:\Windows\update.7.1\svchostdriver.exe moved successfully.
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
H:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9384bd4c-dd14-4be9-80f7-f6277511e4f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ deleted successfully.
H:\Program Files (x86)\Hot_MP3\tbHot_.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ deleted successfully.
H:\Program Files (x86)\Brothersoft\prxtbBro0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
H:\Program Files (x86)\BS_Player\tbBS_P.dll moved successfully.
HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9384bd4c-dd14-4be9-80f7-f6277511e4f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
File H:\Program Files (x86)\Hot_MP3\tbHot_.dll not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.
File H:\Program Files (x86)\Brothersoft\prxtbBro0.dll not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File H:\Program Files (x86)\BS_Player\tbBS_P.dll not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "BS Player Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.as ... earchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: radiobar@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: DTToolbar@toolbarnet.com:1.1.2.0185 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.11.3.15590 removed from extensions.enabledItems
Prefs.js: battlefieldheroespatcher@ea.com:4.0.53.0 removed from extensions.enabledItems
Prefs.js: illimitux@illimitux.net:4.0 removed from extensions.enabledItems
Prefs.js: "http://dts.search-results.com/sr?src=ff ... mid=101&q=" removed from keyword.URL
Prefs.js: "http://127.0.0.1:9000/proxy.pac" removed from network.proxy.autoconfig_url
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\searchplugin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\modules folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\META-INF folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\defaults folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\modules folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\META-INF folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\lib folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\defaults folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com\content\creatives folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com\content folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\illimitux@illimitux.net\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\illimitux@illimitux.net folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\radiobar@toolbar\META-INF folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\radiobar@toolbar\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\radiobar@toolbar\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\radiobar@toolbar folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\logs folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\defaults folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\datastore folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-21-Apr-2010-17-55-37-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-08-Dec-2010-06-04-24-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-22-Jun-2010-14-41-33-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-15-Mar-2011-12-52-46-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-12-Jul-2011-18-00-54-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-12-Jul-2011-16-22-55-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Jun-2010-16-52-55-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-28-Apr-2011-13-46-10-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-24-Feb-2011-14-44-48-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-14-Oct-2010-15-27-30-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-10-Feb-2011-14-48-10-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-08-Aug-2011-18-16-19-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-08-Aug-2011-15-51-00-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-28-Jan-2011-12-53-05-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-24-Sep-2010-18-34-35-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-06-Aug-2010-14-01-37-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-04-Jun-2010-14-36-48-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\askcom.xml moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\conduit.xml moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\daemon-search.xml moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\icqplugin.xml moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\search.xml moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\SearchResults.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
H:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
File H:\Program Files (x86)\Hot_MP3\tbHot_.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.
File H:\Program Files (x86)\Brothersoft\prxtbBro0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
H:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File H:\Program Files (x86)\BS_Player\tbBS_P.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9384bd4c-dd14-4be9-80f7-f6277511e4f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
File H:\Program Files (x86)\Hot_MP3\tbHot_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.
File H:\Program Files (x86)\Brothersoft\prxtbBro0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File H:\Program Files (x86)\BS_Player\tbBS_P.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9384BD4C-DD14-4BE9-80F7-F6277511E4F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}\ not found.
File H:\Program Files (x86)\Hot_MP3\tbHot_.dll not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}\ not found.
File H:\Program Files (x86)\Brothersoft\prxtbBro0.dll not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}\ not found.
File H:\Program Files (x86)\BS_Player\tbBS_P.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\11002160-loader2.exe deleted successfully.
H:\Windows\Temp\11002160-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\20167167-loader2.exe deleted successfully.
H:\Windows\Temp\20167167-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\23519038-loader2.exe deleted successfully.
H:\Windows\Temp\23519038-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\2809727-loader2.exe deleted successfully.
H:\Windows\Temp\2809727-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\29461405-loader2.exe deleted successfully.
H:\Users\Josef\AppData\Local\Temp\29461405-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\36151428-loader2.exe deleted successfully.
H:\Windows\Temp\36151428-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\3757569.exe deleted successfully.
H:\Windows\Temp\3757569.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\3991055.exe deleted successfully.
H:\Users\Josef\AppData\Local\Temp\3991055.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\42677668-loader2.exe deleted successfully.
H:\Windows\Temp\42677668-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\46035077-loader2.exe deleted successfully.
H:\Windows\Temp\46035077-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\46359562-loader2.exe deleted successfully.
H:\Windows\Temp\46359562-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4StoryPrePatch deleted successfully.
H:\Program Files (x86)\4Storko\PrePatch.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\5157460-loader2.exe deleted successfully.
H:\Windows\Temp\5157460-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\55220678-loader2.exe deleted successfully.
H:\Windows\Temp\55220678-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\5651145.exe deleted successfully.
H:\Windows\Temp\5651145.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\57123688-loader2.exe deleted successfully.
H:\Windows\Temp\57123688-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\6174124.exe deleted successfully.
H:\Windows\Temp\6174124.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\65913245-loader2.exe deleted successfully.
H:\Windows\Temp\65913245-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\68897641-loader2.exe deleted successfully.
H:\Windows\Temp\68897641-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\72619303-loader2.exe deleted successfully.
H:\Windows\Temp\72619303-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\82227236-loader2.exe deleted successfully.
H:\Windows\Temp\82227236-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\90226483-loader2.exe deleted successfully.
H:\Windows\Temp\90226483-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\90841799-loader2.exe deleted successfully.
H:\Windows\Temp\90841799-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\97917401-loader2.exe deleted successfully.
H:\Users\Josef\AppData\Local\Temp\97917401-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully.
H:\Windows\l1rezerv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.
H:\Windows\sysdriver32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.
H:\Windows\sysdriver32_.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\systemup deleted successfully.
H:\Windows\systemup.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.
H:\Windows\update.tray-7-0\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
H:\Windows\update.tray-12-0\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.
H:\Windows\services32.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FlashGet 3 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IpSharkk deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Update deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
H:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:H:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:H:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:h:\progra~2\wia6eb~1\datamngr\datamngr.dll deleted successfully.
h:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:h:\progra~2\wia6eb~1\datamngr\iebho.dll deleted successfully.
h:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3423ed64-ade5-11e0-a33b-a6b5f4e3c2d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3423ed64-ade5-11e0-a33b-a6b5f4e3c2d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ee071fc-2456-11df-a478-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ee071fc-2456-11df-a478-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f5975c0-fe15-11df-9f33-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f5975c0-fe15-11df-9f33-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6da4121c-b76a-11e0-b08f-a6b5f4e3c2d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6da4121c-b76a-11e0-b08f-a6b5f4e3c2d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82fbfa9b-89cc-11e0-b401-a6b5f4e3c2d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82fbfa9b-89cc-11e0-b401-a6b5f4e3c2d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1f37fa5-b5c9-11e0-9b33-a6b5f4e3c2d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1f37fa5-b5c9-11e0-9b33-a6b5f4e3c2d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb968a8c-8899-11e0-8d72-a6b5f4e3c2d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb968a8c-8899-11e0-8d72-a6b5f4e3c2d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
H:\Windows\update.tray-12-0-lnk folder moved successfully.
H:\Windows\update.tray-12-0 folder moved successfully.
Folder move failed. H:\Windows\ufa scheduled to be moved on reboot.
H:\Windows\rpcminer folder moved successfully.
H:\Windows\phoenix\kernels\poclbm folder moved successfully.
H:\Windows\phoenix\kernels\phatk folder moved successfully.
H:\Windows\phoenix\kernels folder moved successfully.
H:\Windows\phoenix folder moved successfully.
H:\Windows\update.5.0 folder moved successfully.
H:\Windows\update.2 folder moved successfully.
H:\Windows\update.7.1 folder moved successfully.
H:\Windows\av_ico folder moved successfully.
H:\Windows\update.1 folder moved successfully.
H:\Windows\update.tray-7-0-lnk folder moved successfully.
H:\Windows\update.tray-7-0 folder moved successfully.
H:\Windows\SysWow64\ConduitEngine.tmp deleted successfully.
H:\Windows\SysNative\drivers\SET5DFB.tmp deleted successfully.
H:\Windows\msdownld.tmp folder deleted successfully.
H:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
H:\Windows\phoenix.rar moved successfully.
H:\Windows\rpcminer.rar moved successfully.
H:\Windows\unrar.exe moved successfully.
H:\Windows\ufa.rar moved successfully.
H:\Windows\SysNative\drivers\etc\hîsts moved successfully.
H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
H:\Windows\Tasks\RegPowerClean.job moved successfully.
H:\Windows\info1 moved successfully.
File H:\Windows\systemup.exe not found.
File H:\Windows\l1rezerv.exe not found.
H:\Windows\geoiplist.rar moved successfully.
H:\Windows\loader2.exe_ok moved successfully.
File H:\Windows\sysdriver32_.exe not found.
