Preventivní kontrola logu

Zpráva

karel22 · #1 Příspěvek od **karel22** » 21 srp 2011 11:39

Dobrý den prosím o preventivní kontrolu. děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michael at 2011-08-21 12:36:34
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 95 GB (41%) free of 230 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:23, on 21.8.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Packard Bell\FIJI\AOSD.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Desktop\RSIT.exe
C:\Program Files\trend micro\Michael.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98ca02a73add0) (gupdate1c98ca02a73add0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 10056 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-23 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-07-28 874000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-07-28 874000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912]
"ACTIVBOARD"=C:\Program Files\Packard Bell\FIJI\aboard.exe [2007-01-18 79416]
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-05-04 36864]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-04-13 47392]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"PMBVolumeWatcher"=C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [2010-11-27 648032]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-04-14 421160]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Google Update"=C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-15 136176]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"BindDirectlyToPropertySetStorage"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"VIDC.XFR1"=xfcodec.dll
"msacm.lhacm"=lhacm.acm
"MSVideo8"=VfWWDM32.dll
"vidc.iv50"=ir50_32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3codec"=l3codecp.acm
"msacm.siren"=sirenacm.dll
"vidc.XVID"=xvidvfw.dll
"msacm.vorbis"=vorbis.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 month======

2011-08-21 00:17:19 ----DC---- C:\Users\Michael\AppData\Roaming\Leadertech
2011-08-21 00:07:30 ----DC---- C:\Program Files\EA Sports
2011-08-11 10:21:27 ----AC---- C:\Windows\system32\mshtmled.dll
2011-08-11 10:21:26 ----AC---- C:\Windows\system32\iertutil.dll
2011-08-11 10:21:25 ----AC---- C:\Windows\system32\jscript9.dll
2011-08-11 10:21:25 ----AC---- C:\Windows\system32\jscript.dll
2011-08-11 10:21:25 ----AC---- C:\Windows\system32\ieui.dll
2011-08-11 10:21:24 ----AC---- C:\Windows\system32\wininet.dll
2011-08-11 10:21:24 ----AC---- C:\Windows\system32\jsproxy.dll
2011-08-11 10:21:23 ----AC---- C:\Windows\system32\urlmon.dll
2011-08-11 10:21:23 ----AC---- C:\Windows\system32\url.dll
2011-08-11 10:21:23 ----AC---- C:\Windows\system32\ieframe.dll
2011-08-11 10:21:22 ----AC---- C:\Windows\system32\mshtml.dll
2011-08-10 22:22:08 ----AC---- C:\Windows\system32\winsrv.dll
2011-08-10 22:22:06 ----AC---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 22:22:04 ----AC---- C:\Windows\system32\xmllite.dll
2011-08-10 22:21:59 ----AC---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 22:21:59 ----AC---- C:\Windows\system32\ntkrnlpa.exe
2011-08-10 22:21:58 ----AC---- C:\Windows\system32\drivers\tcpip.sys
2011-08-09 17:51:37 ----DC---- C:\Program Files\PCPowerSpeed
2011-08-09 17:50:18 ----DC---- C:\Program Files\Inbox Toolbar

======List of files/folders modified in the last 1 month======

2011-08-21 12:36:39 ----DC---- C:\Windows\Temp
2011-08-21 12:36:36 ----ADC---- C:\Program Files\trend micro
2011-08-21 11:01:28 ----DC---- C:\Windows\system32\Tasks
2011-08-21 11:00:41 ----DC---- C:\Windows\system32\inetsrv
2011-08-21 03:38:59 ----DC---- C:\Windows\tracing
2011-08-21 02:31:03 ----DC---- C:\Windows\system32\catroot2
2011-08-21 00:17:01 ----SHDC---- C:\Windows\Installer
2011-08-21 00:07:30 ----RDC---- C:\Program Files
2011-08-21 00:07:12 ----RSDC---- C:\Windows\assembly
2011-08-21 00:06:24 ----DC---- C:\Windows\Logs
2011-08-21 00:06:03 ----SHD---- C:\System Volume Information
2011-08-20 21:10:21 ----DC---- C:\Windows\inf
2011-08-20 21:10:21 ----ADC---- C:\Windows\System32
2011-08-20 21:10:21 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2011-08-20 21:01:48 ----DC---- C:\Users\Michael\AppData\Roaming\uTorrent
2011-08-20 15:26:57 ----DC---- C:\Users\Michael\AppData\Roaming\Skype
2011-08-20 15:26:38 ----DC---- C:\Windows\Debug
2011-08-20 15:26:38 ----DC---- C:\Windows
2011-08-20 15:11:49 ----DC---- C:\ProgramData\Easybits GO
2011-08-20 15:11:39 ----DC---- C:\Users\Michael\AppData\Roaming\go
2011-08-19 20:20:41 ----HDC---- C:\Program Files\InstallShield Installation Information
2011-08-19 20:20:29 ----DC---- C:\ProgramData\Global Graphics
2011-08-19 19:50:40 ----DC---- C:\Windows\prefetch
2011-08-18 21:44:50 ----DC---- C:\Program Files\Mozilla Firefox
2011-08-18 10:05:50 ----DC---- C:\ProgramData\Skype Extras
2011-08-13 15:46:45 ----DC---- C:\ProgramData\Roxio
2011-08-11 23:29:18 ----DC---- C:\Windows\Microsoft.NET
2011-08-11 10:48:38 ----D---- C:\Windows\winsxs
2011-08-11 10:28:23 ----DC---- C:\Windows\system32\catroot
2011-08-11 10:24:35 ----DC---- C:\Windows\system32\migration
2011-08-11 10:24:35 ----DC---- C:\Windows\system32\drivers
2011-08-11 10:24:35 ----DC---- C:\Program Files\Windows Mail
2011-08-11 10:24:35 ----DC---- C:\Program Files\Internet Explorer
2011-08-11 10:18:53 ----AC---- C:\Windows\system32\mrt.exe
2011-08-10 19:32:14 ----ADC---- C:\Program Files\Steam
2011-08-10 09:04:15 ----DC---- C:\ProgramData
2011-07-24 20:13:04 ----DC---- C:\Program Files\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]
R3 MQAC;@mqutil.dll,-6101; C:\Windows\system32\drivers\mqac.sys [2008-01-19 126976]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
R3 PAC207;Webcam 1200; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-02-18 41984]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE [2008-01-19 11264]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2008-01-19 13824]
R2 LPDSVC;@%systemroot%\system32\lpdsvc.dll,-500; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MSMQ;@mqutil.dll,-6102; C:\Windows\system32\mqsvc.exe [2006-11-02 8704]
R2 MSMQTriggers;@mqutil.dll,-6203; C:\Windows\system32\mqtgsvc.exe [2009-04-11 125952]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-11-15 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-15 189248]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-01-11 166648]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-08-14 9728]
R2 SNMP;@%SystemRoot%\system32\snmp.exe,-3; C:\Windows\System32\snmp.exe [2009-04-11 47616]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056]
R2 WDFME;WD File Management Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
R2 WDSC;WD File Management Shadow Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-04-14 820520]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-11 887544]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c98ca02a73add0;Google Update Service (gupdate1c98ca02a73add0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-03-20 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NtmsSvc;@%SystemRoot%\system32\ntmssvc.dll,-2; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-05-14 403240]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WMSvc;@%windir%\system32\inetsrv\iisres.dll,-20001; C:\Windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2009-04-11 71168]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 21 srp 2011 19:17

Zdravim a pekny den preji

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

karel22 · #3 Příspěvek od **karel22** » 24 srp 2011 15:11

tady to je:

