Facebook - Flash Player (Win32/Delf.QCZ)

Zpráva

Andyfuk · #1 Příspěvek od **Andyfuk** » 29 říj 2011 11:15

Zdravíčko takovou menší náhodou, když se mi mladá hrabala na fb tak mi jako na potvoru musela kliknout na ten odkaz, ale tak co to se stává i v těch lepších rodinách

Log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by GAME at 2011-10-29 12:04:24
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 124 GB (27%) free of 454 GB
Total RAM: 4095 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:04:32, on 29.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\GAME\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\QIP 2012\qip.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Steam\steamapps\common\bloodline champions\Binary\BloodlineChampions.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Users\GAME\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GAME\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GAME\Downloads\OTL.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\GAME\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GAME\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GAME\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\GAME.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/lionskin/{A56 ... C77FF2530A}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\GAME\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
R3 - URLSearchHook: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Lion Skin DB Toolbar\tbhelper.dll
O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pageshotsbho - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\GAME\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Lion Skin DB Toolbar\tbcore3.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O3 - Toolbar: Lion Skin DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Lion Skin DB Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-3-0\svchost.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\GAME\AppData\Roaming\QipGuard\QipGuard.exe /p
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\GAME\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4285535737-698878448-3188201288-1010\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4285535737-698878448-3188201288-1010\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: RocketDock.lnk = C:\Windows\iOS Skin Pack\RocketDock\RocketDock.exe
O4 - Global Startup: UberIcon.lnk = C:\Windows\iOS Skin Pack\UberIcon\UberIcon.exe
O4 - Global Startup: YzShadow.lnk = C:\Windows\iOS Skin Pack\YzShadow\YzShadow.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.26.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QipGuard - QIP.ru - C:\Program Files (x86)\QipGuard\QipGuard.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Cronosoft - C:\Windows\update.1\svchost.exe

--
End of file - 14046 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files (x86)\QipGuard\QipGuard.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 736
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Users\GAME\AppData\Roaming\QipGuard\QipGuard.exe" /p
"C:\Program Files (x86)\uTorrent\uTorrent.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
"C:\Windows\System32\rundll32.exe" SPIRunE.dll,RunDLLEntry
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" -T
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\QIP 2012\qip.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe" lng=1029
"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe" "/base-dir=C:\Program Files (x86)\ESET\ESET Online Scanner" /lang=1029 /as
\??\C:\Windows\system32\conhost.exe "963650184-1843499413811226549-1343594675171648643118190862533284152131477454326
"C:\Program Files (x86)\Steam\steamapps\common\bloodline champions\Binary\BloodlineChampions.exe"
C:\Program Files (x86)\Steam\GameOverlayUI.exe -pid 5072 -manuallyclearframes 0
"C:\Users\GAME\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\GAME\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest="CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_4 concurrent_prefetch/DnsParallelism/parallel_9/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/" --channel=496.03ED6DE0.1361624698 /prefetch:3
"C:\Users\GAME\Downloads\OTL.exe"
C:\Windows\system32\rundll32.exe "C:\Users\GAME\AppData\Local\Google\Chrome\APPLIC~1\120742~1.91\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\GAME\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\GAME\AppData\Local\Google\Chrome\Application\12.0.742.91\gcswf32.dll" --lang=cs --channel=496.05076A78.946826496 /prefetch:4 --flash-broker=4964
"C:\Users\GAME\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest="CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_4 concurrent_prefetch/DnsParallelism/parallel_9/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/" --channel=496.03ED7710.1206502935 /prefetch:3
"C:\Users\GAME\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest="CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_4 concurrent_prefetch/DnsParallelism/parallel_9/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/" --channel=496.03ED6F68.930250770 /prefetch:3
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe14_ Global\UsGthrCtrlFltPipeMssGthrPipe14 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\GAME\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\0.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4285535737-698878448-3188201288-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4285535737-698878448-3188201288-1001UA.job
C:\Windows\tasks\GlaryInitialize.job

=========Mozilla firefox=========

ProfilePath - C:\Users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.bigseekpro.com/lionskin/{A56 ... C77FF2530A}"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.1.0.12, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, DTToolbar@toolbarnet.com:1.1.4.0024, vshare@toolbar:1.0.2, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.8, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126, {c2db4fe6-8409-45ce-8010-189a7b5cce86}:3.5.0.12, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.6&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.0]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=0.80.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@gamersfirst.com/LiveLauncher]
"Description"=GamersFirst LIVE! Web Launcher
"Path"=C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
Cetrumcz_igeared.xml
fcmdSrchdesktop.xml
google.xml
jyxo-cz.xml
mall-cz.xml
search.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\
DTToolbar@toolbarnet.com
plugin3@gameplaylabs.com
vshare@toolbar
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
{51a86bb3-6602-4c85-92a5-130ee4864f13}
{75656794-AB59-4712-BFBC-5D816D56F3BC}
{800b5000-a755-47e1-992b-48a1c1357f07}
{c2db4fe6-8409-45ce-8010-189a7b5cce86}

C:\Users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\searchplugins\
conduit.xml
daemon-search.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin.xml
qip-search.xml
search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CF50DA-4A17-4442-BBF9-D916BFDE072C}]
Pageshots for Internet Explorer PRO - C:\ProgramData\PageshotsPro\pageshots_x64.dll [2010-12-22 227640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
vShare Toolbar - C:\Program Files (x86)\vShare\vshare_toolbar.dll [2011-04-26 482360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CF50DA-4A17-4442-BBF9-D916BFDE072C}]
Pageshots for Internet Explorer PRO - C:\ProgramData\PageshotsPro\pageshots_x86.dll [2010-12-22 197432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\GAME\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-06-10 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files (x86)\Lion Skin DB Toolbar\tbcore3.dll [2011-06-22 2398720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2011-01-20 1581376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{043C5167-00BB-4324-AF7E-62013FAEDACF} - vShare Toolbar - C:\Program Files (x86)\vShare\vshare_toolbar.dll [2011-04-26 482360]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - Lion Skin DB Toolbar - C:\Program Files (x86)\Lion Skin DB Toolbar\tbcore3.dll [2011-06-22 2398720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"=C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe [2009-08-22 24576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-10-19 3077528]
"QIP Internet Guardian"=C:\Users\GAME\AppData\Roaming\QipGuard\QipGuard.exe [2011-10-26 191440]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2011-03-29 399736]
"Facebook Update"=C:\Users\GAME\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-26 137536]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
C:\Program Files (x86)\Clownfish\Clownfish.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dyyno Launcher]
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe 30100 30101 30102 30103 30104 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\Program Files (x86)\Origin\Origin.exe [2011-09-30 27763848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP Infium\infium.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
C:\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk [2011-09-06 2419]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\GAME\AppData\Roaming\QipGuard\QipGuard.exe [2011-10-26 191440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoccatKone+]
C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [2011-04-04 556072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-06-15 15141768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPIRunE]
Rundll32 SPIRunE.dll,RunDLLEntry []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sponsorkeyword]
C:\Program Files (x86)\sponsorkeyword\sponsorkeyword.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2011-09-22 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files (x86)\uTorrent\uTorrent.exe [2011-03-29 399736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Aktualizovat ESET licenci.lnk]
C:\PROGRA~2\ESET\MINODL~1\MINODL~1.EXE -f -s -u -d 10000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
C:\PROGRA~2\GAMERS~1\LIVE!\Live.exe [2011-08-16 2589808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^GAME^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
C:\PROGRA~2\Hamachi\hamachi.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^GAME^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Real Desktop.lnk]
C:\Program Files (x86)\Real Desktop\Real Desktop.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^GAME^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~2\Xfire\Xfire.exe [2011-04-16 3510160]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"=C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2007-02-28 180224]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-09-07 43608]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SPIRunE"=Rundll32 SPIRunE.dll,RunDLLEntry []
"wxpdrv"=C:\Windows\services32.exe [2011-10-29 1201152]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-3-0\svchost.exe [2011-10-29 1201152]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []

[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TiVme Agent"=C:\Program Files (x86)\Genius TVGo DVB-T03\HyperMediaCenter IIScheduleAgent.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
RocketDock.lnk - C:\Windows\iOS Skin Pack\RocketDock\RocketDock.exe
UberIcon.lnk - C:\Windows\iOS Skin Pack\UberIcon\UberIcon.exe
YzShadow.lnk - C:\Windows\iOS Skin Pack\YzShadow\YzShadow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe"="C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe"="C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Users\GAME\Downloads\Flash-Player.exe"="C:\Users\GAME\Downloads\Flash-Player.exe:*:Enabled:C:\Users\GAME\Downloads\Flash-Player.exe"
"C:\Windows\update.1\svchost.exe"="C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe"
"C:\Windows\services32.exe"="C:\Windows\services32.exe:*:Enabled:C:\Windows\services32.exe"
"C:\Windows\update.tray-3-0\svchost.exe"="C:\Windows\update.tray-3-0\svchost.exe:*:Enabled:C:\Windows\update.tray-3-0\svchost.exe"
"C:\Windows\update.2\svchost.exe"="C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe"="C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe"="C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.XFR1"=xfcodec64.dll
"VIDC.FPS1"=frapsv64.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit -
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2011-10-29 12:04:25 ----D---- C:\Program Files\trend micro
2011-10-29 12:04:24 ----D---- C:\rsit
2011-10-29 06:33:06 ----D---- C:\Program Files (x86)\ESET
2011-10-29 01:09:17 ----A---- C:\Windows\iecheck_iplist.txt
2011-10-29 01:07:56 ----HD---- C:\Windows\update.2
2011-10-29 01:07:25 ----D---- C:\Windows\ufa
2011-10-29 01:07:25 ----D---- C:\Windows\rpcminer
2011-10-29 01:07:25 ----D---- C:\Windows\phoenix
2011-10-29 01:05:35 ----A---- C:\Windows\btc_client_iplist.txt
2011-10-29 01:05:06 ----A---- C:\Windows\unrar.exe
2011-10-29 01:04:54 ----HD---- C:\Windows\update.5.0
2011-10-29 01:04:06 ----A---- C:\Windows\iplist.txt
2011-10-29 01:02:58 ----A---- C:\Windows\front_ip_list.txt
2011-10-29 01:02:13 ----D---- C:\Windows\av_ico
2011-10-29 00:59:50 ----HD---- C:\Windows\update.1
2011-10-29 00:59:47 ----HD---- C:\Windows\update.tray-3-0-lnk
2011-10-29 00:59:47 ----HD---- C:\Windows\update.tray-3-0
2011-10-29 00:41:15 ----A---- C:\Windows\winlog-ids.txt
2011-10-29 00:41:15 ----A---- C:\Windows\winlog-dirs.txt
2011-10-29 00:41:09 ----A---- C:\Windows\services32.exe
2011-10-28 17:51:25 ----D---- C:\Program Files (x86)\THQ
2011-10-28 02:14:40 ----RA---- C:\Windows\SYSWOW64\pbsvc.exe
2011-10-27 22:59:41 ----A---- C:\STF14C0.tmp
2011-10-27 22:53:15 ----A---- C:\STF3395.tmp
2011-10-27 22:39:25 ----A---- C:\STF85E7.tmp
2011-10-27 22:31:51 ----A---- C:\STF9A3F.tmp
2011-10-26 21:49:22 ----A---- C:\Windows\Burnout(TM) Paradise The Ultimate Box Patch Log.txt
2011-10-24 18:49:05 ----D---- C:\Program Files (x86)\Skin Pack
2011-10-24 18:48:48 ----A---- C:\Windows\SYSWOW64\xpsrchvw.exe
2011-10-24 18:48:40 ----A---- C:\Windows\SYSWOW64\osk.exe
2011-10-24 18:48:40 ----A---- C:\Windows\SYSWOW64\notepad.exe
2011-10-24 18:48:39 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2011-10-24 18:48:38 ----A---- C:\Windows\SYSWOW64\msra.exe
2011-10-24 18:48:36 ----A---- C:\Windows\SYSWOW64\mspaint.exe
2011-10-24 18:48:33 ----A---- C:\Windows\SYSWOW64\msinfo32.exe
2011-10-24 18:48:33 ----A---- C:\Windows\SYSWOW64\mobsync.exe
2011-10-24 18:48:31 ----A---- C:\Windows\SYSWOW64\Magnify.exe
2011-10-24 18:48:29 ----A---- C:\Windows\explorer.exe
2011-10-24 18:48:27 ----A---- C:\Windows\SYSWOW64\eudcedit.exe
2011-10-24 18:48:26 ----A---- C:\Windows\SYSWOW64\DisplaySwitch.exe
2011-10-24 18:48:26 ----A---- C:\Windows\SYSWOW64\dfrgui.exe
2011-10-24 18:48:25 ----A---- C:\Windows\SYSWOW64\control.exe
2011-10-24 18:48:25 ----A---- C:\Windows\SYSWOW64\colorcpl.exe
2011-10-24 18:48:24 ----A---- C:\Windows\SYSWOW64\cleanmgr.exe
2011-10-24 18:48:21 ----A---- C:\Windows\SYSWOW64\charmap.exe
2011-10-24 18:48:21 ----A---- C:\Windows\SYSWOW64\calc.exe
2011-10-24 18:48:19 ----A---- C:\Windows\SYSWOW64\taskmgr.exe
2011-10-24 18:48:19 ----A---- C:\Windows\SYSWOW64\SndVol.exe
2011-10-24 18:48:17 ----A---- C:\Windows\SYSWOW64\wsecedit.dll
2011-10-24 18:48:17 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2011-10-24 18:48:13 ----A---- C:\Windows\SYSWOW64\wdc.dll
2011-10-24 18:48:12 ----A---- C:\Windows\SYSWOW64\Vault.dll
2011-10-24 18:48:11 ----A---- C:\Windows\SYSWOW64\usercpl.dll
2011-10-24 18:48:10 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2011-10-24 18:48:09 ----A---- C:\Windows\SYSWOW64\themecpl.dll
2011-10-24 18:48:08 ----A---- C:\Windows\SYSWOW64\SyncCenter.dll
2011-10-24 18:48:07 ----A---- C:\Windows\SYSWOW64\srchadmin.dll
2011-10-24 18:47:45 ----A---- C:\Windows\SYSWOW64\shell32.dll
2011-10-24 18:47:44 ----A---- C:\Windows\SYSWOW64\SensorsCpl.dll
2011-10-24 18:47:37 ----A---- C:\Windows\SYSWOW64\powercpl.dll
2011-10-24 18:47:36 ----A---- C:\Windows\SYSWOW64\pmcsnap.dll
2011-10-24 18:47:35 ----A---- C:\Windows\SYSWOW64\PerfCenterCPL.dll
2011-10-24 18:47:34 ----A---- C:\Windows\SYSWOW64\OobeFldr.dll
2011-10-24 18:47:33 ----A---- C:\Windows\SYSWOW64\odbcint.dll
2011-10-24 18:47:25 ----A---- C:\Windows\SYSWOW64\networkexplorer.dll
2011-10-24 18:47:24 ----A---- C:\Windows\SYSWOW64\netcenter.dll
2011-10-24 18:47:23 ----A---- C:\Windows\SYSWOW64\mycomput.dll
2011-10-24 18:47:21 ----A---- C:\Windows\SYSWOW64\miguiresource.dll
2011-10-24 18:47:21 ----A---- C:\Windows\SYSWOW64\iscsicpl.dll
2011-10-24 18:46:59 ----A---- C:\Windows\SYSWOW64\imageres.dll
2011-10-24 18:46:51 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-24 18:46:50 ----D---- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2011-10-24 18:46:50 ----A---- C:\Windows\SYSWOW64\gameux.dll
2011-10-24 18:46:50 ----A---- C:\Windows\SYSWOW64\fontext.dll
2011-10-24 18:46:49 ----A---- C:\Windows\SYSWOW64\FirewallControlPanel.dll
2011-10-24 18:46:49 ----A---- C:\Windows\SYSWOW64\filemgmt.dll
2011-10-24 18:46:48 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2011-10-24 18:46:48 ----A---- C:\Windows\SYSWOW64\Display.dll
2011-10-24 18:46:47 ----A---- C:\Windows\SYSWOW64\devmgr.dll
2011-10-24 18:46:47 ----A---- C:\Windows\SYSWOW64\DeviceCenter.dll
2011-10-24 18:46:35 ----A---- C:\Windows\SYSWOW64\DDORes.dll
2011-10-24 18:46:34 ----A---- C:\Windows\SYSWOW64\comres.dll
2011-10-24 18:46:33 ----A---- C:\Windows\SYSWOW64\autoplay.dll
2011-10-24 18:46:33 ----A---- C:\Windows\SYSWOW64\AuthFWGP.dll
2011-10-24 18:46:32 ----A---- C:\Windows\SYSWOW64\ActionCenterCPL.dll
2011-10-24 18:46:32 ----A---- C:\Windows\SYSWOW64\accessibilitycpl.dll
2011-10-24 18:46:24 ----A---- C:\Windows\SYSWOW64\stobject.dll
2011-10-24 18:46:24 ----A---- C:\Windows\SYSWOW64\SndVolSSO.dll
2011-10-24 18:46:23 ----A---- C:\Windows\SYSWOW64\pnidui.dll
2011-10-24 18:46:22 ----A---- C:\Windows\SYSWOW64\mydocs.dll
2011-10-24 18:46:22 ----A---- C:\Windows\SYSWOW64\browseui.dll
2011-10-24 18:46:21 ----A---- C:\Windows\SYSWOW64\batmeter.dll
2011-10-24 18:46:15 ----A---- C:\Windows\SYSWOW64\netshell.dll
2011-10-24 18:46:15 ----A---- C:\Windows\SYSWOW64\authui.dll
2011-10-24 18:46:14 ----A---- C:\Windows\SYSWOW64\mmres.dll
2011-10-24 18:46:13 ----A---- C:\Windows\SYSWOW64\imagesp1.dll
2011-10-24 18:46:11 ----A---- C:\Windows\SYSWOW64\themeui.dll.tmp
2011-10-24 18:46:11 ----A---- C:\Windows\SYSWOW64\ActionCenter.dll
2011-10-24 18:46:10 ----A---- C:\Windows\SYSWOW64\uxtheme.dll.tmp
2011-10-24 18:46:00 ----D---- C:\Program Files (x86)\Lion Skin DB Toolbar
2011-10-24 18:23:22 ----D---- C:\Users\GAME\AppData\Roaming\AIMP3
2011-10-24 18:23:17 ----D---- C:\Program Files (x86)\AIMP3
2011-10-24 17:28:19 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-10-24 17:28:19 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-10-24 17:28:19 ----A---- C:\Windows\SYSWOW64\java.exe
2011-10-23 04:48:30 ----D---- C:\Users\GAME\AppData\Roaming\Mozilla-Cache
2011-10-23 04:47:51 ----D---- C:\Programs
2011-10-23 03:12:08 ----D---- C:\Program Files\Steam
2011-10-20 22:25:25 ----D---- C:\Program Files\Firefly Studios
2011-10-20 14:46:13 ----D---- C:\Program Files (x86)\QipGuard
2011-10-19 23:32:59 ----D---- C:\Users\GAME\AppData\Roaming\InstallShield Installation Information
2011-10-19 23:32:02 ----D---- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-10-19 23:25:32 ----D---- C:\Program Files (x86)\Vogster Entertainment
2011-10-19 20:12:23 ----A---- C:\Windows\SYSWOW64\bassmod.dll
2011-10-18 23:44:15 ----D---- C:\Users\GAME\AppData\Roaming\PhotoScape
2011-10-18 23:43:28 ----D---- C:\Program Files (x86)\PhotoScape
2011-10-13 17:06:47 ----A---- C:\Windows\SYSWOW64\qst79754xi.exe
2011-10-12 15:18:34 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-12 15:18:34 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-12 15:18:34 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-12 15:18:34 ----A---- C:\Windows\system32\url.dll
2011-10-12 15:18:34 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-12 15:18:34 ----A---- C:\Windows\system32\iertutil.dll
2011-10-12 15:18:33 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-12 15:18:33 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-12 15:18:33 ----A---- C:\Windows\system32\wininet.dll
2011-10-12 15:18:33 ----A---- C:\Windows\system32\urlmon.dll
2011-10-12 15:18:33 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-12 15:18:32 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-10-12 15:18:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-10-12 15:18:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-12 15:18:32 ----A---- C:\Windows\system32\jscript9.dll
2011-10-12 15:18:32 ----A---- C:\Windows\system32\jscript.dll
2011-10-12 15:18:32 ----A---- C:\Windows\system32\ieui.dll
2011-10-12 15:18:31 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-12 15:18:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-12 15:18:30 ----A---- C:\Windows\system32\mshtml.dll
2011-10-12 15:18:29 ----A---- C:\Windows\system32\ieframe.dll
2011-10-12 15:06:51 ----A---- C:\Windows\system32\win32k.sys
2011-10-12 15:06:48 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-12 15:06:47 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-12 15:06:16 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-12 15:06:16 ----A---- C:\Windows\system32\oleacc.dll
2011-10-12 15:06:15 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-12 15:06:15 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-10 23:59:48 ----D---- C:\ProgramData\Readon
2011-10-10 17:24:37 ----A---- C:\Windows\SYSWOW64\qst67525xi.exe
2011-10-09 22:27:55 ----D---- C:\ProgramData\SplitMediaLabs
2011-10-09 22:27:22 ----D---- C:\Users\GAME\AppData\Roaming\SplitMediaLabs
2011-10-09 22:11:01 ----D---- C:\Program Files (x86)\Readon Technology
2011-10-09 00:38:56 ----A---- C:\Windows\game.ini
2011-10-03 15:54:22 ----D---- C:\ProgramData\Solidshield
2011-10-02 21:26:08 ----D---- C:\Program Files (x86)\sponsorkeyword
2011-10-02 21:25:55 ----D---- C:\Program Files (x86)\CodiGirls KM
2011-10-02 21:25:55 ----A---- C:\Windows\SYSWOW64\utilhlps.exe
2011-09-30 20:48:17 ----A---- C:\Windows\SYSWOW64\CSVer.dll
2011-09-30 20:48:16 ----D---- C:\Program Files (x86)\Intel
2011-09-30 20:48:02 ----D---- C:\Intel
2011-09-30 20:30:32 ----N---- C:\Windows\SYSWOW64\Sens_oal.dll
2011-09-30 19:54:34 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-09-30 19:54:34 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-09-30 19:54:34 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-09-30 19:54:34 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-09-30 19:54:34 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-09-30 19:54:34 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-09-30 19:54:34 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-09-30 19:54:34 ----A---- C:\Windows\system32\OpenCL.dll
2011-09-30 19:54:34 ----A---- C:\Windows\system32\nvoglv64.dll
2011-09-30 19:54:34 ----A---- C:\Windows\system32\nvgenco64.dll
2011-09-30 19:54:34 ----A---- C:\Windows\system32\nvdispco64.dll
2011-09-30 19:54:34 ----A---- C:\Windows\system32\nvd3dumx.dll
2011-09-30 19:54:34 ----A---- C:\Windows\system32\nvcuvid.dll
2011-09-30 19:54:34 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-09-30 19:54:34 ----A---- C:\Windows\system32\nvcuda.dll
2011-09-30 19:54:34 ----A---- C:\Windows\system32\nvcompiler.dll
2011-09-30 19:54:34 ----A---- C:\Windows\system32\nvapi64.dll
2011-09-30 19:54:34 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-09-30 19:39:26 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-30 19:21:11 ----D---- C:\Users\GAME\AppData\Roaming\com.amsoft.Autoskola-user.F7413B326E7EE190C62FFECB0195DD73C683900A.1
2011-09-30 18:27:14 ----D---- C:\Users\GAME\AppData\Roaming\Origin
2011-09-30 18:24:52 ----D---- C:\ProgramData\Origin
2011-09-30 18:24:52 ----D---- C:\Program Files (x86)\Origin Games
2011-09-30 18:24:38 ----D---- C:\Program Files (x86)\Origin