File H:\Windows\sysdriver32.exe not found.
File H:\Windows\services32.exe not found.
H:\Users\Josef\Desktop\Flash-Player.exe moved successfully.
File H:\Windows\phoenix.rar not found.
File H:\Windows\rpcminer.rar not found.
File H:\Windows\ufa.rar not found.
File H:\Windows\l1rezerv.exe not found.
File H:\Windows\info1 not found.
H:\Windows\geoiplist moved successfully.
File H:\Windows\geoiplist.rar not found.
File H:\Windows\unrar.exe not found.
File H:\Windows\loader2.exe_ok not found.
File H:\Windows\sysdriver32_.exe not found.
File H:\Windows\sysdriver32.exe not found.
File H:\Windows\services32.exe not found.
File H:\Users\Josef\Desktop\Flash-Player.exe not found.
File H:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File H:\Windows\Tasks\RegPowerClean.job not found.
H:\Windows\Tasks\RPCReminder.job moved successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP255B.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP33BE.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4E0A.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5FE1.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9C42.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB5A8.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD137.tmp\MMCFxCommon.dll deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD137.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEEAA.tmp folder deleted successfully.
H:\Windows\Installer\MSI1B7.tmp deleted successfully.
H:\Windows\Installer\MSI8B61.tmp deleted successfully.
H:\Windows\Installer\MSIFD10.tmp deleted successfully.
H:\Windows\Temp\CR_17B02.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
H:\Windows\Temp\CR_17B02.tmp folder deleted successfully.
H:\Windows\Temp\GURB3C4.tmp deleted successfully.
H:\Windows\Temp\OCL199.tmp deleted successfully.
H:\Windows\Temp\OCL23D7.tmp deleted successfully.
H:\Windows\Temp\OCL281.tmp deleted successfully.
H:\Windows\Temp\OCL2DD4.tmp deleted successfully.
H:\Windows\Temp\OCL2FF6.tmp deleted successfully.
H:\Windows\Temp\OCL32E3.tmp deleted successfully.
H:\Windows\Temp\OCL392A.tmp deleted successfully.
H:\Windows\Temp\OCL3AA.tmp deleted successfully.
H:\Windows\Temp\OCL3BBA.tmp deleted successfully.
H:\Windows\Temp\OCL425E.tmp deleted successfully.
H:\Windows\Temp\OCL5301.tmp deleted successfully.
H:\Windows\Temp\OCL54B4.tmp deleted successfully.
H:\Windows\Temp\OCL59B4.tmp deleted successfully.
H:\Windows\Temp\OCL5A41.tmp deleted successfully.
H:\Windows\Temp\OCL60F5.tmp deleted successfully.
H:\Windows\Temp\OCL644F.tmp deleted successfully.
H:\Windows\Temp\OCL66CF.tmp deleted successfully.
H:\Windows\Temp\OCL675C.tmp deleted successfully.
H:\Windows\Temp\OCL6BCE.tmp deleted successfully.
H:\Windows\Temp\OCL6DA1.tmp deleted successfully.
H:\Windows\Temp\OCL74F3.tmp deleted successfully.
H:\Windows\Temp\OCL76D6.tmp deleted successfully.
H:\Windows\Temp\OCL787D.tmp deleted successfully.
H:\Windows\Temp\OCL7993.tmp deleted successfully.
H:\Windows\Temp\OCL7DE.tmp deleted successfully.
H:\Windows\Temp\OCL7F4E.tmp deleted successfully.
H:\Windows\Temp\OCL83B2.tmp deleted successfully.
H:\Windows\Temp\OCL84F8.tmp deleted successfully.
H:\Windows\Temp\OCL8E2D.tmp deleted successfully.
H:\Windows\Temp\OCL904F.tmp deleted successfully.
H:\Windows\Temp\OCL926.tmp deleted successfully.
H:\Windows\Temp\OCL9ACA.tmp deleted successfully.
H:\Windows\Temp\OCL9E90.tmp deleted successfully.
H:\Windows\Temp\OCLA12F.tmp deleted successfully.
H:\Windows\Temp\OCLA1CC.tmp deleted successfully.
H:\Windows\Temp\OCLA4A8.tmp deleted successfully.
H:\Windows\Temp\OCLA8C.tmp deleted successfully.
H:\Windows\Temp\OCLA998.tmp deleted successfully.
H:\Windows\Temp\OCLAAC0.tmp deleted successfully.
H:\Windows\Temp\OCLB02D.tmp deleted successfully.
H:\Windows\Temp\OCLBC.tmp deleted successfully.
H:\Windows\Temp\OCLBD55.tmp deleted successfully.
H:\Windows\Temp\OCLC449.tmp deleted successfully.
H:\Windows\Temp\OCLC65C.tmp deleted successfully.
H:\Windows\Temp\OCLCC35.tmp deleted successfully.
H:\Windows\Temp\OCLCF03.tmp deleted successfully.
H:\Windows\Temp\OCLCFCE.tmp deleted successfully.
H:\Windows\Temp\OCLD578.tmp deleted successfully.
H:\Windows\Temp\OCLD6C0.tmp deleted successfully.
H:\Windows\Temp\OCLE1C7.tmp deleted successfully.
H:\Windows\Temp\OCLECA1.tmp deleted successfully.
H:\Windows\Temp\OCLF1EE.tmp deleted successfully.
H:\Windows\Temp\OCLF20D.tmp deleted successfully.
H:\Windows\Temp\OCLF400.tmp deleted successfully.
H:\Windows\Temp\OCLFA27.tmp deleted successfully.
H:\Windows\Temp\OCLFD33.tmp deleted successfully.
H:\Windows\Temp\OLD2F1F.tmp deleted successfully.
H:\Windows\Temp\OLD5DCC.tmp deleted successfully.
H:\Windows\Temp\RGI4266.tmp deleted successfully.
H:\Windows\Temp\RGI4266.tmp-tmp deleted successfully.
H:\Windows\Temp\RGIDFF6.tmp deleted successfully.
H:\Windows\Temp\RGIDFF6.tmp-tmp deleted successfully.
H:\Windows\Temp\TS_CDC9.tmp deleted successfully.
File H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe not found.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Users\Josef\Desktop\Flash-Player.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Windows\update.1\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Windows\update.tray-7-0\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Windows\update.2\svchost.exe deleted successfully.
========== FILES ==========
File\Folder H:\Windows\update.7.1 not found.
File\Folder H:\Program Files (x86)\Ask.com not found.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\components folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\data folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar folder moved successfully.
File\Folder H:\Program Files (x86)\DAEMON Tools Toolbar not found.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64 folder moved successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension folder moved successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr folder moved successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar folder moved successfully.
Folder move failed. H:\Windows\ufa scheduled to be moved on reboot.
H:\Program Files (x86)\ICQ6Toolbar folder moved successfully.
File/Folder H:\Windows\system32\*.tmp.dll not found.
File/Folder H:\Windows\system32\SET*.tmp not found.
File/Folder H:\Windows\*.tmp not found.
========== COMMANDS ==========
H:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: GN0SYS
->Temp folder emptied: 44474 bytes
->Temporary Internet Files folder emptied: 12129792 bytes
->Opera cache emptied: 18518008 bytes
->Flash cache emptied: 42363 bytes
User: Josef
->Temp folder emptied: 1340059954 bytes
->Temporary Internet Files folder emptied: 30860886 bytes
->Java cache emptied: 39324303 bytes
->FireFox cache emptied: 58416719 bytes
->Google Chrome cache emptied: 7785410 bytes
->Opera cache emptied: 363735557 bytes
->Flash cache emptied: 148003 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 260642565 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50574 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2 033,00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: GN0SYS
->Flash cache emptied: 0 bytes
User: Josef
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 08222011_205037
Files\Folders moved on Reboot...
H:\Windows\ufa folder moved successfully.
H:\Users\Josef\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
Service ddservice stopped successfully!
Service ddservice deleted successfully!
H:\Windows\update.7.1\svchostdriver.exe moved successfully.
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
H:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9384bd4c-dd14-4be9-80f7-f6277511e4f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ deleted successfully.
H:\Program Files (x86)\Hot_MP3\tbHot_.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ deleted successfully.
H:\Program Files (x86)\Brothersoft\prxtbBro0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
H:\Program Files (x86)\BS_Player\tbBS_P.dll moved successfully.
HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3665194971-35141123-3770490494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9384bd4c-dd14-4be9-80f7-f6277511e4f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
File H:\Program Files (x86)\Hot_MP3\tbHot_.dll not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.