OTL Extras logfile created on: 24.8.2011 15:14:49 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Michael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,58% Memory free
4,24 Gb Paging File | 3,18 Gb Available in Paging File | 75,03% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,88 Gb Total Space | 84,64 Gb Free Space | 37,64% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3175424738-3105269781-473552097-1002]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{161577FD-0C47-427A-A792-665039271183}" = lport=138 | protocol=17 | dir=in | app=system |
"{3EECCCF5-7D54-4AEE-8A23-DBC233ACFD7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4A6765B6-CAB6-4E1C-BE47-A9E2809A09C9}" = rport=445 | protocol=6 | dir=out | app=system |
"{4A89E37D-1369-4245-B56D-B230EFE52064}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6D82BCF2-2587-4EA0-B683-61AC845F0B5F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8C60CB11-456D-4C44-94E2-B92328D41CB2}" = lport=139 | protocol=6 | dir=in | app=system |
"{973A64EC-05DD-4609-B69B-A7C67C17916B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9ECFAF3D-BE57-455F-9BE3-A4641AE34A30}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF189AF3-7FF5-4502-9E2A-291C02D035C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BD73BA05-A855-4CA0-9DB8-0AD9FAA1FADB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C3AB77D1-A07F-43D2-A2A0-22CEEA5AEBED}" = rport=138 | protocol=17 | dir=out | app=system |
"{C8A20291-A9CB-4EF6-9E09-D20341CDBB3B}" = rport=137 | protocol=17 | dir=out | app=system |
"{E85C574C-B6BB-4E0B-8D83-21AD79114DFA}" = rport=139 | protocol=6 | dir=out | app=system |
"{EF607084-C2FA-4590-9173-68773EEDA38A}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09312458-2D50-418D-B867-E173DCE63000}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{0BC83054-EB83-474D-8A80-AA7336320A30}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{0EDF539A-9259-4ED8-A968-18A37DC073FF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1259630A-A3AE-4FFD-B5A3-FCD807C7A7DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E78D9E0-D4DB-4ACD-BF41-E0BCF686A57F}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{1F0EA74D-C1B4-496F-9C91-403F2F4914D6}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{209BD406-F164-43FB-B423-1122642D58D8}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{21636AB7-9E08-4D33-95EE-D5B8F74A37F0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2C3E2EDD-02F5-454D-9971-2644BCE15DBB}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{3B002971-390A-4F6C-909E-A134813BFC15}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3FDC567D-DC0E-4611-A2B5-427DADE902A4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{3FF796D9-619B-4257-9F47-463E1114524E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{453C39EC-05CB-44B7-B150-406C8B26786B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{47C4D3B3-9000-4070-9EA3-D2E875E0C78B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4B218A8D-20B3-4702-97A2-DE0E3D25DC41}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{51D3002C-5561-4EFC-A557-35A2FE71B302}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{5A96789C-1371-457F-9D4A-E848795392E9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6BAC0E9D-C9BF-4B21-9EB6-0217C758130E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6ED0402E-B96A-427C-BD77-28D00EE42701}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{7D06034E-BE03-468D-96B7-0D2E20FACEBA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{86A1B2C7-6B5C-4440-9B7A-8C5474AFAA62}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{893D2C9A-AEC6-4829-A325-7979F607C409}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{8A635F6F-148E-4224-A659-93F0A0AE7A10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{93CE929F-A05E-45C0-978A-ABF09E3896FF}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{968AA9A8-AB9A-49EC-BEEC-3861371B6958}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FC25377-F9EA-44E6-8F01-568BBB3953DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A0530A63-D2D1-49B9-9FE6-12AE39E1D67D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A37A24D7-313C-4148-913E-13CC7FBD9760}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A9A170D1-438F-4C5D-9924-467CAB608694}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{B8506D6E-A76E-4F4D-9E99-A122AD9E3778}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BAC4F3EA-5AA1-4C1E-A477-85705A62DE4C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BCF077AE-87E2-49F4-9A26-8475F64392BC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C36E6834-FB4F-4168-A752-3A9A8300D813}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CABBDCCE-DD6C-4357-8AA6-63A852284EA0}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D3C640B5-A752-440D-82EC-5E0B9562F854}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{DEC7182E-3339-4964-BC1D-A7B3AB24E4FD}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{E0F37BB2-2834-4904-AC1E-876A8426D707}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E24A4E39-7FF2-4F04-B38C-EDC42A337B16}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{E486148B-1C01-4ED8-95BC-F4BDBA9EC050}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{FB255075-56EA-438D-9039-2726150EDDF6}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{FC00364E-3A53-4F29-AE65-66BFAD485DC0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FDB3D7B1-B0EF-4D23-85B8-DD65A7E0C42B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{12D41D7C-F3DE-48AC-9088-421B3CE73F2D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1D6BB171-D7CA-4C4F-B281-E1ED4C87D2C7}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{27685A8B-D956-4749-83B7-06D0D2365C93}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{2BA358A2-94F8-492A-A328-109FF893FB17}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"TCP Query User{39F0C200-0694-45C5-8BDF-22919C40A810}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{8562EDA2-3763-48D8-924B-A3328EBCA614}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{8F3425E1-70C1-4E07-B1FB-D7C413CE6257}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{98AFC969-3EEA-4C23-88F7-2620B82CBE2D}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{A92006F4-9C1B-4DBF-B8CA-EE17249F6182}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B05C5F3C-3040-49D3-8F1B-BC7999E44B4D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{BF2E5B27-B4E9-4E8C-A3B5-443F1A52130F}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{CDF96CA2-7852-4A1F-ABBA-EC6BF681B471}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"TCP Query User{CEABBF70-3481-4FB1-8980-2A2D962E26A8}C:\program files\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\dead space 2\deadspace2.exe |
"TCP Query User{E8682BB6-B2EA-4E41-A780-E2391B99FD1B}C:\program files\3do\heroes of might and magic iv\heroes4c.exe" = protocol=6 | dir=in | app=c:\program files\3do\heroes of might and magic iv\heroes4c.exe |
"TCP Query User{EEA2746F-CED1-44BC-A828-56A1AACA9191}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0D6AC75C-922F-4D01-B903-2AEAE5935A91}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{110AE60E-D07F-4A0A-9644-C6741CFBA129}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{25FFEF43-193F-46C6-ACE0-CC890B266C77}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{31A360FA-86B5-4312-B0FC-CAC635A282D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{31DC0233-BC20-438B-8DEF-75B47A5CC445}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"UDP Query User{3D010AA2-D38A-4BAB-92F5-523EB61DB557}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{47E678A2-4711-455D-BFC9-B5371CA1F3F9}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{6C512C92-EBF1-428A-8210-F4D79D0E25D2}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"UDP Query User{7F79DBED-5A92-487B-8AF1-ECDCA3238F49}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{86CEF3BA-203B-47AD-A076-042022650E8B}C:\program files\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\dead space 2\deadspace2.exe |
"UDP Query User{8708582B-9A0D-4F69-B836-FB13E8221A85}C:\program files\3do\heroes of might and magic iv\heroes4c.exe" = protocol=17 | dir=in | app=c:\program files\3do\heroes of might and magic iv\heroes4c.exe |
"UDP Query User{AD80F25C-7C66-49CB-9A31-0F61EE2361E7}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{AE2D2316-C8E1-4CF4-8E4F-1D7C5579C467}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{AF137E54-BB84-43F1-8794-65AEBF011963}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E755A374-EF6A-4379-966B-F41119301C24}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{068B46A0-8858-4CEB-80BC-A4AE787A05FC}" = Windows Live Sync
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.7
"{0891B708-EF3F-4D7E-9724-265245F46276}" = Windows Live Remote Service Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = RemoteCapture 2.7.5
"{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}" = Heroes of Might and Magic® IV
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2236B741-6631-49AE-B76E-3E14CA01CC87}" = RemoteCapture Task
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{230CCBE9-14B0-4008-97AF-30C10F99E42C}" = PhotoStudio
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{2722B882-AADE-45AB-93A6-E2DCAEEA8D65}" = Image Data Converter
"{275E6655-7CB0-4B9E-A89D-2EE640B37899}" = Canon Camera TWAIN Driver
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = File Viewer Utility 1.3.2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{454F5782-A4C3-480E-A629-D435795DEFD8}" = Windows Live Remote Client Resources
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{4677AAF8-8D7A-4EE2-BCE4-0068BB052353}" = ArcSoft Camera Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4E9F688B-E659-46D6-B554-55CA56D28BCD}" = Sony Noise Reduction Plug-In 2.0b
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{66D475AE-F18B-43A0-8BAF-61AF4403E339}" = Webcam 1200
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A30D5C0-BD4A-4E65-AADF-20A457DE6D38}" = Windows Live Family Safety
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92605735-AAFB-47F7-A67D-17ED129EFF9C}" = ACDSee 4.0
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Camera Window
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Czech
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DB2E15E7-DC29-44D0-9B63-EE8E49160ECE}_is1" = Vzroy právních dokumentů 2008.2
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = RAW Image Task
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Balíček ovladače systému Windows - Nokia Modem (10/12/2007 3.6)
"7-Zip" = 7-Zip 4.65
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Balíček ovladače systému Windows - Nokia Modem (08/03/2007 6.84.0.2)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 7.0.1 CZ" = Adobe Illustrator 7.0.1 CZ
"Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5377
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CREATOR9" = Creator 9
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"FIJI" = Keyboard FIJI
"FileHippo.com" = FileHippo.com Update Checker
"FirefoxCZ" = Firefox
"Flashplayer" = Flash Player 9 Internet Explorer
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.0.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoogleBAE" = Google BAE
"GoogleDesktop" = GoogleDesktop
"HappyFoto-Designer_is1" = HF Designer 2.7
"HijackThis" = HijackThis 2.0.2
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"ICQToolbar" = ICQ Toolbar
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"Inkscape" = Inkscape 0.46
"InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}" = Heroes of Might and Magic® IV
"InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{275E6655-7CB0-4B9E-A89D-2EE640B37899}" = Canon Camera TWAIN Driver 6.0
"InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = Canon Utilities File Viewer Utility 1.3
"InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = Canon RAW Image Task for ZoomBrowser EX
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"LCDTest" = Packard Bell LCD Test
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox 6.0 (x86 cs)" = Mozilla Firefox 6.0 (x86 cs)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"O2 Internet Konfigurator" = O2 Internet Konfigurator
"PBREG" = Packard Bell Registration
"PhotoRecord" = Canon PhotoRecord
"Picasa 3" = Picasa 3
"Picasa_2" = Picasa2
"Power Supply Designer II" = Power Supply Designer II
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"SciTech Display Doctor" = SciTech Display Doctor
"SETUPMYPC_CZ" = SetUp My PC
"Shockwave" = Shockwave player 10
"SKYPE" = Skype 3.5.2.239
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 630" = Alien Swarm
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Updator" = Packard Bell Updator
"Usbfix" = Usbfix By C_XX & El Desaparecido
"uTorrent" = µTorrent
"VIDEO_NVIDIA" = Video NVIDIA v162.22
"VLC media player" = VLC media player 1.1.11
"Voice Manager" = Voice Manager
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7.4.2011 7:34:17 | Computer Name = Michael-PC | Source = avast! | ID = 33554522
Description =