======List of files/folders modified in the last 1 month======

2011-10-29 12:04:31 ----D---- C:\Windows\Temp
2011-10-29 12:04:25 ----RD---- C:\Program Files
2011-10-29 12:04:14 ----D---- C:\Users\GAME\AppData\Roaming\uTorrent
2011-10-29 11:59:26 ----D---- C:\Users\GAME\AppData\Roaming\Skype
2011-10-29 11:37:49 ----D---- C:\Program Files (x86)\Steam
2011-10-29 11:20:44 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-10-29 11:16:20 ----D---- C:\ProgramData\NVIDIA
2011-10-29 08:58:17 ----D---- C:\Windows
2011-10-29 06:33:06 ----RD---- C:\Program Files (x86)
2011-10-29 06:05:16 ----SHD---- C:\System Volume Information
2011-10-29 01:19:05 ----D---- C:\Windows\system32\config
2011-10-29 01:14:57 ----D---- C:\Users\GAME\AppData\Roaming\FileZilla
2011-10-29 01:08:17 ----D---- C:\Windows\system32\drivers\etc
2011-10-29 00:59:50 ----HD---- C:\ProgramData
2011-10-28 23:53:26 ----D---- C:\Windows\SYSWOW64\directx
2011-10-28 18:01:06 ----SHD---- C:\Windows\Installer
2011-10-28 18:01:05 ----SHD---- C:\Config.Msi
2011-10-28 16:53:58 ----SD---- C:\Users\GAME\AppData\Roaming\Microsoft
2011-10-28 16:46:17 ----D---- C:\Program Files (x86)\Codemasters
2011-10-28 03:07:18 ----D---- C:\Program Files (x86)\Google
2011-10-28 03:05:58 ----D---- C:\Windows\SysWOW64
2011-10-28 03:04:41 ----D---- C:\Windows\Prefetch
2011-10-28 03:03:54 ----D---- C:\Program Files (x86)\Activision
2011-10-28 03:03:13 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-10-28 03:02:54 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2011-10-28 02:59:05 ----D---- C:\Windows\system32\Tasks
2011-10-28 02:55:00 ----RSD---- C:\Windows\assembly
2011-10-28 02:47:28 ----D---- C:\Windows\Logs
2011-10-27 05:12:03 ----D---- C:\Users\GAME\AppData\Roaming\DAEMON Tools Lite
2011-10-27 03:05:41 ----D---- C:\Windows\winsxs
2011-10-26 19:41:52 ----D---- C:\Windows\System32
2011-10-26 19:41:52 ----D---- C:\Windows\inf
2011-10-26 19:41:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-26 18:19:47 ----D---- C:\Windows\Tasks
2011-10-26 17:27:09 ----D---- C:\Users\GAME\AppData\Roaming\QipGuard
2011-10-26 17:27:06 ----D---- C:\Program Files (x86)\QIP 2012
2011-10-26 17:15:31 ----D---- C:\Windows\system32\drivers
2011-10-26 17:15:28 ----D---- C:\Windows\system32\DriverStore
2011-10-26 17:15:28 ----D---- C:\Windows\system32\catroot
2011-10-25 22:10:28 ----D---- C:\Users\GAME\AppData\Roaming\Winamp
2011-10-25 17:05:31 ----D---- C:\Program Files (x86)\Common Files
2011-10-24 21:21:45 ----D---- C:\Program Files (x86)\Electronic Arts
2011-10-24 21:19:27 ----D---- C:\Windows\system32\catroot2
2011-10-24 19:22:32 ----D---- C:\Program Files (x86)\SQLyog Community
2011-10-24 19:21:53 ----AD---- C:\ProgramData\TEMP
2011-10-24 19:18:22 ----D---- C:\Windows\system32\NDF
2011-10-24 19:02:51 ----D---- C:\Windows\SYSWOW64\migwiz
2011-10-24 19:02:51 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-10-24 19:02:51 ----D---- C:\Program Files (x86)\Windows Media Player
2011-10-24 19:02:50 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-24 19:00:26 ----D---- C:\Windows\system32\cs-CZ
2011-10-24 18:49:00 ----D---- C:\Windows\Cursors
2011-10-24 17:28:08 ----D---- C:\Program Files (x86)\Java
2011-10-23 22:29:09 ----D---- C:\Users\GAME\AppData\Roaming\QIP
2011-10-23 21:44:25 ----D---- C:\Windows\Panther
2011-10-23 21:44:24 ----D---- C:\Windows\debug
2011-10-23 21:44:23 ----D---- C:\Windows\Minidump
2011-10-22 22:27:43 ----D---- C:\Program Files (x86)\Ubisoft
2011-10-20 23:20:08 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-10-19 23:02:56 ----D---- C:\ProgramData\PMB Files
2011-10-17 03:17:49 ----D---- C:\Users\GAME\AppData\Roaming\TeamViewer
2011-10-17 02:11:06 ----D---- C:\Program Files (x86)\TeamViewer
2011-10-14 01:28:43 ----D---- C:\Windows\Microsoft.NET
2011-10-12 21:18:52 ----D---- C:\Users\GAME\AppData\Roaming\NVIDIA
2011-10-12 20:22:07 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-12 19:28:48 ----D---- C:\Windows\SYSWOW64\migration
2011-10-12 19:28:48 ----D---- C:\Windows\system32\migration
2011-10-12 19:28:48 ----D---- C:\Windows\ehome
2011-10-12 19:28:48 ----D---- C:\Program Files\Internet Explorer
2011-10-12 15:23:47 ----A---- C:\Windows\system32\MRT.exe
2011-10-12 15:19:36 ----D---- C:\ProgramData\Microsoft Help
2011-10-11 22:59:35 ----D---- C:\Users\GAME\AppData\Roaming\Xfire
2011-10-11 22:59:34 ----D---- C:\ProgramData\Xfire
2011-10-11 00:02:19 ----D---- C:\Users\GAME\AppData\Roaming\vlc
2011-10-08 22:29:16 ----D---- C:\ProgramData\Creative
2011-10-08 22:08:36 ----D---- C:\Program Files\NVIDIA Corporation
2011-10-03 05:06:03 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-10-03 00:24:59 ----D---- C:\Program Files\CCleaner
2011-10-02 00:56:57 ----D---- C:\Program Files (x86)\Screaming Bee
2011-10-02 00:52:16 ----D---- C:\Program Files (x86)\NCH Swift Sound
2011-10-02 00:48:05 ----D---- C:\Program Files (x86)\Dyyno
2011-10-02 00:47:45 ----D---- C:\Users\GAME\AppData\Roaming\RayV
2011-10-01 21:03:20 ----D---- C:\ProgramData\Norton
2011-10-01 11:42:55 ----D---- C:\Windows\Downloaded Program Files
2011-09-30 20:47:20 ----D---- C:\Windows\RaidTool
2011-09-30 20:30:12 ----HD---- C:\Program Files (x86)\Creative Installation Information
2011-09-30 20:30:05 ----D---- C:\Program Files\Creative
2011-09-30 19:06:44 ----D---- C:\ProgramData\Electronic Arts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2011-05-19 120920]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-26 834544]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-02 254528]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R3 RivaTuner64;RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-10-24 19952]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
R3 t3;Sound Blaster X-Fi Xtreme Audio; C:\Windows\system32\drivers\t3.sys [2009-06-04 639512]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
S3 Cardex;Cardex; \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\safedrv.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-10-20 33344]
S3 MSIGreenPower;MSIGreenPower; \??\C:\Program Files (x86)\MSI\DualCoreCenter\Green Power Center\NTGLM7X64.sys []
S3 MSIGreenPowerRushTop;MSIGreenPowerRushTop; \??\C:\Program Files (x86)\MSI\DualCoreCenter\Green Power Center\RushTop64.sys []
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS_64.sys []
S3 PSSDK42;PSSDK42; \??\C:\Windows\system32\Drivers\pssdk42.sys [2010-10-16 53312]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2010-01-22 174368]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2010-01-22 38944]
S3 RushTopDevice_J;RushTopDevice_J; \??\C:\Program Files (x86)\MSI\DualCoreCenter\Green Power Center\RushJ64.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-04-30 425984]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-08-03 980072]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-10-28 75136]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2011-10-28 189248]
R2 QipGuard;QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [2011-10-26 191440]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-03 173352]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-10-29 1201152]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-17 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-17 79360]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-17 1045256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-10-12 419624]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 MSUtilHelpSvc;Utility Helper Service; C:\Windows\SysWOW64\utilhlps.exe [2011-10-02 807424]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2008-07-29 4737024]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------

Děkuji za brzkou odpověď.

chodnik74 · #2 Příspěvek od **chodnik74** » 29 říj 2011 11:21

Dobrý den

Ano, máte facebook vir.. jdeme na to

Stáhněte program RogueKiller

Spuste program
Stiskněte klávesu 2 a enter
Objeví se vám log a ten sem vložte
Stějně tak opakujte s volbou 3 a 4 a vložte logy

Andyfuk · #3 Příspěvek od **Andyfuk** » 29 říj 2011 11:27

2. Delete

RogueKiller V6.1.4 [10/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: GAME [Admin rights]
Mode: Remove -- Date : 10/29/2011 12:24:06

Bad processes: 2
[SUSP PATH] QipGuard.exe -- c:\users\game\appdata\roaming\qipguard\qipguard.exe -> KILLED [TermProc]
[SERVICE] wxpdrivers -- C:\Windows\update.1\svchost.exe srv -> STOPPED

Registry Entries: 13
[SUSP PATH] HKCU\[...]\Run : QIP Internet Guardian (C:\Users\GAME\AppData\Roaming\QipGuard\QipGuard.exe /p) -> DELETED
[SUSP PATH] HKCU\[...]\Run : Facebook Update ("C:\Users\GAME\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-4285535737-698878448-3188201288-1001UA.job : C:\Users\GAME\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-4285535737-698878448-3188201288-1001Core.job : C:\Users\GAME\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-4285535737-698878448-3188201288-1001Core.job : C:\Users\GAME\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-4285535737-698878448-3188201288-1001UA.job : C:\Users\GAME\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[SUSP PATH] {642C5448-EA10-4BD0-B83E-CA3E80C95F5E}.job : C:\Users\GAME\Desktop\Other\WoWRealmModifier\wowrm2.exe -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=;ftp=;https=;) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

Particular Files / Folders:

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

3. Hosts fix

RogueKiller V6.1.4 [10/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: GAME [Admin rights]
Mode: HOSTSFix -- Date : 10/29/2011 12:24:47

Bad processes: 0

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

4. Proxy fix

RogueKiller V6.1.4 [10/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: GAME [Admin rights]
Mode: ProxyFix -- Date : 10/29/2011 12:25:28

Bad processes: 0

Driver: [NOT LOADED]

Registry Entries: 1
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=;ftp=;https=;) -> DELETED

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

chodnik74 · #4 Příspěvek od **chodnik74** » 29 říj 2011 11:33

Výborně..pokračujeme Combofixem...

Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

Stáhneme si Combofix
Program uložíme nejlépe na Plochu
Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
Spustíme Combofix.exe s administrátorským oprávněním
U Windows XP se přihlásíme pod účtem správce
Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
(Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

Andyfuk · #5 Příspěvek od **Andyfuk** » 29 říj 2011 12:02

ComboFix 11-10-29.03 - GAME 29.10.2011 12:37:40.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4095.2490 [GMT 2:00]
Spuštěný z: c:\users\GAME\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files (x86)\Lion Skin DB Toolbar\tbHElper.dll
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\program files (x86)\sponsorkeyword
c:\program files (x86)\sponsorkeyword\sponsorkeyword_uninstall.exe
C:\STF14C0.tmp
C:\STF3395.tmp
C:\STF85E7.tmp
C:\STF9A3F.tmp
c:\users\GAME\AppData\Local\Minibar
c:\users\GAME\AppData\Local\Minibar\common.js
c:\users\GAME\AppData\Local\Minibar\chrome\background.html
c:\users\GAME\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\GAME\AppData\Local\Minibar\chrome\extension_info.json
c:\users\GAME\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\GAME\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\GAME\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\GAME\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\GAME\AppData\Local\Minibar\chrome\includes\content.js
c:\users\GAME\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\GAME\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\GAME\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango\console.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango\io.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\GAME\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\GAME\AppData\Local\Minibar\chrome\main.js
c:\users\GAME\AppData\Local\Minibar\chrome\manifest.json
c:\users\GAME\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\GAME\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\GAME\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\GAME\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\GAME\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\GAME\AppData\Local\Minibar\chrome\popup.html
c:\users\GAME\AppData\Local\Minibar\chrome\popup.js
c:\users\GAME\AppData\Local\Minibar\chrome\tab.html
c:\users\GAME\AppData\Local\Minibar\chrome\tab.js
c:\users\GAME\AppData\Local\Minibar\chrome_installer.js
c:\users\GAME\AppData\Local\Minibar\install.json
c:\users\GAME\AppData\Local\Minibar\minibar.crx
c:\users\GAME\AppData\Local\Minibar\sqlite3.exe
c:\users\GAME\AppData\Local\Minibar\Uninstall.exe
c:\users\GAME\AppData\Local\TempDIR
c:\users\GAME\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\GAME\AppData\Roaming\Microsoft\Windows\Templates\System.Data.SQLite.DLL
c:\windows\0.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\Install
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\workgroup
c:\windows\SysWow64\47f7f96.dll
c:\windows\SysWow64\detoured.dll
c:\windows\SysWow64\qst79754xi.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-29 )))))))))))))))))))))))))))))))
.
.
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-29 10:44 . 2011-10-29 10:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-29 10:04 . 2011-10-29 10:04 -------- d-----w- c:\program files\trend micro
2011-10-29 10:04 . 2011-10-29 10:04 -------- d-----w- C:\rsit
2011-10-29 09:48 . 2011-10-29 09:48 512 ----a-w- C:\PhysicalMBR.bin
2011-10-29 04:33 . 2011-10-29 04:33 -------- d-----w- c:\program files (x86)\ESET
2011-10-28 23:07 . 2011-10-29 04:05 -------- d-----w- c:\windows\ufa
2011-10-28 23:05 . 2011-10-28 23:07 246272 ----a-w- c:\windows\unrar.exe
2011-10-28 23:02 . 2011-10-28 23:02 -------- d-----w- c:\windows\av_ico
2011-10-28 22:59 . 2011-10-28 22:59 -------- d--h--w- c:\windows\update.tray-3-0
2011-10-28 22:59 . 2011-10-28 22:59 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-10-28 21:58 . 2011-10-28 21:58 -------- d-----w- c:\users\GAME\AppData\Local\Arktos
2011-10-28 20:22 . 2011-10-28 20:22 -------- d-----w- c:\users\GAME\AppData\Local\Chromium
2011-10-28 15:51 . 2011-10-28 15:51 -------- d-----w- c:\program files (x86)\THQ
2011-10-28 14:19 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EFC4185-9340-4A30-BBB7-B73DF1260B95}\mpengine.dll
2011-10-28 00:14 . 2011-10-10 14:42 2580552 ----a-r- c:\windows\SysWow64\pbsvc.exe
2011-10-26 16:19 . 2011-10-26 16:19 -------- d-----w- c:\users\GAME\AppData\Local\Facebook
2011-10-24 19:53 . 2011-10-24 19:53 -------- d-----w- c:\users\GAME\AppData\Local\Criterion Games
2011-10-24 16:49 . 2011-10-24 16:50 -------- d-----w- c:\program files (x86)\Skin Pack
2011-10-24 16:49 . 2010-11-20 12:16 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-10-24 16:47 . 2010-11-20 12:21 2202624 ----a-w- c:\windows\SysWow64\SensorsCpl.dll
2011-10-24 16:47 . 2010-11-20 12:20 441856 ----a-w- c:\windows\SysWow64\powercpl.dll
2011-10-24 16:47 . 2009-07-14 01:16 629760 ----a-w- c:\windows\SysWow64\pmcsnap.dll
2011-10-24 16:47 . 2010-11-20 12:20 600576 ----a-w- c:\windows\SysWow64\PerfCenterCPL.dll
2011-10-24 16:47 . 2010-11-20 12:20 859648 ----a-w- c:\windows\SysWow64\OobeFldr.dll
2011-10-24 16:47 . 2009-07-14 01:09 229376 ----a-w- c:\windows\SysWow64\odbcint.dll
2011-10-24 16:47 . 2010-11-20 12:20 1661440 ----a-w- c:\windows\SysWow64\networkexplorer.dll
2011-10-24 16:47 . 2010-11-20 12:20 1644032 ----a-w- c:\windows\SysWow64\netcenter.dll
2011-10-24 16:47 . 2009-07-14 01:16 229888 ----a-w- c:\windows\SysWow64\mycomput.dll
2011-10-24 16:47 . 2009-07-14 01:15 181760 ----a-w- c:\windows\SysWow64\miguiresource.dll
2011-10-24 16:47 . 2009-07-14 01:15 218624 ----a-w- c:\windows\SysWow64\iscsicpl.dll
2011-10-24 16:23 . 2011-10-26 19:48 -------- d-----w- c:\users\GAME\AppData\Roaming\AIMP3
2011-10-24 16:23 . 2011-10-24 16:23 -------- d-----w- c:\program files (x86)\AIMP3
2011-10-23 02:48 . 2011-10-23 02:48 -------- d-----w- c:\users\GAME\AppData\Roaming\Mozilla-Cache
2011-10-23 02:47 . 2011-10-23 02:47 -------- d-----w- C:\Programs
2011-10-23 01:12 . 2011-10-23 01:12 -------- d-----w- c:\program files\Steam
2011-10-22 22:19 . 2011-10-23 00:31 -------- d-----w- c:\users\GAME\AppData\Local\Ubisoft Game Launcher
2011-10-20 20:25 . 2011-10-20 20:25 -------- d-----w- c:\program files\Firefly Studios
2011-10-20 12:46 . 2011-10-20 12:46 -------- d-----w- c:\program files (x86)\QipGuard
2011-10-19 21:32 . 2011-10-19 21:32 -------- d-----w- c:\users\GAME\AppData\Roaming\InstallShield Installation Information
2011-10-19 21:32 . 2011-10-19 21:32 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-10-19 21:25 . 2011-10-28 01:05 -------- d-----w- c:\program files (x86)\Vogster Entertainment
2011-10-18 21:44 . 2011-10-18 21:49 -------- d-----w- c:\users\GAME\AppData\Roaming\PhotoScape
2011-10-18 21:43 . 2011-10-18 21:43 -------- d-----w- c:\program files (x86)\PhotoScape
2011-10-12 13:06 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 13:06 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 13:06 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 13:06 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 13:06 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 13:06 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 13:06 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 13:06 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 13:06 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-10 21:59 . 2011-10-10 22:00 -------- d-----w- c:\programdata\Readon
2011-10-10 15:24 . 2011-10-10 15:24 1297408 ----a-w- c:\windows\SysWow64\qst67525xi.exe
2011-10-09 20:27 . 2011-10-09 20:27 -------- d-----w- c:\programdata\SplitMediaLabs
2011-10-09 20:27 . 2011-10-09 20:27 -------- d-----w- c:\users\GAME\AppData\Roaming\SplitMediaLabs
2011-10-09 20:13 . 2011-10-09 21:04 -------- d-----w- c:\users\GAME\AppData\Local\Readon_Technology
2011-10-09 20:11 . 2011-10-09 20:14 -------- d-----w- c:\program files (x86)\Readon Technology
2011-10-03 14:08 . 2011-10-03 14:08 -------- d-----w- c:\users\GAME\AppData\Local\EA Games
2011-10-03 13:54 . 2011-10-03 13:54 -------- d-----w- c:\programdata\Solidshield
2011-10-02 19:25 . 2011-10-02 19:26 807424 ----a-w- c:\windows\SysWow64\utilhlps.exe
2011-10-02 19:25 . 2011-10-02 19:25 -------- d-----w- c:\program files (x86)\CodiGirls KM
2011-09-30 18:48 . 2011-06-22 13:23 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2011-09-30 18:48 . 2011-09-30 18:48 -------- d-----w- c:\program files (x86)\Intel
2011-09-30 18:48 . 2011-09-30 18:48 -------- d-----w- C:\Intel
2011-09-30 18:47 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difxab81.rra
2011-09-30 18:30 . 2009-04-02 09:33 2873820 ------w- c:\windows\SysWow64\Sens_oal.dll
2011-09-30 17:42 . 2011-09-30 18:07 -------- d-----w- c:\users\GAME\AppData\Local\ESN Sonar
2011-09-30 17:39 . 2011-09-30 17:39 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-30 17:21 . 2011-09-30 17:21 -------- d-----w- c:\users\GAME\AppData\Roaming\com.amsoft.Autoskola-user.F7413B326E7EE190C62FFECB0195DD73C683900A.1
2011-09-30 17:06 . 2011-10-08 19:49 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-30 16:27 . 2011-09-30 16:27 -------- d-----w- c:\users\GAME\AppData\Roaming\Origin
2011-09-30 16:27 . 2011-09-30 16:27 -------- d-----w- c:\users\GAME\AppData\Local\Origin
2011-09-30 16:24 . 2011-09-30 17:06 -------- d-----w- c:\programdata\Origin
2011-09-30 16:24 . 2011-09-30 16:27 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-30 16:24 . 2011-10-08 18:47 -------- d-----w- c:\program files (x86)\Origin
2011-09-29 17:27 . 2011-09-29 17:27 -------- d-----w- c:\windows\SysWow64\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 01:03 . 2011-05-28 18:00 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-28 01:03 . 2011-05-28 18:00 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-28 01:02 . 2011-05-28 18:00 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-23 14:17 . 2011-06-17 17:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-09 19:03 . 2010-06-05 19:20 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-03 03:06 . 2010-06-09 14:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-09 12:24 . 2011-08-09 12:24 202576 ----a-w- c:\windows\system32\drivers\eamonm.sys
2011-08-04 07:20 . 2011-08-04 07:20 62496 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2011-08-04 07:20 . 2011-08-04 07:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2011-08-04 07:20 . 2011-08-04 07:20 187632 ----a-w- c:\windows\system32\drivers\epfw.sys
2011-08-04 07:20 . 2011-08-04 07:20 146432 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-08-03 11:50 . 2011-05-17 20:52 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2011-04-07 21:19 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-04-07 21:19 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-04-07 21:19 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-08-03 11:50 . 2011-04-07 21:19 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-04-07 21:18 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-03-26 16:33 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 11:50 . 2009-09-27 16:22 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2009-07-13 21:59 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-19 3077528]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-29 399736]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"tray_ico0"="c:\windows\update.tray-3-0\svchost.exe" [2011-10-28 1201152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\iOS Skin Pack\RocketDock\RocketDock.exe [N/A]
UberIcon.lnk - c:\windows\iOS Skin Pack\UberIcon\UberIcon.exe [N/A]
YzShadow.lnk - c:\windows\iOS Skin Pack\YzShadow\YzShadow.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-17 79360]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 MSIGreenPower;MSIGreenPower;c:\program files (x86)\MSI\DualCoreCenter\Green Power Center\NTGLM7X64.sys [x]
R3 MSIGreenPowerRushTop;MSIGreenPowerRushTop;c:\program files (x86)\MSI\DualCoreCenter\Green Power Center\RushTop64.sys [x]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-10-24 19952]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 RushTopDevice_J;RushTopDevice_J;c:\program files (x86)\MSI\DualCoreCenter\Green Power Center\RushJ64.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 MSUtilHelpSvc;Utility Helper Service;c:\windows\SysWOW64\utilhlps.exe [2011-10-02 807424]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2011-10-26 191440]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-03 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-10-18 13:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28CF50DA-4A17-4442-BBF9-D916BFDE072C}]
2010-12-22 19:26 227640 ----a-w- c:\programdata\PageshotsPro\pageshots_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.bigseekpro.com/lionskin/{A56C97E4-A ... C77FF2530A}
uSearchAssistant = hxxp://search.qip.ru/ie
uCustomizeSearch = hxxp://www.Google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: facebook.com\www
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.2.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/lionskin/{A56C97E4-A ... C77FF2530A}
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=sm&tb_ver=1.1.6&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: NCH Community Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
FF - Ext: LionSkin DB Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Asociace souborů -------
.
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
Wow6432Node-HKLM-Run-wxpdrv - c:\windows\services32.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{043C5167-00BB-4324-AF7E-62013FAEDACF}"=hex:51,66,7a,6c,4c,1d,38,12,09,52,2f,
00,89,4e,4a,06,d0,68,21,41,3a,f0,9e,db
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=hex:51,66,7a,6c,4c,1d,38,12,78,38,4c,
81,00,23,88,0a,f5,40,f8,f6,90,c6,d4,52
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,
37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"=hex:51,66,7a,6c,4c,1d,38,12,fb,9f,4c,
a1,83,65,cc,0b,c3,61,9c,ea,b2,d6,76,da
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,
f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1b,9f,14,c0,79,3f,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,da,b4,59,57,68,63,41,a2,51,2b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,da,b4,59,57,68,63,41,a2,51,2b,\
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:6b,10,18,69,0c,e1,a1,40,5a,d3,fc,b3,2c,2f,96,0d,fd,c6,d5,e5,17,db,2b,
c7,ef,67,ce,cc,59,36,29,20,44,6e,9f,a8,35,ab,a5,93,e8,6e,c1,60,b6,54,06,9f,\
"??"=hex:b6,17,b9,39,75,bc,67,94,74,cc,4f,d6,00,71,bf,a3
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\SecuROM\License information*]
"datasecu"=hex:60,b1,8d,b7,a1,e6,fe,31,cd,4f,8c,d6,4f,40,0d,9b,71,07,35,97,ff,
dc,8d,04,1d,87,cc,ff,17,37,4e,dc,fe,28,68,97,2f,aa,97,31,26,52,46,d2,7f,e7,\
"rkeysecu"=hex:43,77,72,ad,a4,36,ca,25,04,04,dd,ba,19,8b,36,1e
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\e:\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T16:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T16:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T16:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\e:\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"2011-10-10T16:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00"
"qkrcodecs4.dll"=multi:"2011-10-10T16:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00"
"qtwcodecs4.dll"=multi:"2011-10-10T16:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00"
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\e:\b*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T16:42\00\00"
"qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\e:\b*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Celkový čas: 2011-10-29 12:53:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-29 10:53
.
Před spuštěním: Volných bajtů: 129 178 566 656
Po spuštění: Volných bajtů: 128 784 732 160
.
- - End Of File - - 16F284E9476CF9BF402E6CBFB60BB591