File H:\Program Files (x86)\Brothersoft\prxtbBro0.dll not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File H:\Program Files (x86)\BS_Player\tbBS_P.dll not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "BS Player Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.as ... earchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: radiobar@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: DTToolbar@toolbarnet.com:1.1.2.0185 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.11.3.15590 removed from extensions.enabledItems
Prefs.js: battlefieldheroespatcher@ea.com:4.0.53.0 removed from extensions.enabledItems
Prefs.js: illimitux@illimitux.net:4.0 removed from extensions.enabledItems
Prefs.js: "http://dts.search-results.com/sr?src=ff ... mid=101&q=" removed from keyword.URL
Prefs.js: "http://127.0.0.1:9000/proxy.pac" removed from network.proxy.autoconfig_url
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\searchplugin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\modules folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\META-INF folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\defaults folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\modules folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\META-INF folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\lib folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\defaults folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\engine@conduit.com folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com\content\creatives folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com\content folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\ffox@bandoo.com folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\illimitux@illimitux.net\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\illimitux@illimitux.net folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\radiobar@toolbar\META-INF folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\radiobar@toolbar\components folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\radiobar@toolbar\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\radiobar@toolbar folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\logs folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\defaults folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\datastore folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-21-Apr-2010-17-55-37-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-08-Dec-2010-06-04-24-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-22-Jun-2010-14-41-33-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-15-Mar-2011-12-52-46-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-12-Jul-2011-18-00-54-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-12-Jul-2011-16-22-55-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Jun-2010-16-52-55-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-28-Apr-2011-13-46-10-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-24-Feb-2011-14-44-48-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-14-Oct-2010-15-27-30-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-10-Feb-2011-14-48-10-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-08-Aug-2011-18-16-19-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-08-Aug-2011-15-51-00-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-28-Jan-2011-12-53-05-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-24-Sep-2010-18-34-35-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-06-Aug-2010-14-01-37-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-04-Jun-2010-14-36-48-GMT folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com folder moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\askcom.xml moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\conduit.xml moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\daemon-search.xml moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\icqplugin.xml moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\search.xml moved successfully.
H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\searchplugins\SearchResults.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
H:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
File H:\Program Files (x86)\Hot_MP3\tbHot_.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.
File H:\Program Files (x86)\Brothersoft\prxtbBro0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
H:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File H:\Program Files (x86)\BS_Player\tbBS_P.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File H:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9384bd4c-dd14-4be9-80f7-f6277511e4f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
File H:\Program Files (x86)\Hot_MP3\tbHot_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.
File H:\Program Files (x86)\Brothersoft\prxtbBro0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File H:\Program Files (x86)\BS_Player\tbBS_P.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9384BD4C-DD14-4BE9-80F7-F6277511E4F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}\ not found.
File H:\Program Files (x86)\Hot_MP3\tbHot_.dll not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}\ not found.
File H:\Program Files (x86)\Brothersoft\prxtbBro0.dll not found.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}\ not found.
File H:\Program Files (x86)\BS_Player\tbBS_P.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\11002160-loader2.exe deleted successfully.
H:\Windows\Temp\11002160-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\20167167-loader2.exe deleted successfully.
H:\Windows\Temp\20167167-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\23519038-loader2.exe deleted successfully.
H:\Windows\Temp\23519038-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\2809727-loader2.exe deleted successfully.
H:\Windows\Temp\2809727-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\29461405-loader2.exe deleted successfully.
H:\Users\Josef\AppData\Local\Temp\29461405-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\36151428-loader2.exe deleted successfully.
H:\Windows\Temp\36151428-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\3757569.exe deleted successfully.
H:\Windows\Temp\3757569.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\3991055.exe deleted successfully.
H:\Users\Josef\AppData\Local\Temp\3991055.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\42677668-loader2.exe deleted successfully.
H:\Windows\Temp\42677668-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\46035077-loader2.exe deleted successfully.
H:\Windows\Temp\46035077-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\46359562-loader2.exe deleted successfully.
H:\Windows\Temp\46359562-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4StoryPrePatch deleted successfully.
H:\Program Files (x86)\4Storko\PrePatch.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\5157460-loader2.exe deleted successfully.
H:\Windows\Temp\5157460-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\55220678-loader2.exe deleted successfully.
H:\Windows\Temp\55220678-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\5651145.exe deleted successfully.
H:\Windows\Temp\5651145.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\57123688-loader2.exe deleted successfully.
H:\Windows\Temp\57123688-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\6174124.exe deleted successfully.
H:\Windows\Temp\6174124.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\65913245-loader2.exe deleted successfully.
H:\Windows\Temp\65913245-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\68897641-loader2.exe deleted successfully.
H:\Windows\Temp\68897641-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\72619303-loader2.exe deleted successfully.
H:\Windows\Temp\72619303-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\82227236-loader2.exe deleted successfully.
H:\Windows\Temp\82227236-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\90226483-loader2.exe deleted successfully.
H:\Windows\Temp\90226483-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\90841799-loader2.exe deleted successfully.
H:\Windows\Temp\90841799-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\97917401-loader2.exe deleted successfully.
H:\Users\Josef\AppData\Local\Temp\97917401-loader2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully.
H:\Windows\l1rezerv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.
H:\Windows\sysdriver32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.
H:\Windows\sysdriver32_.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\systemup deleted successfully.
H:\Windows\systemup.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.
H:\Windows\update.tray-7-0\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
H:\Windows\update.tray-12-0\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.
H:\Windows\services32.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FlashGet 3 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IpSharkk deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Update deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
H:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:H:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:H:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll deleted successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:h:\progra~2\wia6eb~1\datamngr\datamngr.dll deleted successfully.
h:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:h:\progra~2\wia6eb~1\datamngr\iebho.dll deleted successfully.
h:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3423ed64-ade5-11e0-a33b-a6b5f4e3c2d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3423ed64-ade5-11e0-a33b-a6b5f4e3c2d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ee071fc-2456-11df-a478-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ee071fc-2456-11df-a478-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f5975c0-fe15-11df-9f33-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f5975c0-fe15-11df-9f33-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6da4121c-b76a-11e0-b08f-a6b5f4e3c2d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6da4121c-b76a-11e0-b08f-a6b5f4e3c2d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82fbfa9b-89cc-11e0-b401-a6b5f4e3c2d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82fbfa9b-89cc-11e0-b401-a6b5f4e3c2d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1f37fa5-b5c9-11e0-9b33-a6b5f4e3c2d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1f37fa5-b5c9-11e0-9b33-a6b5f4e3c2d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb968a8c-8899-11e0-8d72-a6b5f4e3c2d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb968a8c-8899-11e0-8d72-a6b5f4e3c2d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
H:\Windows\update.tray-12-0-lnk folder moved successfully.
H:\Windows\update.tray-12-0 folder moved successfully.
Folder move failed. H:\Windows\ufa scheduled to be moved on reboot.
H:\Windows\rpcminer folder moved successfully.
H:\Windows\phoenix\kernels\poclbm folder moved successfully.
H:\Windows\phoenix\kernels\phatk folder moved successfully.
H:\Windows\phoenix\kernels folder moved successfully.
H:\Windows\phoenix folder moved successfully.
H:\Windows\update.5.0 folder moved successfully.
H:\Windows\update.2 folder moved successfully.
H:\Windows\update.7.1 folder moved successfully.
H:\Windows\av_ico folder moved successfully.
H:\Windows\update.1 folder moved successfully.
H:\Windows\update.tray-7-0-lnk folder moved successfully.
H:\Windows\update.tray-7-0 folder moved successfully.
H:\Windows\SysWow64\ConduitEngine.tmp deleted successfully.
H:\Windows\SysNative\drivers\SET5DFB.tmp deleted successfully.
H:\Windows\msdownld.tmp folder deleted successfully.
H:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
H:\Windows\phoenix.rar moved successfully.
H:\Windows\rpcminer.rar moved successfully.
H:\Windows\unrar.exe moved successfully.
H:\Windows\ufa.rar moved successfully.
H:\Windows\SysNative\drivers\etc\hîsts moved successfully.
H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
H:\Windows\Tasks\RegPowerClean.job moved successfully.
H:\Windows\info1 moved successfully.
File H:\Windows\systemup.exe not found.
File H:\Windows\l1rezerv.exe not found.
H:\Windows\geoiplist.rar moved successfully.
H:\Windows\loader2.exe_ok moved successfully.
File H:\Windows\sysdriver32_.exe not found.
File H:\Windows\sysdriver32.exe not found.
File H:\Windows\services32.exe not found.
H:\Users\Josef\Desktop\Flash-Player.exe moved successfully.
File H:\Windows\phoenix.rar not found.
File H:\Windows\rpcminer.rar not found.
File H:\Windows\ufa.rar not found.
File H:\Windows\l1rezerv.exe not found.
File H:\Windows\info1 not found.
H:\Windows\geoiplist moved successfully.
File H:\Windows\geoiplist.rar not found.
File H:\Windows\unrar.exe not found.
File H:\Windows\loader2.exe_ok not found.
File H:\Windows\sysdriver32_.exe not found.
File H:\Windows\sysdriver32.exe not found.
File H:\Windows\services32.exe not found.
File H:\Users\Josef\Desktop\Flash-Player.exe not found.