Error - 9.4.2011 5:10:29 | Computer Name = Michael-PC | Source = avast! | ID = 33554522
Description =

Error - 11.4.2011 0:48:59 | Computer Name = Michael-PC | Source = avast! | ID = 33554522
Description =

Error - 11.4.2011 16:24:05 | Computer Name = Michael-PC | Source = avast! | ID = 33554522
Description =

Error - 12.4.2011 0:39:43 | Computer Name = Michael-PC | Source = avast! | ID = 33554522
Description =

Error - 16.4.2011 6:46:49 | Computer Name = Michael-PC | Source = avast! | ID = 33554522
Description =

Error - 17.4.2011 7:15:46 | Computer Name = Michael-PC | Source = avast! | ID = 33554522
Description =

Error - 20.4.2011 11:06:29 | Computer Name = Michael-PC | Source = avast! | ID = 33554522
Description =

Error - 21.4.2011 3:54:41 | Computer Name = Michael-PC | Source = avast! | ID = 33554522
Description =

Error - 21.4.2011 4:40:51 | Computer Name = Michael-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 31.7.2011 4:55:58 | Computer Name = Michael-PC | Source = ESENT | ID = 467
Description = Windows (2424) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index System_KindText405 tabulky SystemIndex_0A je poškozen (0).

Error - 2.8.2011 14:06:10 | Computer Name = Michael-PC | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE verze 6.0.6002.18005 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: af0 Čas zahájení: 01cc50d3c4c7f289 Čas ukončení: 13525

Error - 3.8.2011 6:25:53 | Computer Name = Michael-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7.8.2011 15:00:14 | Computer Name = Michael-PC | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE verze 6.0.6002.18005 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: b98 Čas zahájení: 01cc54f599fb2422 Čas ukončení: 60000

Error - 19.8.2011 14:07:23 | Computer Name = Michael-PC | Source = VSS | ID = 8194
Description =

Error - 20.8.2011 18:07:29 | Computer Name = Michael-PC | Source = System Restore | ID = 8193
Description =

Error - 20.8.2011 20:51:14 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace fifa.exe, verze 1.0.0.0, časové razítko 0x4c8a90dc,
chybující modul fifa.exe, verze 1.0.0.0, časové razítko 0x4c8a90dc, kód výjimky
0x80000003, posun chyby 0x00006536, ID procesu 0x514, čas spuštění aplikace 0x01cc5f9c6acd883b.

Error - 22.8.2011 8:14:55 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace fifa.exe, verze 1.0.0.0, časové razítko 0x4c8a90dc,
chybující modul fifa.exe, verze 1.0.0.0, časové razítko 0x4c8a90dc, kód výjimky
0xc0000005, posun chyby 0x0096a34d, ID procesu 0x14e0, čas spuštění aplikace 0x01cc60b9c8a2fecb.

Error - 23.8.2011 9:29:09 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace fifa.exe, verze 1.0.0.0, časové razítko 0x4c8a90dc,
chybující modul fifa.exe, verze 1.0.0.0, časové razítko 0x4c8a90dc, kód výjimky
0xc0000005, posun chyby 0x00abc900, ID procesu 0x1588, čas spuštění aplikace 0x01cc6186a87883a0.

Error - 23.8.2011 10:54:58 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace fifa.exe, verze 1.0.0.0, časové razítko 0x4c8a90dc,
chybující modul fifa.exe, verze 1.0.0.0, časové razítko 0x4c8a90dc, kód výjimky
0xc0000005, posun chyby 0x0094c313, ID procesu 0x1564, čas spuštění aplikace 0x01cc6198b3908d20.

[ System Events ]
Error - 18.8.2011 2:40:39 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20.8.2011 10:05:18 | Computer Name = Michael-PC | Source = DCOM | ID = 10010
Description =

Error - 20.8.2011 17:00:25 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 21.8.2011 10:36:10 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 22.8.2011 3:25:36 | Computer Name = Michael-PC | Source = DCOM | ID = 10005
Description =

Error - 22.8.2011 3:25:36 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 22.8.2011 3:25:36 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24.8.2011 8:28:55 | Computer Name = Michael-PC | Source = DCOM | ID = 10005
Description =

Error - 24.8.2011 8:29:20 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 24.8.2011 8:29:20 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

karel22 · #4 Příspěvek od **karel22** » 24 srp 2011 15:13

1. část

OTL logfile created on: 24.8.2011 15:14:49 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Michael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,58% Memory free
4,24 Gb Paging File | 3,18 Gb Available in Paging File | 75,03% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,88 Gb Total Space | 84,64 Gb Free Space | 37,64% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.08.24 15:10:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.11.27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.09.08 11:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010.09.08 11:44:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010.09.08 11:42:28 | 005,185,536 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010.09.08 11:41:36 | 000,237,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.19 09:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007.09.10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007.05.04 13:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2007.03.01 16:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.01.18 14:03:10 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\FIJI\AOSD.exe
PRC - [2007.01.18 14:03:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\FIJI\ABoard.exe
PRC - [2006.11.03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2003.05.08 12:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

========== Modules (No Company Name) ==========

MOD - [2010.10.08 23:04:24 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_dd0fbbd4\mscorlib.dll
MOD - [2010.10.08 23:04:18 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_125702aa\system.xml.dll
MOD - [2010.10.08 23:04:15 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_aff66163\system.windows.forms.dll
MOD - [2010.10.08 23:04:10 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_66d12cd2\system.dll
MOD - [2010.10.08 23:04:02 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2008.09.14 13:21:21 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll
MOD - [2008.06.30 22:58:50 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008.06.30 22:58:49 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2008.06.30 22:58:49 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2008.03.30 16:22:42 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll
MOD - [2007.07.26 12:01:50 | 000,114,688 | ---- | M] () -- C:\Windows\System32\hppatusg01.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.14 14:01:27 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.08 11:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010.09.08 11:44:50 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010.09.08 11:41:36 | 000,237,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.19 09:33:40 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2008.01.19 09:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)

========== Driver Services (SafeList) ==========

DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) Ovladač protokolu RMCAST (Pgm)
DRV - [2009.02.13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.12.07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.29 11:20:55 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008.03.29 11:20:55 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008.01.19 08:08:49 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)
DRV - [2007.06.29 17:32:08 | 000,611,584 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [1997.12.23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.03 15:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.31 20:23:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.2\extensions\\Components: C:\Program Files\Flock\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.2\extensions\\Plugins: C:\Program Files\Flock\plugins [2011.06.19 00:56:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.1\extensions\\Components: C:\Program Files\Flock\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2011.06.19 00:56:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.18 21:44:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.19 00:56:55 | 000,000,000 | ---D | M]

[2010.03.15 21:12:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2008.11.28 12:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009.07.02 14:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009.02.08 19:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Profiles\9fd0ul13.mike\extensions
[2011.08.19 23:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Profiles\dynymnvd.Mike\extensions
[2010.04.28 19:45:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\Mozilla\Profiles\dynymnvd.Mike\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.15 19:31:24 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Profiles\dynymnvd.Mike\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.01.21 01:46:45 | 000,000,000 | ---D | M] (ÄŚeskĂ© slovnĂky pro kontrolu pravopisu) -- C:\Users\Michael\AppData\Roaming\Mozilla\Profiles\dynymnvd.Mike\extensions\cs@dictionaries.addons.mozilla.org
[2011.08.09 17:50:19 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Michael\AppData\Roaming\Mozilla\Profiles\dynymnvd.Mike\extensions\inboxcomtoolbar@inbox.com
[2011.04.11 15:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.02.11 14:29:47 | 000,000,000 | ---D | M] (ToggleEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
[2009.04.25 14:27:26 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2008.03.10 23:33:57 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.07.15 12:04:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.15 15:04:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.06 18:56:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.06 15:25:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.06 16:49:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.08.18 21:44:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.11.11 09:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.29 21:27:18 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.04.29 21:27:18 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.04.29 21:27:18 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.04.29 21:27:18 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.04.29 21:27:18 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.08.10 21:58:48 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\ABoard.exe (Packard Bell BV)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.28 12:28:13 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.08.05 22:02:54 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2011.08.24 15:10:38 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011.08.21 00:20:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\FIFA 11
[2011.08.21 00:17:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011.08.21 00:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2011.08.20 21:57:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\lowther péče