Btw. Po tomto procesu mi nejde na PC nic..+ Je všechno značeno pro smazání

(Chrome, IE, Mozilla, AIMP3, prostě žádné aplikace.)

chodnik74 · #6 Příspěvek od **chodnik74** » 29 říj 2011 12:16

Pokračovat budeme navečer, protože teď musím jít pomoc rodičům s něčím.. smazalo to v chrome nějaký minibar a v mozille vyhledávací plugin, ale to by nemělo bránít běhu aplikace..v pc máme ještě virus..takže ještě nemůžete očekávat, že pojede vše jak má..zkuste zatím nefungující aplikace přeinstalovat...pak vám napíši dočišťovací script...

Andyfuk · #7 Příspěvek od **Andyfuk** » 29 říj 2011 12:18

Navečer? To je tak v kolik? Jelikož to dost spěchá mám ještě nějakou práci na PC

//e - Už zase mi nejde FB..

chodnik74 · #8 Příspěvek od **chodnik74** » 29 říj 2011 16:27

Bohužel nejsme placená podpora a neživý nás forum, čili máme i svůj osobní život a povinnosti, to je třeba respektovat.. jdeme na to

Odinstalujte všechny nepotřebné toolbary

Otevřeme si Poznámkový blok Obrázek

(stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)

Vložíme do něj následující script:

Kód: Vybrat vše


KillAll::

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\SecuROM\License information*]
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\e:\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\e:\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\e:\b*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Firefox::
FF - ProfilePath - c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/lionskin/{A56C97E4-A021-41A5-BF26-FBC77FF2530A}
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.6&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: NCH Community Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
FF - Ext: LionSkin DB Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

DDS::
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.bigseekpro.com/lionskin/{A56C97E4-A021-41A5-BF26-FBC77FF2530A}
uSearchAssistant = hxxp://search.qip.ru/ie
Trusted Zone: facebook.com\www
Trusted Zone: mojebanka.cz\www

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-
"QuickTime Task"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"=-
"uTorrent"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"tray_ico0"=-

Folder::
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk
c:\users\UpdatusUser\AppData\Local\temp
c:\users\Default\AppData\Local\temp

File::
c:\windows\SysWow64\qst67525xi.exe
c:\windows\unrar.exe

Reboot::

Soubor uložíme na Plochu jako CFScript.txt
Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
Poté Combofix provede všechny operace a udělá nový log,který sem vložte

Může se stát,že po aplikaci scriptu nenaběhne Windows běžným způsobem.V tomto případě restartujte počítač a při startu mačkejte F8 a zvolte možnost Poslední známá funkční konfigurace