File H:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File H:\Windows\Tasks\RegPowerClean.job not found.
H:\Windows\Tasks\RPCReminder.job moved successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP255B.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP33BE.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4E0A.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5FE1.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9C42.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB5A8.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD137.tmp\MMCFxCommon.dll deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD137.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
H:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEEAA.tmp folder deleted successfully.
H:\Windows\Installer\MSI1B7.tmp deleted successfully.
H:\Windows\Installer\MSI8B61.tmp deleted successfully.
H:\Windows\Installer\MSIFD10.tmp deleted successfully.
H:\Windows\Temp\CR_17B02.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
H:\Windows\Temp\CR_17B02.tmp folder deleted successfully.
H:\Windows\Temp\GURB3C4.tmp deleted successfully.
H:\Windows\Temp\OCL199.tmp deleted successfully.
H:\Windows\Temp\OCL23D7.tmp deleted successfully.
H:\Windows\Temp\OCL281.tmp deleted successfully.
H:\Windows\Temp\OCL2DD4.tmp deleted successfully.
H:\Windows\Temp\OCL2FF6.tmp deleted successfully.
H:\Windows\Temp\OCL32E3.tmp deleted successfully.
H:\Windows\Temp\OCL392A.tmp deleted successfully.
H:\Windows\Temp\OCL3AA.tmp deleted successfully.
H:\Windows\Temp\OCL3BBA.tmp deleted successfully.
H:\Windows\Temp\OCL425E.tmp deleted successfully.
H:\Windows\Temp\OCL5301.tmp deleted successfully.
H:\Windows\Temp\OCL54B4.tmp deleted successfully.
H:\Windows\Temp\OCL59B4.tmp deleted successfully.
H:\Windows\Temp\OCL5A41.tmp deleted successfully.
H:\Windows\Temp\OCL60F5.tmp deleted successfully.
H:\Windows\Temp\OCL644F.tmp deleted successfully.
H:\Windows\Temp\OCL66CF.tmp deleted successfully.
H:\Windows\Temp\OCL675C.tmp deleted successfully.
H:\Windows\Temp\OCL6BCE.tmp deleted successfully.
H:\Windows\Temp\OCL6DA1.tmp deleted successfully.
H:\Windows\Temp\OCL74F3.tmp deleted successfully.
H:\Windows\Temp\OCL76D6.tmp deleted successfully.
H:\Windows\Temp\OCL787D.tmp deleted successfully.
H:\Windows\Temp\OCL7993.tmp deleted successfully.
H:\Windows\Temp\OCL7DE.tmp deleted successfully.
H:\Windows\Temp\OCL7F4E.tmp deleted successfully.
H:\Windows\Temp\OCL83B2.tmp deleted successfully.
H:\Windows\Temp\OCL84F8.tmp deleted successfully.
H:\Windows\Temp\OCL8E2D.tmp deleted successfully.
H:\Windows\Temp\OCL904F.tmp deleted successfully.
H:\Windows\Temp\OCL926.tmp deleted successfully.
H:\Windows\Temp\OCL9ACA.tmp deleted successfully.
H:\Windows\Temp\OCL9E90.tmp deleted successfully.
H:\Windows\Temp\OCLA12F.tmp deleted successfully.
H:\Windows\Temp\OCLA1CC.tmp deleted successfully.
H:\Windows\Temp\OCLA4A8.tmp deleted successfully.
H:\Windows\Temp\OCLA8C.tmp deleted successfully.
H:\Windows\Temp\OCLA998.tmp deleted successfully.
H:\Windows\Temp\OCLAAC0.tmp deleted successfully.
H:\Windows\Temp\OCLB02D.tmp deleted successfully.
H:\Windows\Temp\OCLBC.tmp deleted successfully.
H:\Windows\Temp\OCLBD55.tmp deleted successfully.
H:\Windows\Temp\OCLC449.tmp deleted successfully.
H:\Windows\Temp\OCLC65C.tmp deleted successfully.
H:\Windows\Temp\OCLCC35.tmp deleted successfully.
H:\Windows\Temp\OCLCF03.tmp deleted successfully.
H:\Windows\Temp\OCLCFCE.tmp deleted successfully.
H:\Windows\Temp\OCLD578.tmp deleted successfully.
H:\Windows\Temp\OCLD6C0.tmp deleted successfully.
H:\Windows\Temp\OCLE1C7.tmp deleted successfully.
H:\Windows\Temp\OCLECA1.tmp deleted successfully.
H:\Windows\Temp\OCLF1EE.tmp deleted successfully.
H:\Windows\Temp\OCLF20D.tmp deleted successfully.
H:\Windows\Temp\OCLF400.tmp deleted successfully.
H:\Windows\Temp\OCLFA27.tmp deleted successfully.
H:\Windows\Temp\OCLFD33.tmp deleted successfully.
H:\Windows\Temp\OLD2F1F.tmp deleted successfully.
H:\Windows\Temp\OLD5DCC.tmp deleted successfully.
H:\Windows\Temp\RGI4266.tmp deleted successfully.
H:\Windows\Temp\RGI4266.tmp-tmp deleted successfully.
H:\Windows\Temp\RGIDFF6.tmp deleted successfully.
H:\Windows\Temp\RGIDFF6.tmp-tmp deleted successfully.
H:\Windows\Temp\TS_CDC9.tmp deleted successfully.
File H:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe not found.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Users\Josef\Desktop\Flash-Player.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Windows\update.1\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Windows\update.tray-7-0\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\H:\Windows\update.2\svchost.exe deleted successfully.
========== FILES ==========
File\Folder H:\Windows\update.7.1 not found.
File\Folder H:\Program Files (x86)\Ask.com not found.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\components folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\skin folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content\data folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome\content folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\chrome folder moved successfully.
H:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar folder moved successfully.
File\Folder H:\Program Files (x86)\DAEMON Tools Toolbar not found.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64 folder moved successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension folder moved successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr folder moved successfully.
H:\Program Files (x86)\Windows Searchqu Toolbar folder moved successfully.
Folder move failed. H:\Windows\ufa scheduled to be moved on reboot.
H:\Program Files (x86)\ICQ6Toolbar folder moved successfully.
File/Folder H:\Windows\system32\*.tmp.dll not found.
File/Folder H:\Windows\system32\SET*.tmp not found.
File/Folder H:\Windows\*.tmp not found.
========== COMMANDS ==========
H:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: GN0SYS
->Temp folder emptied: 44474 bytes
->Temporary Internet Files folder emptied: 12129792 bytes
->Opera cache emptied: 18518008 bytes
->Flash cache emptied: 42363 bytes
User: Josef
->Temp folder emptied: 1340059954 bytes
->Temporary Internet Files folder emptied: 30860886 bytes
->Java cache emptied: 39324303 bytes
->FireFox cache emptied: 58416719 bytes
->Google Chrome cache emptied: 7785410 bytes
->Opera cache emptied: 363735557 bytes
->Flash cache emptied: 148003 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 260642565 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50574 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2 033,00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: GN0SYS
->Flash cache emptied: 0 bytes
User: Josef
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 08222011_205037
Files\Folders moved on Reboot...
H:\Windows\ufa folder moved successfully.
H:\Users\Josef\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Re: FcB virus.
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: FcB virus.