========== Files - Modified Within 7 Days ==========

[2011.08.24 15:18:32 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.24 15:10:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011.08.24 14:44:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.24 14:27:11 | 000,056,069 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.24 14:27:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.24 14:27:00 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002UA.job
[2011.08.24 14:26:38 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.08.24 14:26:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.24 14:26:23 | 000,056,069 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.24 14:26:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.24 14:26:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.24 11:27:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002Core.job
[2011.08.23 10:02:00 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.08.21 16:55:14 | 000,109,056 | ---- | M] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.20 21:10:21 | 000,687,874 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.08.20 21:10:21 | 000,674,466 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.20 21:10:21 | 000,154,076 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.08.20 21:10:21 | 000,132,282 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.20 19:16:03 | 2493,644,799 | ---- | M] () -- C:\Users\Michael\Desktop\rld-fi11.iso
[2011.08.20 19:12:16 | 000,022,753 | ---- | M] () -- C:\Users\Michael\Documents\údržba Lowther 1.odt
[2011.08.20 16:02:52 | 000,007,634 | ---- | M] () -- C:\Users\Michael\Documents\Bezlowtheru 1.odt
[2011.08.20 16:01:44 | 000,021,130 | ---- | M] () -- C:\Users\Michael\Documents\Bez názvu fl1.odt
[2011.08.19 20:33:33 | 000,021,344 | ---- | M] () -- C:\Users\Michael\Documents\Lowther čištění.odt
[2011.08.19 20:27:05 | 000,018,606 | ---- | M] () -- C:\Users\Michael\Documents\Bez názvu lowther1.odt
[2011.08.18 22:48:52 | 000,030,421 | ---- | M] () -- C:\Users\Michael\Documents\Bez názvu 1 (2).odt

========== Files Created - No Company Name ==========

[2011.08.24 15:18:32 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.20 16:02:49 | 000,007,634 | ---- | C] () -- C:\Users\Michael\Documents\Bezlowtheru 1.odt
[2011.08.20 14:51:12 | 2493,644,799 | ---- | C] () -- C:\Users\Michael\Desktop\rld-fi11.iso
[2011.08.20 14:01:19 | 000,022,753 | ---- | C] () -- C:\Users\Michael\Documents\údržba Lowther 1.odt
[2011.08.20 13:28:59 | 000,021,130 | ---- | C] () -- C:\Users\Michael\Documents\Bez názvu fl1.odt
[2011.08.19 20:27:03 | 000,018,606 | ---- | C] () -- C:\Users\Michael\Documents\Bez názvu lowther1.odt
[2011.08.19 19:47:18 | 000,021,344 | ---- | C] () -- C:\Users\Michael\Documents\Lowther čištění.odt
[2011.08.18 22:46:13 | 000,030,421 | ---- | C] () -- C:\Users\Michael\Documents\Bez názvu 1 (2).odt
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.01.04 12:35:09 | 000,002,276 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\mdbu.bin
[2010.07.22 03:21:26 | 040,490,118 | -HS- | C] () -- C:\Windows\mb_warband_upgrade_1100_to_1113.exe
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.07.05 19:25:36 | 000,000,532 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.04.05 14:55:20 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.04.05 14:55:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.02.28 01:12:31 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.02.27 14:32:45 | 000,000,169 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.02.27 14:08:36 | 000,000,148 | ---- | C] () -- C:\Windows\SDDINST.INI
[2009.12.20 12:05:33 | 000,056,069 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.12.20 12:05:33 | 000,056,069 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.11.15 21:07:36 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.11.15 21:07:22 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.11.15 21:07:19 | 002,395,944 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2009.10.24 21:32:24 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.10.24 21:32:24 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.09.23 19:10:08 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009.07.26 14:28:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.26 14:28:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.13 17:11:57 | 000,138,056 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\PnkBstrK.sys
[2009.07.12 18:07:01 | 000,000,552 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d8caps.dat
[2009.07.11 22:07:55 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2009.06.18 15:44:42 | 000,000,063 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.03.07 14:56:22 | 000,000,031 | ---- | C] () -- C:\Windows\System32\Days5.ini
[2009.02.23 13:18:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.01.25 17:28:03 | 000,000,088 | RHS- | C] () -- C:\ProgramData\831ACE19C4.sys
[2009.01.25 17:28:02 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.12.07 12:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008.11.21 19:08:11 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2008.11.04 23:20:20 | 000,023,888 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\UserTile.png
[2008.09.02 21:58:06 | 000,001,356 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2008.08.08 13:33:59 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008.08.08 13:33:59 | 000,000,139 | ---- | C] () -- C:\Windows\KPCMS.INI
[2008.08.08 13:30:22 | 000,298,496 | ---- | C] () -- C:\Windows\unin0405.exe
[2008.07.29 09:48:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.21 12:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\OODCNT.INI
[2008.07.01 12:03:53 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.07.01 10:32:00 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008.07.01 10:25:15 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008.07.01 10:24:58 | 000,000,021 | ---- | C] () -- C:\Windows\CS_setup.ini
[2008.07.01 10:01:40 | 000,000,021 | ---- | C] () -- C:\Windows\PS_setup.ini
[2008.06.30 20:40:15 | 000,109,056 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.30 20:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.06.30 20:30:11 | 000,000,095 | ---- | C] () -- C:\Users\Michael\AppData\Local\fusioncache.dat
[2008.03.11 07:32:52 | 000,687,874 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2008.03.11 07:32:52 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2008.03.11 07:32:52 | 000,154,076 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2008.03.11 07:32:52 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2008.03.10 23:38:28 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2007.08.23 10:34:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2007.07.26 12:01:50 | 000,114,688 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007.02.13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,299,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 14:35:28 | 000,000,041 | ---- | C] () -- C:\Windows\System32\mqtgsvc.exe.cfg
[2006.11.02 12:33:01 | 000,674,466 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,132,282 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.01.08 16:53:24 | 000,005,120 | ---- | C] () -- C:\Windows\System32\hash2.dll
[2001.09.21 06:00:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\InTouchViewer.dll
[2001.09.21 05:59:38 | 000,094,208 | ---- | C] () -- C:\Windows\System32\InTouchCOMClient.dll
[2001.09.17 09:49:22 | 000,421,888 | R--- | C] () -- C:\Windows\System32\XMLParser.dll
[2001.09.17 09:49:20 | 000,573,440 | R--- | C] () -- C:\Windows\System32\dbsock.dll
[2001.09.17 09:49:20 | 000,118,784 | R--- | C] () -- C:\Windows\System32\Transport.dll
[2001.09.17 09:48:54 | 000,503,808 | R--- | C] () -- C:\Windows\System32\lt_xtrans.dll
[2001.09.17 09:48:54 | 000,286,720 | R--- | C] () -- C:\Windows\System32\MrSIDD.dll
[2001.09.17 09:48:54 | 000,163,840 | R--- | C] () -- C:\Windows\System32\lt_common.dll
[2001.09.17 09:48:54 | 000,126,976 | R--- | C] () -- C:\Windows\System32\lt_trans.dll
[2001.09.17 09:48:54 | 000,069,632 | R--- | C] () -- C:\Windows\System32\lt_meta.dll
[2001.09.17 09:48:54 | 000,053,248 | R--- | C] () -- C:\Windows\System32\lt_encrypt.dll
[2001.09.17 09:48:54 | 000,020,480 | R--- | C] () -- C:\Windows\System32\lt_messagetext.dll
[2001.09.17 09:48:52 | 000,006,688 | R--- | C] () -- C:\Windows\System32\Digita.sys
[2001.09.17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportUSB.dll
[2001.09.17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportSerial.dll
[2001.09.17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrDA.dll
[2001.09.17 09:48:48 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrCOMM.dll

========== LOP Check ==========

[2008.07.23 20:07:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ACD Systems
[2009.08.14 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ashampoo
[2009.08.07 11:13:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Auslogics
[2009.07.12 14:37:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Bioshock
[2010.07.05 20:09:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2008.11.28 12:39:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008.07.23 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CoSoSys
[2009.02.02 15:20:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DriverCure
[2011.04.11 15:48:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2011.04.11 15:48:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.09.05 20:37:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Fit3DLive
[2009.08.07 21:14:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Flock
[2009.02.24 01:03:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FreeLanguageTranslator
[2010.07.05 19:50:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GetRightToGo
[2009.08.07 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GlarySoft
[2009.12.21 13:01:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Global Graphics
[2011.08.23 09:18:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\go
[2009.12.21 13:36:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtc
[2011.04.28 14:07:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2010.09.20 17:57:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Hardcore
[2011.04.11 19:37:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ICQ
[2008.07.01 12:03:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ICQ Toolbar
[2009.04.13 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Inkscape
[2009.02.21 23:59:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IObit
[2008.07.16 16:12:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LANGMaster
[2008.07.07 19:25:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LangSoft
[2011.08.21 00:17:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2010.02.20 15:49:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LimeWire
[2010.06.28 12:11:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mount&Blade Warband
[2009.05.09 13:07:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia
[2009.03.22 18:15:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenOffice.org
[2008.07.01 11:33:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenOffice.org3
[2008.06.30 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Packard Bell
[2009.05.09 18:06:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite
[2008.11.04 23:20:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PeerNetworking
[2010.06.21 20:25:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Plan It Green Files
[2008.12.10 14:07:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Scanahand
[2008.07.01 10:03:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ScanSoft
[2010.02.10 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SuperMP3Download
[2010.02.26 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TeamViewer
[2009.06.18 14:47:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Teeworlds
[2011.08.20 21:01:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uTorrent
[2010.10.24 19:15:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer
[2011.08.24 12:09:43 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\erdnt\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.11 08:05:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.03.11 08:05:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.03.11 08:05:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.19 09:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\erdnt\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 09:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\erdnt\cache\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\System32\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.03.11 08:01:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.03.11 08:01:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 08:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\drivers\isapnp.sys
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.06.15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\erdnt\cache\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\erdnt\cache\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\erdnt\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