Andyfuk · #9 Příspěvek od **Andyfuk** » 29 říj 2011 16:59

Nový Log -

ComboFix 11-10-29.03 - GAME 29.10.2011 17:36:48.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4095.2290 [GMT 2:00]
Spuštěný z: c:\users\GAME\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\GAME\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\qst67525xi.exe"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Local\temp
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitAutoCompleteSearch.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitAutoCompleteSearch.xpt
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitToolbar.idl
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitToolbar.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitToolbar.xpt
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\FFExternalAlert.dll
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\FFExternalAlert.xpt
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.dll
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.xpt
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\alertSettingsComponent.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\appContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\default_radio_skin.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\engineContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\engineSettings.json
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\fbAlert.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\getAppsContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\postAppsContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\toolbarContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\unsharedAppsContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\chrome.manifest
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\chrome\brothersoft_extreme.jar
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\install.rdf
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\lib\xpcom.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\manifest.mf
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\zigbert.rsa
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\zigbert.sf
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.gif
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.ico
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.PNG
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.src
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\setup.ini
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\version.txt
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\ConduitAutoCompleteSearch.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\ConduitAutoCompleteSearch.xpt
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.xpt
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCoreGecko19.dll
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults\alertSettingsComponent.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults\appContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults\engineContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults\engineSettings.json
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults\fbAlert.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults\getAppsContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults\postAppsContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults\toolbarContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults\unsharedAppsContextMenu.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\chrome.manifest
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\chrome\nch.jar
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\install.rdf
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\META-INF\manifest.mf
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\META-INF\zigbert.rsa
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\META-INF\zigbert.sf
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\DataStructures.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\EBEncryption.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\ExternalLibraryLoader.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\HTTP.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\Chat.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\IO.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\Log.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\MainSingleton.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\MD5.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\Notifications.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\ObserversAndEvents.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\Prefs.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\SearchProtector.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\SearchSuggestIO.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\String.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\TEAEncryption.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\Timer.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\Twitter.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\URL.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\Windows.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\modules\XML.jsm
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\searchplugin\conduit.xml
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\setup.ini
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\version.txt
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\components\toolbarhomeApi.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\chrome.manifest
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\chrome\vshare.jar
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\install.rdf
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\locale\en-US\global.dtd
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\locale\en-US\global.properties
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\modules\configuration.js
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\modules\configuration_0.css
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\modules\configuration_0.xul
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\modules\configuration_1.css
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\modules\configuration_1.xul
c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\extensions\vshare@toolbar\modules\vshareJsm.js
c:\users\UpdatusUser\AppData\Local\temp
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\SysWow64\qst67525xi.exe
c:\windows\ufa
c:\windows\ufa.rar
c:\windows\unrar.exe
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0\svchost.exe
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-29 )))))))))))))))))))))))))))))))
.
.
2011-10-29 15:45 . 2011-10-29 15:45 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-10-29 11:43 . 2011-10-29 11:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-29 11:35 . 2011-10-29 11:35 -------- d-----w- c:\users\GAME\AppData\Roaming\SUPERAntiSpyware.com
2011-10-29 11:35 . 2011-10-29 11:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-29 11:35 . 2011-10-29 11:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-29 10:04 . 2011-10-29 11:47 -------- d-----w- c:\program files\trend micro
2011-10-29 10:04 . 2011-10-29 10:04 -------- d-----w- C:\rsit
2011-10-29 09:48 . 2011-10-29 09:48 512 ----a-w- C:\PhysicalMBR.bin
2011-10-29 04:33 . 2011-10-29 04:33 -------- d-----w- c:\program files (x86)\ESET
2011-10-28 21:58 . 2011-10-28 21:58 -------- d-----w- c:\users\GAME\AppData\Local\Arktos
2011-10-28 20:22 . 2011-10-28 20:22 -------- d-----w- c:\users\GAME\AppData\Local\Chromium
2011-10-28 15:51 . 2011-10-28 15:51 -------- d-----w- c:\program files (x86)\THQ
2011-10-28 14:19 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EFC4185-9340-4A30-BBB7-B73DF1260B95}\mpengine.dll
2011-10-28 00:14 . 2011-10-10 14:42 2580552 ----a-r- c:\windows\SysWow64\pbsvc.exe
2011-10-26 16:19 . 2011-10-26 16:19 -------- d-----w- c:\users\GAME\AppData\Local\Facebook
2011-10-24 19:53 . 2011-10-24 19:53 -------- d-----w- c:\users\GAME\AppData\Local\Criterion Games
2011-10-24 16:49 . 2011-10-24 16:50 -------- d-----w- c:\program files (x86)\Skin Pack
2011-10-24 16:49 . 2010-11-20 12:16 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-10-24 16:47 . 2010-11-20 12:21 2202624 ----a-w- c:\windows\SysWow64\SensorsCpl.dll
2011-10-24 16:47 . 2010-11-20 12:20 441856 ----a-w- c:\windows\SysWow64\powercpl.dll
2011-10-24 16:47 . 2009-07-14 01:16 629760 ----a-w- c:\windows\SysWow64\pmcsnap.dll
2011-10-24 16:47 . 2010-11-20 12:20 600576 ----a-w- c:\windows\SysWow64\PerfCenterCPL.dll
2011-10-24 16:47 . 2010-11-20 12:20 859648 ----a-w- c:\windows\SysWow64\OobeFldr.dll
2011-10-24 16:47 . 2009-07-14 01:09 229376 ----a-w- c:\windows\SysWow64\odbcint.dll
2011-10-24 16:47 . 2010-11-20 12:20 1661440 ----a-w- c:\windows\SysWow64\networkexplorer.dll
2011-10-24 16:47 . 2010-11-20 12:20 1644032 ----a-w- c:\windows\SysWow64\netcenter.dll
2011-10-24 16:47 . 2009-07-14 01:16 229888 ----a-w- c:\windows\SysWow64\mycomput.dll
2011-10-24 16:47 . 2009-07-14 01:15 181760 ----a-w- c:\windows\SysWow64\miguiresource.dll
2011-10-24 16:47 . 2009-07-14 01:15 218624 ----a-w- c:\windows\SysWow64\iscsicpl.dll
2011-10-24 16:23 . 2011-10-26 19:48 -------- d-----w- c:\users\GAME\AppData\Roaming\AIMP3
2011-10-24 16:23 . 2011-10-24 16:23 -------- d-----w- c:\program files (x86)\AIMP3
2011-10-23 02:48 . 2011-10-23 02:48 -------- d-----w- c:\users\GAME\AppData\Roaming\Mozilla-Cache
2011-10-23 02:47 . 2011-10-23 02:47 -------- d-----w- C:\Programs
2011-10-23 01:12 . 2011-10-23 01:12 -------- d-----w- c:\program files\Steam
2011-10-22 22:19 . 2011-10-23 00:31 -------- d-----w- c:\users\GAME\AppData\Local\Ubisoft Game Launcher
2011-10-20 20:25 . 2011-10-20 20:25 -------- d-----w- c:\program files\Firefly Studios
2011-10-20 12:46 . 2011-10-20 12:46 -------- d-----w- c:\program files (x86)\QipGuard
2011-10-19 21:32 . 2011-10-19 21:32 -------- d-----w- c:\users\GAME\AppData\Roaming\InstallShield Installation Information
2011-10-19 21:32 . 2011-10-19 21:32 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-10-19 21:25 . 2011-10-28 01:05 -------- d-----w- c:\program files (x86)\Vogster Entertainment
2011-10-18 21:44 . 2011-10-18 21:49 -------- d-----w- c:\users\GAME\AppData\Roaming\PhotoScape
2011-10-18 21:43 . 2011-10-18 21:43 -------- d-----w- c:\program files (x86)\PhotoScape
2011-10-12 13:06 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 13:06 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 13:06 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 13:06 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 13:06 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 13:06 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 13:06 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 13:06 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 13:06 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-10 21:59 . 2011-10-10 22:00 -------- d-----w- c:\programdata\Readon
2011-10-09 20:27 . 2011-10-09 20:27 -------- d-----w- c:\programdata\SplitMediaLabs
2011-10-09 20:27 . 2011-10-09 20:27 -------- d-----w- c:\users\GAME\AppData\Roaming\SplitMediaLabs
2011-10-09 20:13 . 2011-10-09 21:04 -------- d-----w- c:\users\GAME\AppData\Local\Readon_Technology
2011-10-09 20:11 . 2011-10-09 20:14 -------- d-----w- c:\program files (x86)\Readon Technology
2011-10-03 14:08 . 2011-10-03 14:08 -------- d-----w- c:\users\GAME\AppData\Local\EA Games
2011-10-03 13:54 . 2011-10-03 13:54 -------- d-----w- c:\programdata\Solidshield
2011-10-02 19:25 . 2011-10-02 19:26 807424 ----a-w- c:\windows\SysWow64\utilhlps.exe
2011-10-02 19:25 . 2011-10-02 19:25 -------- d-----w- c:\program files (x86)\CodiGirls KM
2011-09-30 18:48 . 2011-06-22 13:23 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2011-09-30 18:48 . 2011-09-30 18:48 -------- d-----w- c:\program files (x86)\Intel
2011-09-30 18:48 . 2011-09-30 18:48 -------- d-----w- C:\Intel
2011-09-30 18:47 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difxab81.rra
2011-09-30 18:30 . 2009-04-02 09:33 2873820 ------w- c:\windows\SysWow64\Sens_oal.dll
2011-09-30 17:42 . 2011-09-30 18:07 -------- d-----w- c:\users\GAME\AppData\Local\ESN Sonar
2011-09-30 17:39 . 2011-09-30 17:39 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-09-30 17:21 . 2011-09-30 17:21 -------- d-----w- c:\users\GAME\AppData\Roaming\com.amsoft.Autoskola-user.F7413B326E7EE190C62FFECB0195DD73C683900A.1
2011-09-30 17:06 . 2011-10-08 19:49 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-09-30 16:27 . 2011-09-30 16:27 -------- d-----w- c:\users\GAME\AppData\Roaming\Origin
2011-09-30 16:27 . 2011-09-30 16:27 -------- d-----w- c:\users\GAME\AppData\Local\Origin
2011-09-30 16:24 . 2011-09-30 17:06 -------- d-----w- c:\programdata\Origin
2011-09-30 16:24 . 2011-09-30 16:27 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-30 16:24 . 2011-10-08 18:47 -------- d-----w- c:\program files (x86)\Origin
2011-09-29 17:27 . 2011-09-29 17:27 -------- d-----w- c:\windows\SysWow64\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 01:03 . 2011-05-28 18:00 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-28 01:03 . 2011-05-28 18:00 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-28 01:02 . 2011-05-28 18:00 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-23 14:17 . 2011-06-17 17:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-09 19:03 . 2010-06-05 19:20 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-03 03:06 . 2010-06-09 14:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-31 15:00 . 2010-11-12 19:53 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-09 12:24 . 2011-08-09 12:24 202576 ----a-w- c:\windows\system32\drivers\eamonm.sys
2011-08-04 07:20 . 2011-08-04 07:20 62496 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2011-08-04 07:20 . 2011-08-04 07:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2011-08-04 07:20 . 2011-08-04 07:20 187632 ----a-w- c:\windows\system32\drivers\epfw.sys
2011-08-04 07:20 . 2011-08-04 07:20 146432 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-08-03 11:50 . 2011-05-17 20:52 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2011-04-07 21:19 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-04-07 21:19 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-04-07 21:19 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-08-03 11:50 . 2011-04-07 21:19 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-04-07 21:18 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-03-26 16:33 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 11:50 . 2009-09-27 16:22 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2009-07-13 21:59 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-29_10.46.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-10-29 09:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-29 11:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-29 11:48 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-29 09:16 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-29 09:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-29 11:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-26 16:40 . 2011-10-29 15:48 69950 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-29 15:48 36914 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-26 16:15 . 2011-10-29 15:48 19516 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4285535737-698878448-3188201288-1001_UserData.bin
- 2011-10-29 10:46 . 2011-10-29 10:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-29 15:46 . 2011-10-29 15:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-29 10:46 . 2011-10-29 10:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-29 15:46 . 2011-10-29 15:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-10-29 10:45 526200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-29 15:45 526200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-06 21:32 . 2011-10-29 15:45 6914580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4285535737-698878448-3188201288-1001-8192.dat
- 2010-10-06 21:32 . 2011-10-28 22:52 6914580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4285535737-698878448-3188201288-1001-8192.dat
+ 2010-05-26 17:36 . 2011-10-29 15:45 11616312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4285535737-698878448-3188201288-1001-12288.dat
- 2010-05-26 17:36 . 2011-10-29 10:45 11616312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4285535737-698878448-3188201288-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\iOS Skin Pack\RocketDock\RocketDock.exe [N/A]
UberIcon.lnk - c:\windows\iOS Skin Pack\UberIcon\UberIcon.exe [N/A]
YzShadow.lnk - c:\windows\iOS Skin Pack\YzShadow\YzShadow.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-17 79360]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 MSIGreenPower;MSIGreenPower;c:\program files (x86)\MSI\DualCoreCenter\Green Power Center\NTGLM7X64.sys [x]
R3 MSIGreenPowerRushTop;MSIGreenPowerRushTop;c:\program files (x86)\MSI\DualCoreCenter\Green Power Center\RushTop64.sys [x]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-10-24 19952]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 RushTopDevice_J;RushTopDevice_J;c:\program files (x86)\MSI\DualCoreCenter\Green Power Center\RushJ64.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 MSUtilHelpSvc;Utility Helper Service;c:\windows\SysWOW64\utilhlps.exe [2011-10-02 807424]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2011-10-26 191440]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-03 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - SASDIFSV
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-10-18 13:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
uCustomizeSearch = hxxp://www.Google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\GAME\AppData\Roaming\Mozilla\Firefox\Profiles\v0prsbuk.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:6b,10,18,69,0c,e1,a1,40,5a,d3,fc,b3,2c,2f,96,0d,fd,c6,d5,e5,17,db,2b,
c7,ef,67,ce,cc,59,36,29,20,44,6e,9f,a8,35,ab,a5,93,e8,6e,c1,60,b6,54,06,9f,\
"??"=hex:b6,17,b9,39,75,bc,67,94,74,cc,4f,d6,00,71,bf,a3
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\SecuROM\License information*]
"datasecu"=hex:60,b1,8d,b7,a1,e6,fe,31,cd,4f,8c,d6,4f,40,0d,9b,71,07,35,97,ff,
dc,8d,04,1d,87,cc,ff,17,37,4e,dc,fe,28,68,97,2f,aa,97,31,26,52,46,d2,7f,e7,\
"rkeysecu"=hex:43,77,72,ad,a4,36,ca,25,04,04,dd,ba,19,8b,36,1e
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\e:\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T16:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T16:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T16:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\e:\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"2011-10-10T16:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00"
"qkrcodecs4.dll"=multi:"2011-10-10T16:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00"
"qtwcodecs4.dll"=multi:"2011-10-10T16:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00"
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\e:\b*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T16:42\00\00"
"qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_USERS\S-1-5-21-4285535737-698878448-3188201288-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\e:\b*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Celkový čas: 2011-10-29 17:53:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-29 15:53
ComboFix2.txt 2011-10-29 10:53
.
Před spuštěním: Volných bajtů: 128 758 824 960
Po spuštění: Volných bajtů: 128 613 797 888
.
- - End Of File - - F58EEF567D775F772276FE846D7DD94B

chodnik74 · #10 Příspěvek od **chodnik74** » 29 říj 2011 17:02

Vidím malwarebytes.. udělejte Úplnou kontrolu a vložte mi sem log

Andyfuk · #11 Příspěvek od **Andyfuk** » 29 říj 2011 17:49

Bude to trochu na dlouho jelikož můj kompl obsahuje mnoho programů, složek

Pak to editnu

chodnik74 · #12 Příspěvek od **chodnik74** » 29 říj 2011 17:52

Nic needitovat, vždy jako nový příspěvěk

je to přehlednější

Andyfuk · #13 Příspěvek od **Andyfuk** » 29 říj 2011 18:24

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8041

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

29.10.2011 19:23:22
mbam-log-2011-10-29 (19-23-17).txt

Typ: Úplná kontrola (C:\|D:\|E:\|F:\|)
Kontrolované objekty: 503840
Uplynulý čas: 1 hodin, 20 minut, 24 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 12

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\codemasters\FUEL\1911.dll (Adware.Agent) -> No action taken.
c:\program files (x86)\electronic arts\battlefield bad company 2\rld-bbc2.exe (RiskWare.Tool.HCK) -> No action taken.
c:\program files (x86)\NCSoft\AionEU\Data\launcher\bin32_2.1.0.2.exe (Trojan.Backdoor) -> No action taken.
c:\programdata\pageshotspro\pageshots_x64.dll (Adware.ADON) -> No action taken.
c:\programdata\pageshotspro\pageshots_x86.dll (Adware.ADON) -> No action taken.
c:\Qoobox\quarantine\C\program files (x86)\sponsorkeyword\sponsorkeyword_uninstall.exe.vir (Adware.SponsorKeyWord) -> No action taken.
c:\Qoobox\quarantine\C\Windows\services32.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\update.1\svchost.exe.vir (Trojan.Agent) -> No action taken.
c:\Qoobox\quarantine\C\Windows\update.tray-3-0\svchost.exe.vir (Trojan.Agent) -> No action taken.
c:\Users\GAME\codemaster\FUEL\1911.dll (Adware.Agent) -> No action taken.
c:\Users\GAME\Desktop\rk_quarantine\sysdriver32.exe.vir (Trojan.Agent) -> No action taken.
c:\Users\GAME\downloads\dead-space-2-v10-12-trainer\dead space 2 v1.0 + 12 trainer.exe (HackTool.GamesCheat) -> No action taken.

chodnik74 · #14 Příspěvek od **chodnik74** » 29 říj 2011 19:36

Nalezené položky dejte smazat...