omboFix 11-08-22.04 - Josef 22.08.2011 22:13:19.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2013.867 [GMT 2:00]
Spuštěný z: h:\users\Josef\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
h:\games\steam.exe
H:\install.exe
h:\users\Josef\AppData\Roaming\Config
h:\users\Josef\AppData\Roaming\Config\Settings.ini
h:\windows\btc_client_iplist.txt
h:\windows\front_ip_list.txt
h:\windows\iecheck_iplist.txt
h:\windows\iplist.txt
h:\windows\proc_list1.log
h:\windows\WINDOWS
h:\windows\WINDOWS\INF\Lexmark (PCL)nt5lmpcl2a.inf
h:\windows\WINDOWS\INF\Lexmark (PS)nt5lexpsnt.inf
h:\windows\WINDOWS\SYSWOW64\DRVNPANT.DLL
h:\windows\WINDOWS\SYSWOW64\LEXCFI.DLL
h:\windows\WINDOWS\SYSWOW64\LEXDRVX.DLL
h:\windows\WINDOWS\SYSWOW64\LexFiles.log
h:\windows\WINDOWS\SYSWOW64\lexlog.dlL
h:\windows\WINDOWS\SYSWOW64\LEXMV95.HLP
h:\windows\WINDOWS\SYSWOW64\LEXPSHOW.HLP
h:\windows\WINDOWS\SYSWOW64\LMPCLHOW.HLP
h:\windows\WINDOWS\SYSWOW64\Monitor.inf
h:\windows\winlog-dirs.txt
h:\windows\winlog-ids.txt
h:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 20:26 . 2011-08-22 20:26 -------- d-----w- h:\users\GN0SYS\AppData\Local\temp
2011-08-22 20:26 . 2011-08-22 20:26 -------- d-----w- h:\users\Default\AppData\Local\temp
2011-08-22 18:50 . 2011-08-22 18:50 -------- d-----w- H:\_OTL
2011-08-22 17:37 . 2011-08-22 17:50 512 ----a-w- H:\PhysicalMBR.bin
2011-08-22 16:43 . 2011-08-22 16:52 -------- d-----w- h:\program files\trend micro
2011-08-22 16:43 . 2011-08-22 16:43 -------- d-----w- H:\rsit
2011-08-21 20:12 . 2011-08-21 20:12 -------- d-----w- h:\program files (x86)\IP Changer Premium
2011-08-21 10:03 . 2011-08-21 10:03 -------- d--h--w- h:\programdata\Common Files
2011-08-21 10:03 . 2011-08-21 10:40 -------- d-----w- h:\programdata\MFAData
2011-08-21 09:43 . 2011-07-04 11:36 600920 ----a-w- h:\windows\system32\drivers\aswSnx.sys
2011-08-20 07:56 . 2011-08-20 07:56 -------- d-----w- h:\program files (x86)\AMD APP
2011-08-19 06:39 . 2011-08-12 04:10 8862544 ----a-w- h:\programdata\Microsoft\Windows Defender\Definition Updates\{227674C3-09AD-443F-B30F-34F400C3D02D}\mpengine.dll
2011-08-15 12:33 . 2011-08-22 13:55 -------- d-----w- h:\program files (x86)\Garena Classic
2011-08-10 09:02 . 2011-06-23 05:29 5507968 ----a-w- h:\windows\system32\ntoskrnl.exe
2011-08-10 09:02 . 2011-06-23 04:38 3957120 ----a-w- h:\windows\SysWow64\ntkrnlpa.exe
2011-08-10 09:02 . 2011-06-23 04:38 3902336 ----a-w- h:\windows\SysWow64\ntoskrnl.exe
2011-08-08 16:39 . 2011-08-08 16:39 -------- d-----w- h:\program files (x86)\LogMeIn Hamachi
2011-08-04 21:51 . 2011-08-04 22:00 2829 ----a-w- h:\windows\War3Unin.pif
2011-08-04 21:51 . 2011-08-04 22:00 139264 ----a-w- h:\windows\War3Unin.exe
2011-08-04 21:49 . 2011-08-22 14:07 -------- d-----w- h:\program files (x86)\W3
2011-07-31 20:07 . 2011-07-21 12:51 -------- d-----w- h:\users\Josef\AppData\Roaming\.minecraft
2011-07-29 17:43 . 2011-07-29 17:43 -------- d-----w- h:\users\Josef\AppData\Roaming\LolClient
2011-07-26 09:42 . 2011-07-26 09:42 -------- d-----w- H:\TopCD
2011-07-26 09:17 . 2011-07-26 09:39 272448 ----a-w- h:\windows\system32\drivers\dtsoftbus01.sys
2011-07-26 09:17 . 2011-07-26 09:24 -------- d-----w- h:\program files (x86)\DAEMON Tools Pro
2011-07-24 08:13 . 2011-07-24 08:13 -------- d-----w- h:\users\Josef\AppData\Roaming\DAEMON Tools
2011-07-24 08:05 . 2011-07-24 08:06 -------- d-----w- h:\program files (x86)\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 19:32 . 2011-07-17 19:32 18328 ----a-w- h:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-16 04:32 . 2011-08-10 09:03 44032 ----a-w- h:\windows\apppatch\acwow64.dll
2011-07-15 07:59 . 2011-07-15 07:59 45056 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}\NewShortcut1_31C30ABA960848C399A3EA37FE010825.exe
2011-07-15 07:59 . 2011-07-15 07:59 45056 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}\NewShortcut2_6A293E8C50A64AF995D5612415EFFD9D.exe
2011-07-13 08:45 . 2011-06-10 09:53 404640 ----a-w- h:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-04 16:06 . 2010-05-20 17:12 214520 ----a-w- h:\windows\SysWow64\PnkBstrB.exe
2011-07-04 16:06 . 2010-03-09 14:20 214520 ----a-w- h:\windows\SysWow64\PnkBstrB.xtr
2011-07-04 11:43 . 2010-09-28 19:07 40112 ----a-w- h:\windows\avastSS.scr
2011-07-04 11:43 . 2010-09-28 19:07 199304 ----a-w- h:\windows\SysWow64\aswBoot.exe
2011-07-04 11:43 . 2011-01-25 09:07 253888 ----a-w- h:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2010-09-28 19:08 288088 ----a-w- h:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-09-28 19:08 45400 ----a-w- h:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-09-28 19:08 31064 ----a-w- h:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-09-28 19:08 64856 ----a-w- h:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-09-28 19:08 22360 ----a-w- h:\windows\system32\drivers\aswFsBlk.sys
2011-06-30 12:37 . 2011-06-30 12:37 65536 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2011-06-30 12:37 . 2011-06-30 12:37 61440 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2011-06-30 12:37 . 2011-06-30 12:37 61440 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2011-06-30 12:37 . 2011-06-30 12:37 57344 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2011-06-28 16:37 . 2010-07-21 14:34 43520 ----a-w- h:\windows\SysWow64\CmdLineExt03.dll
2011-06-11 02:56 . 2011-07-13 09:07 3134464 ----a-w- h:\windows\system32\win32k.sys
2011-06-03 11:45 . 2011-06-03 11:45 162584 ----a-w- h:\windows\system32\igfxtray.exe
2011-06-03 11:45 . 2011-06-03 11:45 510232 ----a-w- h:\windows\system32\igfxsrvc.exe
2011-06-03 11:45 . 2011-06-03 11:45 417560 ----a-w- h:\windows\system32\igfxpers.exe
2011-06-03 11:44 . 2011-06-03 11:44 224024 ----a-w- h:\windows\system32\igfxext.exe
2011-06-03 11:44 . 2011-06-03 11:44 386840 ----a-w- h:\windows\system32\hkcmd.exe
2011-06-03 11:44 . 2011-06-03 11:44 3157784 ----a-w- h:\windows\system32\GfxUI.exe
2011-06-03 11:44 . 2011-06-03 11:44 152856 ----a-w- h:\windows\system32\difx64.exe
2011-06-03 11:39 . 2011-06-03 11:39 90112 ----a-w- h:\windows\system32\igfxCoIn_v2413.dll
2011-06-03 11:34 . 2011-06-03 11:34 10628800 ----a-w- h:\windows\system32\drivers\igdkmd64.sys
2011-06-03 11:34 . 2011-06-03 11:34 6549504 ----a-w- h:\windows\system32\igdumd64.dll
2011-06-03 11:28 . 2010-02-20 06:18 4967424 ----a-w- h:\windows\SysWow64\igdumd32.dll
2011-06-03 11:24 . 2010-02-20 06:14 571904 ----a-w- h:\windows\SysWow64\igdumdx32.dll
2011-06-03 11:21 . 2009-07-13 21:59 4722176 ----a-w- h:\windows\system32\igd10umd64.dll
2011-06-03 11:17 . 2011-06-03 11:17 4411392 ----a-w- h:\windows\SysWow64\igd10umd32.dll
2011-06-03 11:10 . 2011-06-03 11:10 15546880 ----a-w- h:\windows\system32\ig4icd64.dll
2011-06-03 11:01 . 2011-06-03 11:01 11405312 ----a-w- h:\windows\SysWow64\ig4icd32.dll
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrsky.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrtrk.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrsve.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrslv.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87040 ----a-w- h:\windows\system32\igfxrtha.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88576 ----a-w- h:\windows\system32\igfxresn.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrrus.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrptg.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrplk.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrptb.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrnor.lrc
2011-06-03 10:56 . 2011-06-03 10:56 84992 ----a-w- h:\windows\system32\igfxrkor.lrc
2011-06-03 10:56 . 2011-06-03 10:56 84992 ----a-w- h:\windows\system32\igfxrjpn.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88576 ----a-w- h:\windows\system32\igfxrell.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrita.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrdeu.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrhun.lrc
2011-06-03 10:56 . 2011-06-03 10:56 86528 ----a-w- h:\windows\system32\igfxrheb.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88576 ----a-w- h:\windows\system32\igfxrfra.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrnld.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrfin.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87040 ----a-w- h:\windows\system32\igfxrdan.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrcsy.lrc
2011-06-03 10:56 . 2011-06-03 10:56 86528 ----a-w- h:\windows\system32\igfxrara.lrc
2011-06-03 10:56 . 2011-06-03 10:56 83968 ----a-w- h:\windows\system32\igfxrcht.lrc
2011-06-03 10:56 . 2011-06-03 10:56 83968 ----a-w- h:\windows\system32\igfxrchs.lrc