karel22 · #5 Příspěvek od **karel22** » 24 srp 2011 15:14

2. část

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\erdnt\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.01.19 09:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2008.03.11 08:01:00 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=028061C7F6D2D03068C72E2A27E4228A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
[2009.04.11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.12.08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011.06.17 22:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\System32\drivers\tcpip.sys
[2011.06.17 22:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2008.03.11 08:01:00 | 000,804,352 | ---- | M] (Microsoft Corporation) MD5=43EAE40B50FE3E60D194DD9C97EBB1FD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
[2009.12.08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2008.03.11 08:08:21 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2009.12.08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2008.03.11 08:08:21 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010.06.16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\erdnt\cache\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011.06.17 22:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010.06.16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.12.08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009.12.08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006.11.02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008.01.19 09:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\erdnt\cache\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[16 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.07.23 20:07:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ACD Systems
[2011.03.10 01:46:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Adobe
[2008.07.20 19:41:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Apple Computer
[2008.09.19 15:36:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ArcSoft
[2009.08.14 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ashampoo
[2009.08.07 11:13:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Auslogics
[2009.07.12 14:37:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Bioshock
[2010.07.05 20:09:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2008.11.28 12:39:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008.07.23 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CoSoSys
[2009.02.02 15:20:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DriverCure
[2011.03.04 13:45:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\dvdcss
[2011.04.11 15:48:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2011.04.11 15:48:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.09.05 20:37:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Fit3DLive
[2009.08.07 21:14:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Flock
[2009.02.24 01:03:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FreeLanguageTranslator
[2010.07.05 19:50:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GetRightToGo
[2009.08.07 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GlarySoft
[2009.12.21 13:01:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Global Graphics
[2011.08.23 09:18:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\go
[2010.02.19 21:27:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Google
[2009.12.21 13:36:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtc
[2011.04.28 14:07:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2010.09.20 17:57:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Hardcore
[2011.04.11 19:37:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ICQ
[2008.07.01 12:03:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ICQ Toolbar
[2008.06.30 20:29:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Identities
[2009.04.13 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Inkscape
[2008.10.05 20:29:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\InstallShield
[2009.02.21 23:59:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IObit
[2008.07.16 16:12:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LANGMaster
[2008.07.07 19:25:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LangSoft
[2011.08.21 00:17:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2010.02.20 15:49:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LimeWire
[2008.06.30 22:47:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Macromedia
[2009.04.13 21:32:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Media Center Programs
[2011.03.10 01:46:10 | 000,000,000 | --SD | M] -- C:\Users\Michael\AppData\Roaming\Microsoft
[2010.12.05 14:45:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Motive
[2010.06.28 12:11:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mount&Blade Warband
[2009.02.08 19:05:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla
[2010.02.20 12:54:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nero
[2009.05.09 13:07:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia
[2010.12.30 20:06:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NVIDIA
[2009.03.22 18:15:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenOffice.org
[2009.03.22 18:10:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenOffice.org2
[2008.07.01 11:33:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenOffice.org3
[2008.06.30 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Packard Bell
[2009.05.09 18:06:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite
[2008.11.04 23:20:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PeerNetworking
[2010.06.21 20:25:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Plan It Green Files
[2011.04.19 18:45:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PSpad
[2010.04.15 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Real
[2008.11.19 10:44:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Roxio
[2008.12.10 14:07:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Scanahand
[2008.07.01 10:03:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ScanSoft
[2010.04.26 15:03:33 | 000,000,000 | RH-D | M] -- C:\Users\Michael\AppData\Roaming\SecuROM
[2010.03.21 15:00:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Sibelius Software
[2011.08.23 10:17:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Skype
[2011.05.29 16:07:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\skypePM
[2010.12.31 00:56:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Sony Corporation
[2008.11.18 01:42:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Sun
[2009.10.04 18:43:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
[2010.02.10 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SuperMP3Download
[2008.06.30 20:35:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Talkback
[2009.11.10 20:47:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\teamspeak2
[2010.02.26 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TeamViewer
[2009.06.18 14:47:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Teeworlds
[2011.08.20 21:01:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uTorrent
[2010.03.27 21:52:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ventrilo
[2011.07.12 11:30:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\vlc
[2010.10.24 19:15:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer
[2010.09.18 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Xfire

< %APPDATA%\*.exe /s >
[2009.07.02 14:09:20 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\Michael\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
[2009.07.02 14:09:20 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\Michael\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
[2009.07.02 14:09:20 | 000,014,848 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
[2009.07.02 14:09:20 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\Michael\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
[2009.07.02 14:09:20 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\Michael\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
[2009.07.02 14:09:20 | 000,018,432 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
[2009.07.02 14:09:20 | 000,014,336 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
[2009.07.02 14:09:20 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\Michael\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009.07.02 14:09:20 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\Michael\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.08.24 14:26:23 | 000,003,168 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.24 14:26:24 | 000,003,168 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.24 14:26:38 | 000,065,536 | ---- | M] () -- C:\Windows\system32\Ikeext.etl

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.19 09:33:09 | 000,125,952 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010.06.15 07:56:22 | 000,136,176 | ---- | M] (Google Inc.)
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe -- [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.24 15:18:32 | 000,000,512 | ---- | M] () MD5=15C49F01F64ACECBE89B0D71A9C799DD -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{f3c4c7a2-1b8d-45b7-9f71-a3b745227476}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{f3c4c7a2-1b8d-45b7-9f71-a3b745227476}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{e3b44c9f-235a-4fa0-b429-338621a9e6a2}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{e3b44c9f-235a-4fa0-b429-338621a9e6a2}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{e29a409a-3e16-4cdc-906d-e3e01ea7da79}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{e29a409a-3e16-4cdc-906d-e3e01ea7da79}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{debf9d95-7e2c-46cf-901a-40b2ee437fe8}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{debf9d95-7e2c-46cf-901a-40b2ee437fe8}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{c3dbde31-d961-4e31-b841-ab044f679546}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{c3dbde31-d961-4e31-b841-ab044f679546}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{bfaff184-4edd-424a-b818-d8a31aa7e2a0}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{bfaff184-4edd-424a-b818-d8a31aa7e2a0}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{a574f16b-af75-49f4-b693-3585c2e0a704}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{a574f16b-af75-49f4-b693-3585c2e0a704}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{8fb808da-3cef-4f5f-b247-3ed20e13f665}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{8fb808da-3cef-4f5f-b247-3ed20e13f665}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{8c018919-38d9-4ecb-9b19-77ba6722cb6e}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{8c018919-38d9-4ecb-9b19-77ba6722cb6e}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{84501fe5-34bf-4d71-8584-64b14b2c778b}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{84501fe5-34bf-4d71-8584-64b14b2c778b}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{7fe4658b-79bf-4f02-8bd3-2bdc616e1963}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{7fe4658b-79bf-4f02-8bd3-2bdc616e1963}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{7d94d4ef-72b5-4fc6-a2ac-d3c0d13c9a76}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{7d94d4ef-72b5-4fc6-a2ac-d3c0d13c9a76}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{5b8acd0f-8c25-4756-b6dc-678b3dc48092}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{5b8acd0f-8c25-4756-b6dc-678b3dc48092}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{539d878e-0917-4907-84c2-ff34087d7a6d}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{539d878e-0917-4907-84c2-ff34087d7a6d}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{4fb58209-499d-4ffe-86f2-5554cc47a3ef}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{4fb58209-499d-4ffe-86f2-5554cc47a3ef}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{475f8f21-3823-40ce-8930-7bd728b65cd6}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{475f8f21-3823-40ce-8930-7bd728b65cd6}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{4487cac9-9ddc-480f-92ee-1f2c08e9fae2}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{4487cac9-9ddc-480f-92ee-1f2c08e9fae2}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2f59b893-549d-42aa-8d40-3b00e7df2bd0}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2f59b893-549d-42aa-8d40-3b00e7df2bd0}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2f051cc6-93b0-4996-882d-1b3b06fac089}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2f051cc6-93b0-4996-882d-1b3b06fac089}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2e60b798-4d7d-4cc9-a026-dccd8299cb68}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2e60b798-4d7d-4cc9-a026-dccd8299cb68}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{227a2327-48d1-47fa-b7b7-be33bd6ad6f5}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{227a2327-48d1-47fa-b7b7-be33bd6ad6f5}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{14198da2-3b5d-47d5-a843-39c113f83cc4}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{14198da2-3b5d-47d5-a843-39c113f83cc4}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{04d47f34-a921-48ee-878a-5706a778f7b8}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{04d47f34-a921-48ee-878a-5706a778f7b8}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_65078a3e:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_2a7adb02:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_eecbd9eb:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_307fbde5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\pccswpddriver.inf_b43d96b2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_5f8b7288:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_d5e7056e:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\nmwcdnsuc.inf_545c47c7:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\nmwcdnsu.inf_add8f2b2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\ccdcmbo.inf_0b649316:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\ccdcmbm.inf_65311714:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\ccdcmbcj.inf_6fbfd776:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\ccdcmb.inf_0c298eaf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_201caa7f:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\config\systemprofile\Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00006p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00006m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00005p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00005m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00004p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00004m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00003p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00003m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00002p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00002m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00001p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00001m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Tepla 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Taneční:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\svatba jánský:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Sony PMB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\sčítání lidu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Řím 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Raduga po novomu 2 testy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\přibil, praha,únor,2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Praha2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\pátek aj:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\olejomalby:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\nejrůznější:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\nejlepší literatura:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Mount&Blade Warband:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Mount&Blade Warband Savegames:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\maturita:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\mateřská školka:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\laky , různé:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\konopí:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\jíra a další:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Image-Line:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\hlubočepy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\gymnázium ostrov:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\foto pavlik narozeniny:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\FIFA 11:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\EA Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\DCIM:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\classic foto:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\byty myslbekova:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\ascot.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Anička:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Anglie:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\5 chyb, které vás mohou při předjíždění stát život - Rady a tipy _ Autoweb.cz_soubory:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Desktop\rld-fi11.iso:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Desktop\otlx:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Desktop\obrazy různé:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Desktop\lowther péče:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Desktop\iPod Photo Cache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voice Manager:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voice Manager:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soldiers of Anarchy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AusLogics Disk Defrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip:Roxio EMC Stream
@Alternate Data Stream - 5384 bytes -> C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 5384 bytes -> C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 5384 bytes -> C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 5384 bytes -> C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh

< End of report >

#6 Příspěvek od **vyosek** » 24 srp 2011 19:21

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
[2011.08.15 19:31:24 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Profiles\dynymnvd.Mike\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.08.09 17:50:19 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Michael\AppData\Roaming\Mozilla\Profiles\dynymnvd.Mike\extensions\inboxcomtoolbar@inbox.com
[2009.02.11 14:29:47 | 000,000,000 | ---D | M] (ToggleEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
[2009.07.15 12:04:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3175424738-3105269781-473552097-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[16 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{f3c4c7a2-1b8d-45b7-9f71-a3b745227476}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{f3c4c7a2-1b8d-45b7-9f71-a3b745227476}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{e3b44c9f-235a-4fa0-b429-338621a9e6a2}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{e3b44c9f-235a-4fa0-b429-338621a9e6a2}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{e29a409a-3e16-4cdc-906d-e3e01ea7da79}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{e29a409a-3e16-4cdc-906d-e3e01ea7da79}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{debf9d95-7e2c-46cf-901a-40b2ee437fe8}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{debf9d95-7e2c-46cf-901a-40b2ee437fe8}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{c3dbde31-d961-4e31-b841-ab044f679546}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{c3dbde31-d961-4e31-b841-ab044f679546}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{bfaff184-4edd-424a-b818-d8a31aa7e2a0}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{bfaff184-4edd-424a-b818-d8a31aa7e2a0}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{a574f16b-af75-49f4-b693-3585c2e0a704}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{a574f16b-af75-49f4-b693-3585c2e0a704}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{8fb808da-3cef-4f5f-b247-3ed20e13f665}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{8fb808da-3cef-4f5f-b247-3ed20e13f665}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{8c018919-38d9-4ecb-9b19-77ba6722cb6e}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{8c018919-38d9-4ecb-9b19-77ba6722cb6e}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{84501fe5-34bf-4d71-8584-64b14b2c778b}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{84501fe5-34bf-4d71-8584-64b14b2c778b}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{7fe4658b-79bf-4f02-8bd3-2bdc616e1963}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{7fe4658b-79bf-4f02-8bd3-2bdc616e1963}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{7d94d4ef-72b5-4fc6-a2ac-d3c0d13c9a76}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{7d94d4ef-72b5-4fc6-a2ac-d3c0d13c9a76}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{5b8acd0f-8c25-4756-b6dc-678b3dc48092}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{5b8acd0f-8c25-4756-b6dc-678b3dc48092}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{539d878e-0917-4907-84c2-ff34087d7a6d}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{539d878e-0917-4907-84c2-ff34087d7a6d}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{4fb58209-499d-4ffe-86f2-5554cc47a3ef}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{4fb58209-499d-4ffe-86f2-5554cc47a3ef}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{475f8f21-3823-40ce-8930-7bd728b65cd6}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{475f8f21-3823-40ce-8930-7bd728b65cd6}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{4487cac9-9ddc-480f-92ee-1f2c08e9fae2}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{4487cac9-9ddc-480f-92ee-1f2c08e9fae2}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2f59b893-549d-42aa-8d40-3b00e7df2bd0}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2f59b893-549d-42aa-8d40-3b00e7df2bd0}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2f051cc6-93b0-4996-882d-1b3b06fac089}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2f051cc6-93b0-4996-882d-1b3b06fac089}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2e60b798-4d7d-4cc9-a026-dccd8299cb68}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{2e60b798-4d7d-4cc9-a026-dccd8299cb68}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{227a2327-48d1-47fa-b7b7-be33bd6ad6f5}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{227a2327-48d1-47fa-b7b7-be33bd6ad6f5}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{14198da2-3b5d-47d5-a843-39c113f83cc4}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{14198da2-3b5d-47d5-a843-39c113f83cc4}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{04d47f34-a921-48ee-878a-5706a778f7b8}\Package:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\Temp\{04d47f34-a921-48ee-878a-5706a778f7b8}:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_65078a3e:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_2a7adb02:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_eecbd9eb:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_307fbde5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\pccswpddriver.inf_b43d96b2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_5f8b7288:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_d5e7056e:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\nmwcdnsuc.inf_545c47c7:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\nmwcdnsu.inf_add8f2b2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\ccdcmbo.inf_0b649316:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\ccdcmbm.inf_65311714:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\ccdcmbcj.inf_6fbfd776:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\ccdcmb.inf_0c298eaf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_201caa7f:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\System32\config\systemprofile\Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00006p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00006m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00005p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00005m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00004p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00004m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00003p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00003m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00002p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00002m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00001p3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Windows\PixArt\Pac207\p00001m3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Tepla 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Taneční:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\svatba jánský:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Sony PMB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\sčítání lidu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Řím 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Raduga po novomu 2 testy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\přibil, praha,únor,2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Praha2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\pátek aj:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\olejomalby:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\nejrůznější:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\nejlepší literatura:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Mount&Blade Warband:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Mount&Blade Warband Savegames:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\maturita:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\mateřská školka:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\laky , různé:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\konopí:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\jíra a další:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Image-Line:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\hlubočepy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\gymnázium ostrov:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\foto pavlik narozeniny:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\FIFA 11:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\EA Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\DCIM:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\classic foto:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\byty myslbekova:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\ascot.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Anička:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\Anglie:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Documents\5 chyb, které vás mohou při předjíždění stát život - Rady a tipy _ Autoweb.cz_soubory:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Desktop\rld-fi11.iso:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Desktop\otlx:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Desktop\obrazy různé:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Desktop\lowther péče:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\Desktop\iPod Photo Cache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voice Manager:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voice Manager:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soldiers of Anarchy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AusLogics Disk Defrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip:Roxio EMC Stream
@Alternate Data Stream - 5384 bytes -> C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 5384 bytes -> C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 5384 bytes -> C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 5384 bytes -> C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"iTunesHelper"=-
"Adobe ARM"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"WMPNSCFG"=- 

:services
ICQ Service
gupdate1c98ca02a73add0
gupdatem

:files
C:\Program Files\uTorrentBar
C:\Program Files\ICQ6Toolbar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

karel22 · #7 Příspěvek od **karel22** » 26 srp 2011 18:11

po první opravě program přestal odpovídat a počítač jsem musel vypnout
po druhé se to už povedlo