Stáhněte si TDSSKiller

Spuste program a klikněte na Start Scan
Pokud program najde infikekci,tak ji bude lecit (Cure), povolte léčení kliknutím na tlačítko Continue
Pokud program najde podezrely soubor (suspicious),bude ho chtít přeskočit (Skip), povolte přeskočení kliknutim na tlačítko Continue
Po dokončení skenování bude možná potřeba restartovat počítač,ten povolíte programu kliknutím na tlačítko Reboot now
Po restartování počítače na vás vyskočí log(pokud se tak nestane,tak ho najdete na disku,kde máte nainstalovaná systém s názvem TDSSKiller.xxxx_log.txt) a vložte mi sem jeho obsah
Pokud nebude program požadovat restartování počítače,klikněte na tlačítko Close a následně na Report , čímž se Vám vytvoří log a jeho obsah mu sem vložte

Popište chování PC... nefungující programy a antivir přeinstalujte. Poté mi vložte nový log z RSIT ještě..

pokračujeme zítra..dobrou noc

Andyfuk · #15 Příspěvek od **Andyfuk** » 29 říj 2011 19:55

TDSSKiller Log

20:36:43.0641 4468 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
20:36:43.0972 4468 ============================================================
20:36:43.0972 4468 Current date / time: 2011/10/29 20:36:43.0972
20:36:43.0972 4468 SystemInfo:
20:36:43.0972 4468
20:36:43.0972 4468 OS Version: 6.1.7601 ServicePack: 1.0
20:36:43.0972 4468 Product type: Workstation
20:36:43.0972 4468 ComputerName: GAME-PC
20:36:43.0972 4468 UserName: GAME
20:36:43.0972 4468 Windows directory: C:\Windows
20:36:43.0972 4468 System windows directory: C:\Windows
20:36:43.0972 4468 Running under WOW64
20:36:43.0972 4468 Processor architecture: Intel x64
20:36:43.0972 4468 Number of processors: 4
20:36:43.0972 4468 Page size: 0x1000
20:36:43.0972 4468 Boot type: Normal boot
20:36:43.0972 4468 ============================================================
20:36:48.0372 4468 Initialize success
20:36:51.0850 3572 ============================================================
20:36:51.0850 3572 Scan started
20:36:51.0850 3572 Mode: Manual;
20:36:51.0850 3572 ============================================================
20:36:53.0157 3572 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:36:53.0160 3572 1394ohci - ok
20:36:53.0220 3572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:36:53.0224 3572 ACPI - ok
20:36:53.0258 3572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:36:53.0259 3572 AcpiPmi - ok
20:36:53.0319 3572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:36:53.0324 3572 adp94xx - ok
20:36:53.0372 3572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:36:53.0391 3572 adpahci - ok
20:36:53.0431 3572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:36:53.0434 3572 adpu320 - ok
20:36:53.0494 3572 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:36:53.0499 3572 AFD - ok
20:36:53.0524 3572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:36:53.0526 3572 agp440 - ok
20:36:53.0540 3572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:36:53.0541 3572 aliide - ok
20:36:53.0552 3572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:36:53.0553 3572 amdide - ok
20:36:53.0577 3572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:36:53.0579 3572 AmdK8 - ok
20:36:53.0599 3572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:36:53.0600 3572 AmdPPM - ok
20:36:53.0726 3572 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:36:53.0759 3572 amdsata - ok
20:36:53.0792 3572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:36:53.0794 3572 amdsbs - ok
20:36:53.0862 3572 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:36:53.0887 3572 amdxata - ok
20:36:53.0966 3572 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:36:53.0967 3572 AppID - ok
20:36:54.0001 3572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:36:54.0003 3572 arc - ok
20:36:54.0022 3572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:36:54.0024 3572 arcsas - ok
20:36:54.0098 3572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:36:54.0099 3572 AsyncMac - ok
20:36:54.0119 3572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:36:54.0119 3572 atapi - ok
20:36:54.0157 3572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:36:54.0162 3572 b06bdrv - ok
20:36:54.0205 3572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:36:54.0209 3572 b57nd60a - ok
20:36:54.0220 3572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:36:54.0221 3572 Beep - ok
20:36:54.0274 3572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:36:54.0275 3572 blbdrive - ok
20:36:54.0328 3572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:36:54.0340 3572 bowser - ok
20:36:54.0366 3572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:36:54.0367 3572 BrFiltLo - ok
20:36:54.0386 3572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:36:54.0387 3572 BrFiltUp - ok
20:36:54.0462 3572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:36:54.0500 3572 Brserid - ok
20:36:54.0540 3572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:36:54.0542 3572 BrSerWdm - ok
20:36:54.0558 3572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:36:54.0559 3572 BrUsbMdm - ok
20:36:54.0579 3572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:36:54.0581 3572 BrUsbSer - ok
20:36:54.0603 3572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:36:54.0605 3572 BTHMODEM - ok
20:36:54.0774 3572 Cardex - ok
20:36:54.0782 3572 catchme - ok
20:36:54.0819 3572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:36:54.0821 3572 cdfs - ok
20:36:54.0893 3572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:36:54.0895 3572 cdrom - ok
20:36:54.0940 3572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:36:54.0941 3572 circlass - ok
20:36:54.0985 3572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:36:54.0989 3572 CLFS - ok
20:36:55.0011 3572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:36:55.0012 3572 CmBatt - ok
20:36:55.0027 3572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:36:55.0028 3572 cmdide - ok
20:36:55.0100 3572 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:36:55.0105 3572 CNG - ok
20:36:55.0123 3572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:36:55.0124 3572 Compbatt - ok
20:36:55.0181 3572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:36:55.0182 3572 CompositeBus - ok
20:36:55.0212 3572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:36:55.0213 3572 crcdisk - ok
20:36:55.0259 3572 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:36:55.0265 3572 CSC - ok
20:36:55.0320 3572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:36:55.0321 3572 DfsC - ok
20:36:55.0338 3572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:36:55.0339 3572 discache - ok
20:36:55.0353 3572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:36:55.0354 3572 Disk - ok
20:36:55.0429 3572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:36:55.0430 3572 drmkaud - ok
20:36:55.0494 3572 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:36:55.0497 3572 dtsoftbus01 - ok
20:36:55.0542 3572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:36:55.0553 3572 DXGKrnl - ok
20:36:55.0570 3572 EagleX64 - ok
20:36:55.0621 3572 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
20:36:55.0623 3572 eamonm - ok
20:36:55.0711 3572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:36:55.0745 3572 ebdrv - ok
20:36:55.0818 3572 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
20:36:55.0820 3572 ehdrv - ok
20:36:55.0870 3572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:36:55.0876 3572 elxstor - ok
20:36:55.0908 3572 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
20:36:55.0911 3572 epfw - ok
20:36:55.0957 3572 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
20:36:55.0959 3572 EpfwLWF - ok
20:36:56.0027 3572 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
20:36:56.0029 3572 epfwwfp - ok
20:36:56.0079 3572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:36:56.0080 3572 ErrDev - ok
20:36:56.0123 3572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:36:56.0125 3572 exfat - ok
20:36:56.0179 3572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:36:56.0182 3572 fastfat - ok
20:36:56.0207 3572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:36:56.0209 3572 fdc - ok
20:36:56.0243 3572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:36:56.0244 3572 FileInfo - ok
20:36:56.0261 3572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:36:56.0262 3572 Filetrace - ok
20:36:56.0272 3572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:36:56.0273 3572 flpydisk - ok
20:36:56.0326 3572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:36:56.0329 3572 FltMgr - ok
20:36:56.0362 3572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:36:56.0364 3572 FsDepends - ok
20:36:56.0393 3572 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:36:56.0394 3572 Fs_Rec - ok
20:36:56.0414 3572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:36:56.0418 3572 fvevol - ok
20:36:56.0440 3572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:36:56.0441 3572 gagp30kx - ok
20:36:56.0533 3572 GGSAFERDriver - ok
20:36:56.0537 3572 GMSIPCI - ok
20:36:56.0565 3572 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
20:36:56.0567 3572 hamachi - ok
20:36:56.0579 3572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:36:56.0580 3572 hcw85cir - ok
20:36:56.0654 3572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:36:56.0658 3572 HdAudAddService - ok
20:36:56.0683 3572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:36:56.0685 3572 HDAudBus - ok
20:36:56.0701 3572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:36:56.0702 3572 HidBatt - ok
20:36:56.0718 3572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:36:56.0720 3572 HidBth - ok
20:36:56.0744 3572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:36:56.0745 3572 HidIr - ok
20:36:56.0795 3572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:36:56.0796 3572 HidUsb - ok
20:36:56.0827 3572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:36:56.0828 3572 HpSAMD - ok
20:36:56.0887 3572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:36:56.0895 3572 HTTP - ok
20:36:56.0934 3572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:36:56.0935 3572 hwpolicy - ok
20:36:56.0952 3572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:36:56.0953 3572 i8042prt - ok
20:36:57.0012 3572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:36:57.0017 3572 iaStorV - ok
20:36:57.0061 3572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:36:57.0062 3572 iirsp - ok
20:36:57.0084 3572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:36:57.0085 3572 intelide - ok
20:36:57.0131 3572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:36:57.0132 3572 intelppm - ok
20:36:57.0211 3572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:57.0213 3572 IpFilterDriver - ok
20:36:57.0236 3572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:36:57.0238 3572 IPMIDRV - ok
20:36:57.0259 3572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:36:57.0260 3572 IPNAT - ok
20:36:57.0291 3572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:36:57.0292 3572 IRENUM - ok
20:36:57.0320 3572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:36:57.0322 3572 isapnp - ok
20:36:57.0355 3572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:36:57.0358 3572 iScsiPrt - ok
20:36:57.0415 3572 JRAID (c0d9ba660a41ee8a269ef804e6cd0d7b) C:\Windows\system32\DRIVERS\jraid.sys
20:36:57.0417 3572 JRAID - ok
20:36:57.0454 3572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:36:57.0455 3572 kbdclass - ok
20:36:57.0501 3572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:36:57.0502 3572 kbdhid - ok
20:36:57.0543 3572 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:36:57.0545 3572 KSecDD - ok
20:36:57.0576 3572 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:36:57.0578 3572 KSecPkg - ok
20:36:57.0616 3572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:36:57.0617 3572 ksthunk - ok
20:36:57.0685 3572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:36:57.0687 3572 lltdio - ok
20:36:57.0727 3572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:36:57.0729 3572 LSI_FC - ok
20:36:57.0738 3572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:36:57.0740 3572 LSI_SAS - ok
20:36:57.0759 3572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:36:57.0760 3572 LSI_SAS2 - ok
20:36:57.0791 3572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:36:57.0793 3572 LSI_SCSI - ok
20:36:57.0836 3572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:36:57.0838 3572 luafv - ok
20:36:57.0900 3572 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
20:36:57.0902 3572 MBAMProtector - ok
20:36:57.0941 3572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:36:57.0943 3572 megasas - ok
20:36:57.0985 3572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:36:57.0989 3572 MegaSR - ok
20:36:58.0052 3572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:36:58.0053 3572 Modem - ok
20:36:58.0080 3572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:36:58.0081 3572 monitor - ok
20:36:58.0090 3572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:36:58.0091 3572 mouclass - ok
20:36:58.0106 3572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:36:58.0107 3572 mouhid - ok
20:36:58.0156 3572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:36:58.0157 3572 mountmgr - ok
20:36:58.0187 3572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:36:58.0189 3572 mpio - ok
20:36:58.0197 3572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:36:58.0199 3572 mpsdrv - ok
20:36:58.0235 3572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:36:58.0237 3572 MRxDAV - ok
20:36:58.0275 3572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:58.0278 3572 mrxsmb - ok
20:36:58.0320 3572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:58.0323 3572 mrxsmb10 - ok
20:36:58.0345 3572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:58.0347 3572 mrxsmb20 - ok
20:36:58.0372 3572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:36:58.0373 3572 msahci - ok
20:36:58.0399 3572 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:36:58.0401 3572 msdsm - ok
20:36:58.0445 3572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:36:58.0446 3572 Msfs - ok
20:36:58.0462 3572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:36:58.0463 3572 mshidkmdf - ok
20:36:58.0509 3572 MSIGreenPower - ok
20:36:58.0513 3572 MSIGreenPowerRushTop - ok
20:36:58.0546 3572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:36:58.0547 3572 msisadrv - ok
20:36:58.0591 3572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:36:58.0592 3572 MSKSSRV - ok
20:36:58.0606 3572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:36:58.0606 3572 MSPCLOCK - ok
20:36:58.0621 3572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:36:58.0621 3572 MSPQM - ok
20:36:58.0673 3572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:36:58.0677 3572 MsRPC - ok
20:36:58.0729 3572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:36:58.0756 3572 mssmbios - ok
20:36:58.0909 3572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:36:58.0910 3572 MSTEE - ok
20:36:58.0944 3572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:36:58.0945 3572 MTConfig - ok
20:36:58.0990 3572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:36:58.0991 3572 Mup - ok
20:36:59.0064 3572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:36:59.0069 3572 NativeWifiP - ok
20:36:59.0123 3572 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:36:59.0133 3572 NDIS - ok
20:36:59.0156 3572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:36:59.0157 3572 NdisCap - ok
20:36:59.0188 3572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:36:59.0189 3572 NdisTapi - ok
20:36:59.0236 3572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:36:59.0237 3572 Ndisuio - ok
20:36:59.0396 3572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:36:59.0398 3572 NdisWan - ok
20:36:59.0431 3572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:36:59.0432 3572 NDProxy - ok
20:36:59.0474 3572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:36:59.0475 3572 NetBIOS - ok
20:36:59.0511 3572 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:36:59.0514 3572 NetBT - ok
20:36:59.0541 3572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:36:59.0543 3572 nfrd960 - ok
20:36:59.0580 3572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:36:59.0582 3572 Npfs - ok
20:36:59.0612 3572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:36:59.0613 3572 nsiproxy - ok
20:36:59.0616 3572 NTACCESS - ok
20:36:59.0684 3572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:36:59.0702 3572 Ntfs - ok
20:36:59.0735 3572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:36:59.0736 3572 Null - ok
20:37:00.0016 3572 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:37:00.0142 3572 nvlddmkm - ok
20:37:00.0207 3572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:37:00.0222 3572 nvraid - ok
20:37:00.0289 3572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:37:00.0292 3572 nvstor - ok
20:37:00.0374 3572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:37:00.0376 3572 nv_agp - ok
20:37:00.0443 3572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:37:00.0445 3572 ohci1394 - ok
20:37:00.0502 3572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:37:00.0504 3572 Parport - ok
20:37:00.0561 3572 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:37:00.0563 3572 partmgr - ok
20:37:00.0595 3572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:37:00.0597 3572 pci - ok
20:37:00.0630 3572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:37:00.0631 3572 pciide - ok
20:37:00.0674 3572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:37:00.0677 3572 pcmcia - ok
20:37:00.0705 3572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:37:00.0706 3572 pcw - ok
20:37:00.0749 3572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:37:00.0756 3572 PEAUTH - ok
20:37:00.0838 3572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:37:00.0839 3572 PptpMiniport - ok
20:37:00.0878 3572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:37:00.0880 3572 Processor - ok
20:37:00.0944 3572 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:37:00.0946 3572 Psched - ok
20:37:01.0008 3572 PSSDK42 (cd33cb6fecf65520466f95ab89cc4af5) C:\Windows\system32\Drivers\pssdk42.sys
20:37:01.0009 3572 PSSDK42 - ok
20:37:01.0074 3572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:37:01.0090 3572 ql2300 - ok
20:37:01.0117 3572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:37:01.0119 3572 ql40xx - ok
20:37:01.0130 3572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:37:01.0131 3572 QWAVEdrv - ok
20:37:01.0152 3572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:37:01.0153 3572 RasAcd - ok
20:37:01.0179 3572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:37:01.0181 3572 RasAgileVpn - ok
20:37:01.0270 3572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:37:01.0272 3572 Rasl2tp - ok
20:37:01.0299 3572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:37:01.0300 3572 RasPppoe - ok
20:37:01.0319 3572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:37:01.0321 3572 RasSstp - ok
20:37:01.0366 3572 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:37:01.0370 3572 rdbss - ok
20:37:01.0404 3572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:37:01.0405 3572 rdpbus - ok
20:37:01.0419 3572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:37:01.0420 3572 RDPCDD - ok
20:37:01.0477 3572 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:37:01.0479 3572 RDPDR - ok
20:37:01.0507 3572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:37:01.0508 3572 RDPENCDD - ok
20:37:01.0533 3572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:37:01.0534 3572 RDPREFMP - ok
20:37:01.0576 3572 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:37:01.0579 3572 RDPWD - ok
20:37:01.0623 3572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:37:01.0626 3572 rdyboost - ok
20:37:01.0727 3572 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
20:37:01.0728 3572 RivaTuner64 - ok
20:37:01.0783 3572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:37:01.0807 3572 rspndr - ok
20:37:01.0861 3572 RTL2832UBDA (56fc4c1b3495b9a0409436040e44bf53) C:\Windows\system32\drivers\RTL2832UBDA.sys
20:37:01.0863 3572 RTL2832UBDA - ok
20:37:01.0976 3572 RTL2832UUSB (8e2a74a4bce6c4df394042d2eee461e3) C:\Windows\system32\Drivers\RTL2832UUSB.sys
20:37:01.0978 3572 RTL2832UUSB - ok
20:37:02.0034 3572 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:37:02.0041 3572 RTL8167 - ok
20:37:02.0044 3572 RushTopDevice_J - ok
20:37:02.0088 3572 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:37:02.0089 3572 s3cap - ok
20:37:02.0167 3572 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:37:02.0168 3572 SASDIFSV - ok
20:37:02.0178 3572 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:37:02.0179 3572 SASKUTIL - ok
20:37:02.0200 3572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:37:02.0202 3572 sbp2port - ok
20:37:02.0249 3572 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
20:37:02.0251 3572 SCDEmu - ok
20:37:02.0428 3572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:37:02.0429 3572 scfilter - ok
20:37:02.0492 3572 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys
20:37:02.0494 3572 ScreamBAudioSvc - ok
20:37:02.0523 3572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:37:02.0524 3572 secdrv - ok
20:37:02.0618 3572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:37:02.0619 3572 Serenum - ok
20:37:02.0636 3572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:37:02.0638 3572 Serial - ok
20:37:02.0680 3572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:37:02.0682 3572 sermouse - ok
20:37:02.0696 3572 SetupNTGLM7X - ok
20:37:02.0745 3572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:37:02.0823 3572 sffdisk - ok
20:37:02.0878 3572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:37:02.0881 3572 sffp_mmc - ok
20:37:02.0913 3572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:37:02.0915 3572 sffp_sd - ok
20:37:02.0947 3572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:37:02.0948 3572 sfloppy - ok
20:37:02.0996 3572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:37:02.0997 3572 SiSRaid2 - ok
20:37:03.0019 3572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:37:03.0020 3572 SiSRaid4 - ok
20:37:03.0050 3572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:37:03.0052 3572 Smb - ok
20:37:03.0097 3572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:37:03.0098 3572 spldr - ok
20:37:03.0190 3572 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
20:37:03.0190 3572 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
20:37:03.0192 3572 sptd ( LockedFile.Multi.Generic ) - warning
20:37:03.0192 3572 sptd - detected LockedFile.Multi.Generic (1)
20:37:03.0287 3572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:37:03.0292 3572 srv - ok
20:37:03.0338 3572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:37:03.0343 3572 srv2 - ok
20:37:03.0362 3572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:37:03.0364 3572 srvnet - ok
20:37:03.0427 3572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:37:03.0428 3572 stexstor - ok
20:37:03.0468 3572 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:37:03.0469 3572 storflt - ok
20:37:03.0500 3572 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:37:03.0501 3572 storvsc - ok
20:37:03.0521 3572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:37:03.0522 3572 swenum - ok
20:37:03.0605 3572 t3 (7eb0f5fb5f5235d86a6409b0b0d1545d) C:\Windows\system32\drivers\t3.sys
20:37:03.0612 3572 t3 - ok
20:37:03.0664 3572 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
20:37:03.0665 3572 tap0901t - ok
20:37:03.0761 3572 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
20:37:03.0782 3572 Tcpip - ok
20:37:03.0820 3572 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
20:37:03.0831 3572 TCPIP6 - ok
20:37:03.0892 3572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:37:03.0894 3572 tcpipreg - ok
20:37:04.0316 3572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:37:04.0317 3572 TDPIPE - ok
20:37:04.0429 3572 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:37:04.0430 3572 TDTCP - ok
20:37:04.0481 3572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:37:04.0483 3572 tdx - ok
20:37:04.0552 3572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:37:04.0554 3572 TermDD - ok
20:37:04.0603 3572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:37:04.0604 3572 tssecsrv - ok
20:37:04.0655 3572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:37:04.0656 3572 TsUsbFlt - ok
20:37:04.0701 3572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:37:04.0703 3572 tunnel - ok
20:37:04.0727 3572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:37:04.0729 3572 uagp35 - ok
20:37:04.0792 3572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:37:04.0796 3572 udfs - ok
20:37:04.0836 3572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:37:04.0838 3572 uliagpkx - ok
20:37:04.0878 3572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:37:04.0880 3572 umbus - ok
20:37:04.0904 3572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:37:04.0905 3572 UmPass - ok
20:37:04.0979 3572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:37:04.0981 3572 usbccgp - ok
20:37:05.0025 3572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:37:05.0027 3572 usbcir - ok
20:37:05.0064 3572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:37:05.0066 3572 usbehci - ok
20:37:05.0098 3572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:37:05.0102 3572 usbhub - ok
20:37:05.0120 3572 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:37:05.0121 3572 usbohci - ok
20:37:05.0135 3572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:37:05.0136 3572 usbprint - ok
20:37:05.0175 3572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:37:05.0177 3572 USBSTOR - ok
20:37:05.0195 3572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:37:05.0196 3572 usbuhci - ok
20:37:05.0245 3572 VCSVADHWSer (3a4b01c2bdb07dfef29b0b369487503a) C:\Windows\system32\DRIVERS\vcsvad.sys
20:37:05.0246 3572 VCSVADHWSer - ok
20:37:05.0294 3572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:37:05.0296 3572 vdrvroot - ok
20:37:05.0422 3572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:37:05.0434 3572 vga - ok
20:37:05.0549 3572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:37:05.0572 3572 VgaSave - ok
20:37:05.0665 3572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:37:05.0668 3572 vhdmp - ok
20:37:05.0753 3572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:37:05.0773 3572 viaide - ok
20:37:05.0889 3572 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:37:05.0919 3572 vmbus - ok
20:37:05.0999 3572 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:37:06.0016 3572 VMBusHID - ok
20:37:06.0050 3572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:37:06.0068 3572 volmgr - ok
20:37:06.0247 3572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:37:06.0287 3572 volmgrx - ok
20:37:06.0449 3572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:37:06.0458 3572 volsnap - ok
20:37:06.0560 3572 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
20:37:06.0581 3572 vpcbus - ok
20:37:06.0747 3572 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:37:06.0763 3572 vpcnfltr - ok
20:37:06.0811 3572 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
20:37:06.0833 3572 vpcusb - ok
20:37:06.0936 3572 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
20:37:06.0947 3572 vpcvmm - ok
20:37:07.0042 3572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:37:07.0051 3572 vsmraid - ok
20:37:07.0087 3572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:37:07.0088 3572 vwifibus - ok
20:37:07.0140 3572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:37:07.0141 3572 WacomPen - ok
20:37:07.0196 3572 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:07.0197 3572 WANARP - ok
20:37:07.0215 3572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:07.0216 3572 Wanarpv6 - ok
20:37:07.0314 3572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:37:07.0317 3572 Wd - ok
20:37:07.0355 3572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:37:07.0363 3572 Wdf01000 - ok
20:37:07.0409 3572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:37:07.0410 3572 WfpLwf - ok
20:37:07.0440 3572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:37:07.0441 3572 WIMMount - ok
20:37:07.0848 3572 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:37:07.0849 3572 WinUsb - ok
20:37:07.0872 3572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:37:07.0873 3572 WmiAcpi - ok
20:37:07.0900 3572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:37:07.0901 3572 ws2ifsl - ok
20:37:07.0952 3572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:37:07.0954 3572 WudfPf - ok
20:37:07.0990 3572 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:37:07.0992 3572 WUDFRd - ok
20:37:08.0042 3572 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:37:08.0065 3572 \Device\Harddisk0\DR0 - ok
20:37:08.0083 3572 Boot (0x1200) (ba89cffd43283b4a1ead8a3406e0d5ca) \Device\Harddisk0\DR0\Partition0
20:37:08.0084 3572 \Device\Harddisk0\DR0\Partition0 - ok
20:37:08.0100 3572 Boot (0x1200) (198d04bcefa43322ce034a48950de6a3) \Device\Harddisk0\DR0\Partition1
20:37:08.0101 3572 \Device\Harddisk0\DR0\Partition1 - ok
20:37:08.0104 3572 Boot (0x1200) (11801588b5774362a22f54582e680b21) \Device\Harddisk0\DR0\Partition2
20:37:08.0105 3572 \Device\Harddisk0\DR0\Partition2 - ok
20:37:08.0106 3572 ============================================================
20:37:08.0106 3572 Scan finished
20:37:08.0106 3572 ============================================================
20:37:08.0116 4568 Detected object count: 1
20:37:08.0116 4568 Actual detected object count: 1
20:37:49.0785 4568 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
20:37:49.0817 4568 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
20:37:49.0836 4568 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
20:37:49.0836 4568 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
20:38:06.0561 5012 Deinitialize success

VIRY.CZ

Facebook - Flash Player (Win32/Delf.QCZ)

Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)

Re: Facebook - Flash Player (Win32/Delf.QCZ)