2011-06-03 10:56 . 2011-06-03 10:56 122368 ----a-w- h:\windows\system32\igfxcpl.cpl
2011-06-03 10:55 . 2011-06-03 10:55 27648 ----a-w- h:\windows\system32\igfxexps.dll
2011-06-03 10:55 . 2010-02-20 05:43 244224 ----a-w- h:\windows\system32\igfxpph.dll
2011-06-03 10:55 . 2011-06-03 10:55 380416 ----a-w- h:\windows\system32\igfxTMM.dll
2011-06-03 10:55 . 2010-02-20 05:43 61952 ----a-w- h:\windows\system32\igfxsrvc.dll
2011-06-03 10:55 . 2010-02-20 05:42 108544 ----a-w- h:\windows\system32\hccutils.dll
2011-06-03 10:54 . 2011-06-03 10:54 119808 ----a-w- h:\windows\system32\gfxSrvc.dll
2011-06-03 10:54 . 2011-06-03 10:54 4096 ----a-w- h:\windows\system32\IGFXDEVLib.dll
2011-06-03 10:54 . 2011-06-03 10:54 272896 ----a-w- h:\windows\system32\igfxdev.dll
2011-06-03 10:54 . 2011-06-03 10:54 87552 ----a-w- h:\windows\system32\igfxrenu.lrc
2011-06-03 10:54 . 2011-06-03 10:54 142336 ----a-w- h:\windows\system32\igfxdo.dll
2011-06-03 10:54 . 2010-02-20 05:41 830464 ----a-w- h:\windows\system32\igfxress.dll
2011-06-03 10:45 . 2011-06-03 10:45 23552 ----a-w- h:\windows\SysWow64\igfxexps32.dll
2011-06-03 10:44 . 2011-06-03 10:44 228864 ----a-w- h:\windows\SysWow64\igfxdv32.dll
2011-06-03 10:42 . 2011-06-03 10:42 208896 ----a-w- h:\windows\SysWow64\iglhsip32.dll
2011-06-03 10:42 . 2011-06-03 10:42 206336 ----a-w- h:\windows\system32\iglhsip64.dll
2011-06-03 10:42 . 2011-06-03 10:42 188416 ----a-w- h:\windows\system32\iglhcp64.dll
2011-06-03 10:42 . 2011-06-03 10:42 147456 ----a-w- h:\windows\SysWow64\iglhcp32.dll
2011-05-24 21:44 . 2011-05-24 21:44 61952 ----a-w- h:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- h:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 53760 ----a-w- h:\windows\system32\OpenCL.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- h:\windows\SysWow64\OpenCL.dll
2011-05-24 21:44 . 2011-05-24 21:44 16672768 ----a-w- h:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- h:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="h:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-29 3077528]
"uTorrent"="h:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-21 395640]
"Skype"="h:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"DAEMON Tools Lite"="h:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Sony Ericsson PC Companion"="h:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
"DAEMON Tools Pro Agent"="h:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"ICQ"="h:\program files (x86)\ICQ7.0\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="h:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Samsung PanelMgr"="h:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
"Adobe Reader Speed Launcher"="h:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="h:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LogMeIn Hamachi Ui"="h:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
h:\users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth PC Dialer.lnk - h:\program files (x86)\Bluetooth PC Dialer\BluetoothPCDialer.exe [2009-8-24 196608]
OpenOffice.org 3.0.lnk - h:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=h:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2 /wow /dir:h:\progra~1\AVASTS~1\Avast\defs\11070401
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 Avgldx64;AVG AVI Loader Driver;h:\windows\system32\DRIVERS\avgldx64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;h:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATICDSDr;ATICDSDr;h:\users\Josef\AppData\Local\Temp\ATICDSDr.sys [x]
R3 AVGIDSFilter;AVGIDSFilter;h:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;h:\windows\system32\Drivers\btnetBus.sys [x]
R3 cpuz135;cpuz135;h:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;h:\program files (x86)\BlackShot\BlackShot\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;h:\windows\system32\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;h:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 GGSAFERDriver;GGSAFER Driver;h:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;h:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);h:\windows\system32\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;h:\windows\system32\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;h:\windows\system32\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);h:\windows\system32\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);h:\windows\system32\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;h:\windows\system32\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);h:\windows\system32\DRIVERS\s1039unic.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;h:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;h:\users\Josef\AppData\Local\Temp\00126AD.tmp [x]
S0 AVGIDSEH;AVGIDSEH;h:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;h:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;h:\windows\System32\Drivers\BtHidBus.sys [x]
S0 sptd;sptd;h:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;h:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;h:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;h:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;h:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S3 LgBttPort;LGE Bluetooth TransPort;h:\windows\system32\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;h:\windows\system32\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;h:\windows\system32\DRIVERS\lgvmdm64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="h:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="h:\windows\system32\igfxtray.exe" [2011-06-03 162584]
"HotKeysCmds"="h:\windows\system32\hkcmd.exe" [2011-06-03 386840]
"Persistence"="h:\windows\system32\igfxpers.exe" [2011-06-03 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uLocal Page = h:\windows\system32\blank.htm
uStart Page = hxxp://www.maxiwe.com
mStart Page = hxxp://www.maxiwe.com
mLocal Page = h:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
IE: ????3?? - h:\users\Josef\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - h:\users\Josef\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
TCP: Interfaces\{7CA5A229-0722-4828-A191-DBED3FE9D35A}: DhcpNameServer = 78.156.128.37 80.79.16.3
FF - ProfilePath - h:\users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type -
FF - user.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Steam - h:\games\steam.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - h:\program files\AVAST Software\Avast\ashShA64.dll
AddRemove-Adobe Shockwave Player - h:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-avast - h:\program files\AVAST Software\Avast\aswRunDll.exe
AddRemove-CoD 2 čeština_is1 - h:\program files (x86)\Activision\Call of Duty 2\main\unins000.exe
AddRemove-Counter-Strike: Source Texture Pack 1.00 - h:\program files (x86)\Counter-Strike Source\Uninstall.exe
AddRemove-Eurobattle.net1.26 - h:\program files (x86)\Warcraft3\uninstall.exe
AddRemove-ICQToolbar - h:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Mafia Game - h:\windows\system32\MafiaSetup.exe
AddRemove-mod_sobit - h:\program files (x86)\Rockstar Games\GTA San Andreas\Uninstall s0beit 3.4 mod
AddRemove-Mumble - h:\program files (x86)\Mumble\Uninstall.exe
AddRemove-Patch kamael.cz 1.00 - h:\program files (x86)\NCsoft\Lineage II\Uninstall.exe
AddRemove-PunkBusterSvc - h:\windows\system32\pbsvc(2).exe
AddRemove-Searchqu 101 MediaBar - h:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
AddRemove-Steam App 10180 - h:\games\steam.exe
AddRemove-Valve_0 - h:\program files (x86)\Uninstall.exe
AddRemove-Valve_1 - h:\program files (x86)\Counter-Strike 1.6\Uninstall.exe
AddRemove-Valve_2 - h:\program files (x86)\Valve\Uninstall.exe
AddRemove-W3_Frozen throne crack - h:\program files (x86)\Warcraft III\Crack_remove.exe
AddRemove-{C13E90B0-4E1C-11DB-6784-0152EAA218BE} - h:\program files (x86)\Activision\Call of Duty 2\Uninst_Call of Duty(R) 2 Patch 1.3.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="h:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\h:\users\Josef\AppData\Local\Temp\00126AD.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="h:\\Users\\Josef\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="h:\\Users\\Josef\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
h:\program files (x86)\Google\Update\GoogleUpdate.exe
h:\windows\SysWOW64\PnkBstrA.exe
h:\windows\SysWOW64\PnkBstrB.exe
h:\program files (x86)\Bandoo\Bandoo.exe
h:\program files (x86)\OpenOffice.org 3\program\soffice.exe
h:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2011-08-22 22:40:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-22 20:40
.
Před spuštěním: 6 565 998 592
Po spuštění: 9 382 825 984
.