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\S-1-5-21-3175424738-3105269781-473552097-1002\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3175424738-3105269781-473552097-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Folder C:\Users\Michael\AppData\Roaming\Mozilla\Profiles\dynymnvd.Mike\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Folder C:\Users\Michael\AppData\Roaming\Mozilla\Profiles\dynymnvd.Mike\extensions\inboxcomtoolbar@inbox.com\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_USERS\S-1-5-21-3175424738-3105269781-473552097-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3175424738-3105269781-473552097-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-3175424738-3105269781-473552097-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3175424738-3105269781-473552097-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-3175424738-3105269781-473552097-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
File/Folder C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp not found.
File/Folder C:\Windows\Installer\*.tmp not found.
File delete failed. C:\Windows\Temp\JETA0E.tmp scheduled to be deleted on reboot.
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{f3c4c7a2-1b8d-45b7-9f71-a3b745227476}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{f3c4c7a2-1b8d-45b7-9f71-a3b745227476}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{e3b44c9f-235a-4fa0-b429-338621a9e6a2}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{e3b44c9f-235a-4fa0-b429-338621a9e6a2}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{e29a409a-3e16-4cdc-906d-e3e01ea7da79}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{e29a409a-3e16-4cdc-906d-e3e01ea7da79}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{debf9d95-7e2c-46cf-901a-40b2ee437fe8}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{debf9d95-7e2c-46cf-901a-40b2ee437fe8}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{c3dbde31-d961-4e31-b841-ab044f679546}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{c3dbde31-d961-4e31-b841-ab044f679546}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{bfaff184-4edd-424a-b818-d8a31aa7e2a0}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{bfaff184-4edd-424a-b818-d8a31aa7e2a0}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{a574f16b-af75-49f4-b693-3585c2e0a704}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{a574f16b-af75-49f4-b693-3585c2e0a704}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{8fb808da-3cef-4f5f-b247-3ed20e13f665}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{8fb808da-3cef-4f5f-b247-3ed20e13f665}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{8c018919-38d9-4ecb-9b19-77ba6722cb6e}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{8c018919-38d9-4ecb-9b19-77ba6722cb6e}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{84501fe5-34bf-4d71-8584-64b14b2c778b}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{84501fe5-34bf-4d71-8584-64b14b2c778b}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{7fe4658b-79bf-4f02-8bd3-2bdc616e1963}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{7fe4658b-79bf-4f02-8bd3-2bdc616e1963}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{7d94d4ef-72b5-4fc6-a2ac-d3c0d13c9a76}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{7d94d4ef-72b5-4fc6-a2ac-d3c0d13c9a76}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{5b8acd0f-8c25-4756-b6dc-678b3dc48092}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{5b8acd0f-8c25-4756-b6dc-678b3dc48092}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{539d878e-0917-4907-84c2-ff34087d7a6d}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{539d878e-0917-4907-84c2-ff34087d7a6d}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{4fb58209-499d-4ffe-86f2-5554cc47a3ef}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{4fb58209-499d-4ffe-86f2-5554cc47a3ef}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{475f8f21-3823-40ce-8930-7bd728b65cd6}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{475f8f21-3823-40ce-8930-7bd728b65cd6}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{4487cac9-9ddc-480f-92ee-1f2c08e9fae2}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{4487cac9-9ddc-480f-92ee-1f2c08e9fae2}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{2f59b893-549d-42aa-8d40-3b00e7df2bd0}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{2f59b893-549d-42aa-8d40-3b00e7df2bd0}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{2f051cc6-93b0-4996-882d-1b3b06fac089}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{2f051cc6-93b0-4996-882d-1b3b06fac089}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{2e60b798-4d7d-4cc9-a026-dccd8299cb68}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{2e60b798-4d7d-4cc9-a026-dccd8299cb68}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{227a2327-48d1-47fa-b7b7-be33bd6ad6f5}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{227a2327-48d1-47fa-b7b7-be33bd6ad6f5}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{14198da2-3b5d-47d5-a843-39c113f83cc4}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{14198da2-3b5d-47d5-a843-39c113f83cc4}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{04d47f34-a921-48ee-878a-5706a778f7b8}\Package:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\Temp\{04d47f34-a921-48ee-878a-5706a778f7b8}:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_65078a3e:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_2a7adb02:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_eecbd9eb:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_307fbde5:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\pccswpddriver.inf_b43d96b2:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_5f8b7288:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_d5e7056e:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\nmwcdnsuc.inf_545c47c7:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\nmwcdnsu.inf_add8f2b2:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\ccdcmbo.inf_0b649316:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\ccdcmbm.inf_65311714:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\ccdcmbcj.inf_6fbfd776:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\ccdcmb.inf_0c298eaf:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_201caa7f:Roxio EMC Stream .
Unable to delete ADS C:\Windows\System32\config\systemprofile\Music:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00006p3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00006m3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00005p3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00005m3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00004p3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00004m3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00003p3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00003m3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00002p3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00002m3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00001p3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Windows\PixArt\Pac207\p00001m3.bmp:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\Tepla 2011:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\Taneční:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\svatba jánský:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\Sony PMB:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\sčítání lidu:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\Řím 2011:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\Raduga po novomu 2 testy:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\přibil, praha,únor,2008:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\Praha2010:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\pátek aj:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\olejomalby:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\nejrůznější:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\nejlepší literatura:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\Mount&Blade Warband:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\Mount&Blade Warband Savegames:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\maturita:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\mateřská školka:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\laky , různé:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\konopí:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\jíra a další:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\Image-Line:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\hlubočepy:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\gymnázium ostrov:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\foto pavlik narozeniny:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\FIFA 11:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\EA Games:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\DCIM:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\classic foto:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\byty myslbekova:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\ascot.gif:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\Anička:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\Anglie:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Documents\5 chyb, které vás mohou při předjíždění stát život - Rady a tipy _ Autoweb.cz_soubory:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Desktop\rld-fi11.iso:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Desktop\otlx:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Desktop\obrazy různé:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Desktop\lowther péče:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\Desktop\iPod Photo Cache:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voice Manager:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam:Roxio EMC Stream .
Unable to delete ADS C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP:Roxio EMC Stream .
Unable to delete ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voice Manager:Roxio EMC Stream .
Unable to delete ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam:Roxio EMC Stream .
Unable to delete ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soldiers of Anarchy:Roxio EMC Stream .
Unable to delete ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3:Roxio EMC Stream .
Unable to delete ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft:Roxio EMC Stream .
Unable to delete ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP:Roxio EMC Stream .
Unable to delete ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater:Roxio EMC Stream .
Unable to delete ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AusLogics Disk Defrag:Roxio EMC Stream .
Unable to delete ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe:Roxio EMC Stream .
Unable to delete ADS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip:Roxio EMC Stream .
Unable to delete ADS C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh .
Unable to delete ADS C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh .
Unable to delete ADS C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh .
Unable to delete ADS C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG not found.
========== SERVICES/DRIVERS ==========
Error: No service named ICQ Service was found to stop!
Service\Driver key ICQ Service not found.
Error: No service named gupdate1c98ca02a73add0 was found to stop!
Service\Driver key gupdate1c98ca02a73add0 not found.
Error: No service named gupdatem was found to stop!
Service\Driver key gupdatem not found.
========== FILES ==========
File\Folder C:\Program Files\uTorrentBar not found.
File\Folder C:\Program Files\ICQ6Toolbar not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michael
->Temp folder emptied: 573303 bytes
->Temporary Internet Files folder emptied: 33184 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Mike
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1590770 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Michael
->Flash cache emptied: 0 bytes

User: Mike

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.26.5 log created on 08262011_185750

Files\Folders moved on Reboot...
C:\Windows\Temp\JETA0E.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000004F1AA186FC424CC1E3 not found!
C:\Windows\temp\~ROMFN_00000FAC moved successfully.

Registry entries deleted on Reboot...

#8 Příspěvek od **vyosek** » 26 srp 2011 18:14

Ne vse se nam smazalo, takze tam pustime poradny nastroj

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

karel22 · #9 Příspěvek od **karel22** » 26 srp 2011 18:41

ComboFix 11-08-26.04 - Michael 26.08.2011 19:23:37.6.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1076 [GMT 2:00]
Spuštěný z: c:\users\Michael\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\Michael\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf
c:\users\Michael\xobglu32.dll
c:\windows\IsUn0405.exe
c:\windows\system32\comct332.ocx
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-26 do 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-26 16:06 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7F816C1-90E9-4412-BD28-5872E7DD0F3D}\mpengine.dll
2011-08-26 16:06 . 2011-08-26 16:06 -------- dc----w- C:\_OTL
2011-08-24 13:18 . 2011-08-24 13:18 512 -c--a-w- C:\PhysicalMBR.bin
2011-08-24 01:38 . 2011-07-11 13:25 2048 -c--a-w- c:\windows\system32\tzres.dll
2011-08-20 22:17 . 2011-08-20 22:17 -------- dc----w- c:\users\Michael\AppData\Roaming\Leadertech
2011-08-20 22:07 . 2011-08-20 22:07 -------- dc----w- c:\program files\EA Sports
2011-08-10 20:22 . 2011-06-17 16:03 375808 -c--a-w- c:\windows\system32\winsrv.dll
2011-08-10 20:22 . 2011-07-06 15:31 214016 -c--a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:22 . 2011-06-06 10:59 2409784 -c--a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 20:21 . 2011-06-20 08:54 3602832 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 20:21 . 2011-06-20 08:54 3550096 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 20:21 . 2011-06-17 20:13 905104 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 15:51 . 2011-08-10 07:04 -------- dc----w- c:\program files\PCPowerSpeed
2011-08-09 15:50 . 2011-08-26 16:06 -------- dc----w- c:\program files\Inbox Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-04-21 14:59 40112 -c--a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2008-11-15 12:13 199304 -c--a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-04-21 14:59 441176 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2008-11-15 12:13 309848 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2008-11-15 12:13 43608 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2008-11-15 12:13 25432 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2008-11-15 12:13 54104 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2008-11-15 12:13 19544 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-02 13:34 . 2011-07-13 10:34 2043392 -c--a-w- c:\windows\system32\win32k.sys
2011-08-18 19:44 . 2011-04-11 13:29 134104 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-03-20 12:43 . 2008-03-10 21:39 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-07-22 01:21 40490118 -csh--w- c:\windows\mb_warband_upgrade_1100_to_1113.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-1 113664]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3175424738-3105269781-473552097-1002]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-03-20 30192]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WMSvc;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352]
S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 23:26]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 23:26]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 05:56]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 05:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mStart Page =
mSearch bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-Adobe Illustrator 7.0.1 CZ - c:\windows\unin0405.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-26 19:33
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-08-26 19:39:04
ComboFix-quarantined-files.txt 2011-08-26 17:39
.
Před spuštěním: Volných bajtů: 91 059 900 416
Po spuštění: Volných bajtů: 91 005 005 824
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 5838024FD58AF1997862172B724B2DE6