- - End Of File - - 83E7FCA5DE6AC4B2127A130CC32A02AA
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2013.867 [GMT 2:00]
Spuštěný z: h:\users\Josef\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
h:\games\steam.exe
H:\install.exe
h:\users\Josef\AppData\Roaming\Config
h:\users\Josef\AppData\Roaming\Config\Settings.ini
h:\windows\btc_client_iplist.txt
h:\windows\front_ip_list.txt
h:\windows\iecheck_iplist.txt
h:\windows\iplist.txt
h:\windows\proc_list1.log
h:\windows\WINDOWS
h:\windows\WINDOWS\INF\Lexmark (PCL)nt5lmpcl2a.inf
h:\windows\WINDOWS\INF\Lexmark (PS)nt5lexpsnt.inf
h:\windows\WINDOWS\SYSWOW64\DRVNPANT.DLL
h:\windows\WINDOWS\SYSWOW64\LEXCFI.DLL
h:\windows\WINDOWS\SYSWOW64\LEXDRVX.DLL
h:\windows\WINDOWS\SYSWOW64\LexFiles.log
h:\windows\WINDOWS\SYSWOW64\lexlog.dlL
h:\windows\WINDOWS\SYSWOW64\LEXMV95.HLP
h:\windows\WINDOWS\SYSWOW64\LEXPSHOW.HLP
h:\windows\WINDOWS\SYSWOW64\LMPCLHOW.HLP
h:\windows\WINDOWS\SYSWOW64\Monitor.inf
h:\windows\winlog-dirs.txt
h:\windows\winlog-ids.txt
h:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 20:26 . 2011-08-22 20:26 -------- d-----w- h:\users\GN0SYS\AppData\Local\temp
2011-08-22 20:26 . 2011-08-22 20:26 -------- d-----w- h:\users\Default\AppData\Local\temp
2011-08-22 18:50 . 2011-08-22 18:50 -------- d-----w- H:\_OTL
2011-08-22 17:37 . 2011-08-22 17:50 512 ----a-w- H:\PhysicalMBR.bin
2011-08-22 16:43 . 2011-08-22 16:52 -------- d-----w- h:\program files\trend micro
2011-08-22 16:43 . 2011-08-22 16:43 -------- d-----w- H:\rsit
2011-08-21 20:12 . 2011-08-21 20:12 -------- d-----w- h:\program files (x86)\IP Changer Premium
2011-08-21 10:03 . 2011-08-21 10:03 -------- d--h--w- h:\programdata\Common Files
2011-08-21 10:03 . 2011-08-21 10:40 -------- d-----w- h:\programdata\MFAData
2011-08-21 09:43 . 2011-07-04 11:36 600920 ----a-w- h:\windows\system32\drivers\aswSnx.sys
2011-08-20 07:56 . 2011-08-20 07:56 -------- d-----w- h:\program files (x86)\AMD APP
2011-08-19 06:39 . 2011-08-12 04:10 8862544 ----a-w- h:\programdata\Microsoft\Windows Defender\Definition Updates\{227674C3-09AD-443F-B30F-34F400C3D02D}\mpengine.dll
2011-08-15 12:33 . 2011-08-22 13:55 -------- d-----w- h:\program files (x86)\Garena Classic
2011-08-10 09:02 . 2011-06-23 05:29 5507968 ----a-w- h:\windows\system32\ntoskrnl.exe
2011-08-10 09:02 . 2011-06-23 04:38 3957120 ----a-w- h:\windows\SysWow64\ntkrnlpa.exe
2011-08-10 09:02 . 2011-06-23 04:38 3902336 ----a-w- h:\windows\SysWow64\ntoskrnl.exe
2011-08-08 16:39 . 2011-08-08 16:39 -------- d-----w- h:\program files (x86)\LogMeIn Hamachi
2011-08-04 21:51 . 2011-08-04 22:00 2829 ----a-w- h:\windows\War3Unin.pif
2011-08-04 21:51 . 2011-08-04 22:00 139264 ----a-w- h:\windows\War3Unin.exe
2011-08-04 21:49 . 2011-08-22 14:07 -------- d-----w- h:\program files (x86)\W3
2011-07-31 20:07 . 2011-07-21 12:51 -------- d-----w- h:\users\Josef\AppData\Roaming\.minecraft
2011-07-29 17:43 . 2011-07-29 17:43 -------- d-----w- h:\users\Josef\AppData\Roaming\LolClient
2011-07-26 09:42 . 2011-07-26 09:42 -------- d-----w- H:\TopCD
2011-07-26 09:17 . 2011-07-26 09:39 272448 ----a-w- h:\windows\system32\drivers\dtsoftbus01.sys
2011-07-26 09:17 . 2011-07-26 09:24 -------- d-----w- h:\program files (x86)\DAEMON Tools Pro
2011-07-24 08:13 . 2011-07-24 08:13 -------- d-----w- h:\users\Josef\AppData\Roaming\DAEMON Tools
2011-07-24 08:05 . 2011-07-24 08:06 -------- d-----w- h:\program files (x86)\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 19:32 . 2011-07-17 19:32 18328 ----a-w- h:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-16 04:32 . 2011-08-10 09:03 44032 ----a-w- h:\windows\apppatch\acwow64.dll
2011-07-15 07:59 . 2011-07-15 07:59 45056 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}\NewShortcut1_31C30ABA960848C399A3EA37FE010825.exe
2011-07-15 07:59 . 2011-07-15 07:59 45056 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}\NewShortcut2_6A293E8C50A64AF995D5612415EFFD9D.exe
2011-07-13 08:45 . 2011-06-10 09:53 404640 ----a-w- h:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-04 16:06 . 2010-05-20 17:12 214520 ----a-w- h:\windows\SysWow64\PnkBstrB.exe
2011-07-04 16:06 . 2010-03-09 14:20 214520 ----a-w- h:\windows\SysWow64\PnkBstrB.xtr
2011-07-04 11:43 . 2010-09-28 19:07 40112 ----a-w- h:\windows\avastSS.scr
2011-07-04 11:43 . 2010-09-28 19:07 199304 ----a-w- h:\windows\SysWow64\aswBoot.exe
2011-07-04 11:43 . 2011-01-25 09:07 253888 ----a-w- h:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2010-09-28 19:08 288088 ----a-w- h:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-09-28 19:08 45400 ----a-w- h:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-09-28 19:08 31064 ----a-w- h:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-09-28 19:08 64856 ----a-w- h:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-09-28 19:08 22360 ----a-w- h:\windows\system32\drivers\aswFsBlk.sys
2011-06-30 12:37 . 2011-06-30 12:37 65536 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2011-06-30 12:37 . 2011-06-30 12:37 61440 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2011-06-30 12:37 . 2011-06-30 12:37 61440 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2011-06-30 12:37 . 2011-06-30 12:37 57344 ----a-r- h:\users\Josef\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2011-06-28 16:37 . 2010-07-21 14:34 43520 ----a-w- h:\windows\SysWow64\CmdLineExt03.dll
2011-06-11 02:56 . 2011-07-13 09:07 3134464 ----a-w- h:\windows\system32\win32k.sys
2011-06-03 11:45 . 2011-06-03 11:45 162584 ----a-w- h:\windows\system32\igfxtray.exe
2011-06-03 11:45 . 2011-06-03 11:45 510232 ----a-w- h:\windows\system32\igfxsrvc.exe
2011-06-03 11:45 . 2011-06-03 11:45 417560 ----a-w- h:\windows\system32\igfxpers.exe
2011-06-03 11:44 . 2011-06-03 11:44 224024 ----a-w- h:\windows\system32\igfxext.exe
2011-06-03 11:44 . 2011-06-03 11:44 386840 ----a-w- h:\windows\system32\hkcmd.exe
2011-06-03 11:44 . 2011-06-03 11:44 3157784 ----a-w- h:\windows\system32\GfxUI.exe
2011-06-03 11:44 . 2011-06-03 11:44 152856 ----a-w- h:\windows\system32\difx64.exe
2011-06-03 11:39 . 2011-06-03 11:39 90112 ----a-w- h:\windows\system32\igfxCoIn_v2413.dll
2011-06-03 11:34 . 2011-06-03 11:34 10628800 ----a-w- h:\windows\system32\drivers\igdkmd64.sys
2011-06-03 11:34 . 2011-06-03 11:34 6549504 ----a-w- h:\windows\system32\igdumd64.dll
2011-06-03 11:28 . 2010-02-20 06:18 4967424 ----a-w- h:\windows\SysWow64\igdumd32.dll
2011-06-03 11:24 . 2010-02-20 06:14 571904 ----a-w- h:\windows\SysWow64\igdumdx32.dll
2011-06-03 11:21 . 2009-07-13 21:59 4722176 ----a-w- h:\windows\system32\igd10umd64.dll
2011-06-03 11:17 . 2011-06-03 11:17 4411392 ----a-w- h:\windows\SysWow64\igd10umd32.dll
2011-06-03 11:10 . 2011-06-03 11:10 15546880 ----a-w- h:\windows\system32\ig4icd64.dll
2011-06-03 11:01 . 2011-06-03 11:01 11405312 ----a-w- h:\windows\SysWow64\ig4icd32.dll
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrsky.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrtrk.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrsve.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrslv.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87040 ----a-w- h:\windows\system32\igfxrtha.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88576 ----a-w- h:\windows\system32\igfxresn.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrrus.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrptg.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrplk.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrptb.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrnor.lrc
2011-06-03 10:56 . 2011-06-03 10:56 84992 ----a-w- h:\windows\system32\igfxrkor.lrc
2011-06-03 10:56 . 2011-06-03 10:56 84992 ----a-w- h:\windows\system32\igfxrjpn.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88576 ----a-w- h:\windows\system32\igfxrell.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrita.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrdeu.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrhun.lrc
2011-06-03 10:56 . 2011-06-03 10:56 86528 ----a-w- h:\windows\system32\igfxrheb.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88576 ----a-w- h:\windows\system32\igfxrfra.lrc
2011-06-03 10:56 . 2011-06-03 10:56 88064 ----a-w- h:\windows\system32\igfxrnld.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrfin.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87040 ----a-w- h:\windows\system32\igfxrdan.lrc
2011-06-03 10:56 . 2011-06-03 10:56 87552 ----a-w- h:\windows\system32\igfxrcsy.lrc
2011-06-03 10:56 . 2011-06-03 10:56 86528 ----a-w- h:\windows\system32\igfxrara.lrc
2011-06-03 10:56 . 2011-06-03 10:56 83968 ----a-w- h:\windows\system32\igfxrcht.lrc
2011-06-03 10:56 . 2011-06-03 10:56 83968 ----a-w- h:\windows\system32\igfxrchs.lrc
2011-06-03 10:56 . 2011-06-03 10:56 122368 ----a-w- h:\windows\system32\igfxcpl.cpl
2011-06-03 10:55 . 2011-06-03 10:55 27648 ----a-w- h:\windows\system32\igfxexps.dll
2011-06-03 10:55 . 2010-02-20 05:43 244224 ----a-w- h:\windows\system32\igfxpph.dll
2011-06-03 10:55 . 2011-06-03 10:55 380416 ----a-w- h:\windows\system32\igfxTMM.dll
2011-06-03 10:55 . 2010-02-20 05:43 61952 ----a-w- h:\windows\system32\igfxsrvc.dll
2011-06-03 10:55 . 2010-02-20 05:42 108544 ----a-w- h:\windows\system32\hccutils.dll
2011-06-03 10:54 . 2011-06-03 10:54 119808 ----a-w- h:\windows\system32\gfxSrvc.dll
2011-06-03 10:54 . 2011-06-03 10:54 4096 ----a-w- h:\windows\system32\IGFXDEVLib.dll
2011-06-03 10:54 . 2011-06-03 10:54 272896 ----a-w- h:\windows\system32\igfxdev.dll
2011-06-03 10:54 . 2011-06-03 10:54 87552 ----a-w- h:\windows\system32\igfxrenu.lrc
2011-06-03 10:54 . 2011-06-03 10:54 142336 ----a-w- h:\windows\system32\igfxdo.dll
2011-06-03 10:54 . 2010-02-20 05:41 830464 ----a-w- h:\windows\system32\igfxress.dll
2011-06-03 10:45 . 2011-06-03 10:45 23552 ----a-w- h:\windows\SysWow64\igfxexps32.dll
2011-06-03 10:44 . 2011-06-03 10:44 228864 ----a-w- h:\windows\SysWow64\igfxdv32.dll
2011-06-03 10:42 . 2011-06-03 10:42 208896 ----a-w- h:\windows\SysWow64\iglhsip32.dll
2011-06-03 10:42 . 2011-06-03 10:42 206336 ----a-w- h:\windows\system32\iglhsip64.dll
2011-06-03 10:42 . 2011-06-03 10:42 188416 ----a-w- h:\windows\system32\iglhcp64.dll
2011-06-03 10:42 . 2011-06-03 10:42 147456 ----a-w- h:\windows\SysWow64\iglhcp32.dll
2011-05-24 21:44 . 2011-05-24 21:44 61952 ----a-w- h:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- h:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 53760 ----a-w- h:\windows\system32\OpenCL.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- h:\windows\SysWow64\OpenCL.dll
2011-05-24 21:44 . 2011-05-24 21:44 16672768 ----a-w- h:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- h:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="h:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-29 3077528]
"uTorrent"="h:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-21 395640]
"Skype"="h:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"DAEMON Tools Lite"="h:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Sony Ericsson PC Companion"="h:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
"DAEMON Tools Pro Agent"="h:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"ICQ"="h:\program files (x86)\ICQ7.0\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="h:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Samsung PanelMgr"="h:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
"Adobe Reader Speed Launcher"="h:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="h:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LogMeIn Hamachi Ui"="h:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
h:\users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth PC Dialer.lnk - h:\program files (x86)\Bluetooth PC Dialer\BluetoothPCDialer.exe [2009-8-24 196608]
OpenOffice.org 3.0.lnk - h:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=h:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2 /wow /dir:h:\progra~1\AVASTS~1\Avast\defs\11070401
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 Avgldx64;AVG AVI Loader Driver;h:\windows\system32\DRIVERS\avgldx64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;h:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATICDSDr;ATICDSDr;h:\users\Josef\AppData\Local\Temp\ATICDSDr.sys [x]
R3 AVGIDSFilter;AVGIDSFilter;h:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;h:\windows\system32\Drivers\btnetBus.sys [x]
R3 cpuz135;cpuz135;h:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;h:\program files (x86)\BlackShot\BlackShot\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;h:\windows\system32\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;h:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 GGSAFERDriver;GGSAFER Driver;h:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;h:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);h:\windows\system32\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;h:\windows\system32\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;h:\windows\system32\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);h:\windows\system32\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);h:\windows\system32\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;h:\windows\system32\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);h:\windows\system32\DRIVERS\s1039unic.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;h:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;h:\users\Josef\AppData\Local\Temp\00126AD.tmp [x]
S0 AVGIDSEH;AVGIDSEH;h:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;h:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;h:\windows\System32\Drivers\BtHidBus.sys [x]
S0 sptd;sptd;h:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;h:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;h:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;h:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;h:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S3 LgBttPort;LGE Bluetooth TransPort;h:\windows\system32\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;h:\windows\system32\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;h:\windows\system32\DRIVERS\lgvmdm64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="h:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="h:\windows\system32\igfxtray.exe" [2011-06-03 162584]
"HotKeysCmds"="h:\windows\system32\hkcmd.exe" [2011-06-03 386840]
"Persistence"="h:\windows\system32\igfxpers.exe" [2011-06-03 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uLocal Page = h:\windows\system32\blank.htm
uStart Page = hxxp://www.maxiwe.com
mStart Page = hxxp://www.maxiwe.com
mLocal Page = h:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
IE: ????3?? - h:\users\Josef\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - h:\users\Josef\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
TCP: Interfaces\{7CA5A229-0722-4828-A191-DBED3FE9D35A}: DhcpNameServer = 78.156.128.37 80.79.16.3
FF - ProfilePath - h:\users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\xhy3rgc4.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type -
FF - user.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Steam - h:\games\steam.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - h:\program files\AVAST Software\Avast\ashShA64.dll
AddRemove-Adobe Shockwave Player - h:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-avast - h:\program files\AVAST Software\Avast\aswRunDll.exe
AddRemove-CoD 2 čeština_is1 - h:\program files (x86)\Activision\Call of Duty 2\main\unins000.exe
AddRemove-Counter-Strike: Source Texture Pack 1.00 - h:\program files (x86)\Counter-Strike Source\Uninstall.exe
AddRemove-Eurobattle.net1.26 - h:\program files (x86)\Warcraft3\uninstall.exe
AddRemove-ICQToolbar - h:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Mafia Game - h:\windows\system32\MafiaSetup.exe
AddRemove-mod_sobit - h:\program files (x86)\Rockstar Games\GTA San Andreas\Uninstall s0beit 3.4 mod
AddRemove-Mumble - h:\program files (x86)\Mumble\Uninstall.exe
AddRemove-Patch kamael.cz 1.00 - h:\program files (x86)\NCsoft\Lineage II\Uninstall.exe
AddRemove-PunkBusterSvc - h:\windows\system32\pbsvc(2).exe
AddRemove-Searchqu 101 MediaBar - h:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
AddRemove-Steam App 10180 - h:\games\steam.exe
AddRemove-Valve_0 - h:\program files (x86)\Uninstall.exe
AddRemove-Valve_1 - h:\program files (x86)\Counter-Strike 1.6\Uninstall.exe
AddRemove-Valve_2 - h:\program files (x86)\Valve\Uninstall.exe
AddRemove-W3_Frozen throne crack - h:\program files (x86)\Warcraft III\Crack_remove.exe
AddRemove-{C13E90B0-4E1C-11DB-6784-0152EAA218BE} - h:\program files (x86)\Activision\Call of Duty 2\Uninst_Call of Duty(R) 2 Patch 1.3.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="h:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\h:\users\Josef\AppData\Local\Temp\00126AD.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="h:\\Users\\Josef\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3665194971-35141123-3770490494-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="h:\\Users\\Josef\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
h:\program files (x86)\Google\Update\GoogleUpdate.exe
h:\windows\SysWOW64\PnkBstrA.exe
h:\windows\SysWOW64\PnkBstrB.exe
h:\program files (x86)\Bandoo\Bandoo.exe
h:\program files (x86)\OpenOffice.org 3\program\soffice.exe
h:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2011-08-22 22:40:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-22 20:40
.
Před spuštěním: 6 565 998 592
Po spuštění: 9 382 825 984
.
- - End Of File - - 83E7FCA5DE6AC4B2127A130CC32A02AA
Přispějete na provoz fóra?