#10 Příspěvek od **vyosek** » 27 srp 2011 06:23

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\Inbox Toolbar

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

File::
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002UA.job

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

FixCSet::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

karel22 · #11 Příspěvek od **karel22** » 27 srp 2011 11:56

ComboFix 11-08-27.01 - Michael 27.08.2011 12:22:27.7.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1176 [GMT 2:00]
Spuštěný z: c:\users\Michael\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michael\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Google Software Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Inbox Toolbar
c:\program files\Inbox Toolbar\Buttons\black_brown.xml
c:\program files\Inbox Toolbar\Buttons\publictransport_bus_cz.xml
c:\program files\Inbox Toolbar\Buttons\publictransport_ids_cz.xml
c:\program files\Inbox Toolbar\Buttons\publictransport_mhd_cz.xml
c:\program files\Inbox Toolbar\Buttons\publictransport_search_cz.xml
c:\program files\Inbox Toolbar\Buttons\publictransport_trains_cz.xml
c:\program files\Inbox Toolbar\Inbox.exe
c:\program files\Inbox Toolbar\Inbox.ini
c:\program files\Inbox Toolbar\unins000.dat
c:\program files\Inbox Toolbar\unins000.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-27 do 2011-08-27 )))))))))))))))))))))))))))))))
.
.
2011-08-27 10:44 . 2011-08-27 10:49 -------- dc----w- c:\users\Michael\AppData\Local\temp
2011-08-27 10:44 . 2011-08-27 10:44 -------- dc----w- c:\users\Public\AppData\Local\temp
2011-08-27 10:44 . 2011-08-27 10:44 -------- dc----w- c:\users\Mike\AppData\Local\temp
2011-08-27 10:44 . 2011-08-27 10:44 -------- dc----w- c:\users\Default\AppData\Local\temp
2011-08-26 16:06 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7F816C1-90E9-4412-BD28-5872E7DD0F3D}\mpengine.dll
2011-08-26 16:06 . 2011-08-26 16:06 -------- dc----w- C:\_OTL
2011-08-24 13:18 . 2011-08-24 13:18 512 -c--a-w- C:\PhysicalMBR.bin
2011-08-24 01:38 . 2011-07-11 13:25 2048 -c--a-w- c:\windows\system32\tzres.dll
2011-08-20 22:17 . 2011-08-20 22:17 -------- dc----w- c:\users\Michael\AppData\Roaming\Leadertech
2011-08-20 22:07 . 2011-08-20 22:07 -------- dc----w- c:\program files\EA Sports
2011-08-10 20:22 . 2011-06-17 16:03 375808 -c--a-w- c:\windows\system32\winsrv.dll
2011-08-10 20:22 . 2011-07-06 15:31 214016 -c--a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:22 . 2011-06-06 10:59 2409784 -c--a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 20:21 . 2011-06-20 08:54 3602832 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 20:21 . 2011-06-20 08:54 3550096 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 20:21 . 2011-06-17 20:13 905104 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 15:51 . 2011-08-10 07:04 -------- dc----w- c:\program files\PCPowerSpeed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-04-21 14:59 40112 -c--a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2008-11-15 12:13 199304 -c--a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-04-21 14:59 441176 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2008-11-15 12:13 309848 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2008-11-15 12:13 43608 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2008-11-15 12:13 25432 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2008-11-15 12:13 54104 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2008-11-15 12:13 19544 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-02 13:34 . 2011-07-13 10:34 2043392 -c--a-w- c:\windows\system32\win32k.sys
2011-08-18 19:44 . 2011-04-11 13:29 134104 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-03-20 12:43 . 2008-03-10 21:39 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-07-22 01:21 40490118 -csh--w- c:\windows\mb_warband_upgrade_1100_to_1113.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-1 113664]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3175424738-3105269781-473552097-1002]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-03-20 30192]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WMSvc;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352]
S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 23:26]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 23:26]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 05:56]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 05:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mStart Page =
mSearch bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 - c:\program files\Inbox Toolbar\unins000.exe
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(6092)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\mqsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-08-27 12:54:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-27 10:54
ComboFix2.txt 2011-08-26 17:39
.
Před spuštěním: Volných bajtů: 91 015 860 224
Po spuštění: Volných bajtů: 91 286 790 144
.
- - End Of File - - 537A2242069614AE3531DCF290F2372A

#12 Příspěvek od **vyosek** » 27 srp 2011 13:38

Jeste jeden skript pro ComboFix - postup je stejny

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002UA.job

Reboot::

karel22 · #13 Příspěvek od **karel22** » 28 srp 2011 11:12

ComboFix 11-08-27.01 - Michael 28.08.2011 11:34:16.8.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1085 [GMT 2:00]
Spuštěný z: c:\users\Michael\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michael\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175424738-3105269781-473552097-1002UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-28 09:55 . 2011-08-28 09:59 -------- dc----w- c:\users\Michael\AppData\Local\temp
2011-08-28 09:55 . 2011-08-28 09:55 -------- dc----w- c:\users\Public\AppData\Local\temp
2011-08-28 09:55 . 2011-08-28 09:55 -------- dc----w- c:\users\Mike\AppData\Local\temp
2011-08-28 09:55 . 2011-08-28 09:55 -------- dc----w- c:\users\Default\AppData\Local\temp
2011-08-26 16:06 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7F816C1-90E9-4412-BD28-5872E7DD0F3D}\mpengine.dll
2011-08-26 16:06 . 2011-08-26 16:06 -------- dc----w- C:\_OTL
2011-08-24 13:18 . 2011-08-24 13:18 512 -c--a-w- C:\PhysicalMBR.bin
2011-08-24 01:38 . 2011-07-11 13:25 2048 -c--a-w- c:\windows\system32\tzres.dll
2011-08-20 22:17 . 2011-08-20 22:17 -------- dc----w- c:\users\Michael\AppData\Roaming\Leadertech
2011-08-20 22:07 . 2011-08-20 22:07 -------- dc----w- c:\program files\EA Sports
2011-08-10 20:22 . 2011-06-17 16:03 375808 -c--a-w- c:\windows\system32\winsrv.dll
2011-08-10 20:22 . 2011-07-06 15:31 214016 -c--a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:22 . 2011-06-06 10:59 2409784 -c--a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 20:21 . 2011-06-20 08:54 3602832 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 20:21 . 2011-06-20 08:54 3550096 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 20:21 . 2011-06-17 20:13 905104 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 15:51 . 2011-08-10 07:04 -------- dc----w- c:\program files\PCPowerSpeed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-04-21 14:59 40112 -c--a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2008-11-15 12:13 199304 -c--a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-04-21 14:59 441176 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2008-11-15 12:13 309848 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2008-11-15 12:13 43608 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2008-11-15 12:13 25432 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2008-11-15 12:13 54104 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2008-11-15 12:13 19544 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-02 13:34 . 2011-07-13 10:34 2043392 -c--a-w- c:\windows\system32\win32k.sys
2011-08-18 19:44 . 2011-04-11 13:29 134104 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-03-20 12:43 . 2008-03-10 21:39 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-07-22 01:21 40490118 -csh--w- c:\windows\mb_warband_upgrade_1100_to_1113.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-27_10.48.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-10 21:29 . 2011-08-28 09:59 96326 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2011-08-27 10:48 76194 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2011-08-28 09:59 76194 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-30 18:29 . 2011-08-28 09:59 32314 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3175424738-3105269781-473552097-1002_UserData.bin
- 2008-07-01 01:25 . 2011-08-27 10:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-01 01:25 . 2011-08-28 09:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-26 08:17 . 2011-08-27 10:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-26 08:17 . 2011-08-28 09:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-01 01:25 . 2011-08-27 10:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-01 01:25 . 2011-08-28 09:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-28 09:56 . 2011-08-28 09:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-27 10:45 . 2011-08-27 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-28 09:56 . 2011-08-28 09:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-27 10:45 . 2011-08-27 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-30 13:53 . 2011-08-27 13:56 245832 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-05-04 19:31 . 2011-08-27 10:44 296320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-05-04 19:31 . 2011-08-28 09:55 296320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-04 19:31 . 2011-08-27 10:44 24158488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3175424738-3105269781-473552097-1002-8192.dat
+ 2010-05-04 19:31 . 2011-08-28 09:55 24158488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3175424738-3105269781-473552097-1002-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-1 113664]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3175424738-3105269781-473552097-1002]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-03-20 30192]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WMSvc;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352]
S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mStart Page =
mSearch bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath -
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5092)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\mqsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\mqtgsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conime.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-08-28 12:04:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-28 10:04
ComboFix2.txt 2011-08-27 10:54
ComboFix3.txt 2011-08-26 17:39
.
Před spuštěním: Volných bajtů: 90 821 353 472
Po spuštění: Volných bajtů: 89 928 806 400
.
- - End Of File - - DDD9822E7AE7FCBA83AE1FFDEB7F3AC2

#14 Příspěvek od **vyosek** » 28 srp 2011 19:58

Jak se chova PC

karel22 · #15 Příspěvek od **karel22** » 29 srp 2011 16:12

Přijde mi, že pořád stejně až na to že nabíhá o něco málo rychleji

VIRY.CZ

Preventivní kontrola logu

Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu