Prosím o kontrolu logu

Zpráva

devet · #1 Příspěvek od **devet** » 02 kvě 2012 18:33

Přátelé, po čase si vás dovolui opět poprosit.
PC se již opakovaně resetoval bez mého přičinění. raději...
Děkuji předem
S úctou
juras

Logfile of random's system information tool 1.09 (written by random/random)
Run by juras at 2012-05-02 19:27:26
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 196 GB (82%) free of 238 GB
Total RAM: 2031 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:27:57, on 2.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Palm\Hotsync.exe
C:\Windows\explorer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Password Manager XP\PwdManager.exe
C:\Users\juras\Desktop\RSIT.exe
C:\Program Files\trend micro\juras.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Password Manager XP Helper - {F0BD2AEF-6A48-42DC-85CE-F4C335C59B5E} - C:\PROGRA~1\PASSWO~1\PMHelper.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Služba Acronis Scheduler2] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
O4 - HKLM\..\Run: [svchost.exe] C:\Users\juras\AppData\Roaming\svchost.exe
O4 - HKLM\..\Run: [RemoteControl11] "C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [svchost.exe] C:\Users\juras\AppData\Roaming\svchost.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill form using Password Manager XP - C:\Program Files\Password Manager XP\InsPwd.htm
O8 - Extra context menu item: Generate password using Password Manager XP - C:\Program Files\Password Manager XP\GenPwd.htm
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Save form data to Password Manager XP - C:\Program Files\Password Manager XP\SavePwd.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Password Manager XP - {7379d689-cc96-451d-b46e-6bbe4ca6b02d} - C:\Program Files\Password Manager XP\PwdManager.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba (ABBYY.Licensing.PDFTransformer.Classic.3.0) - ABBYY - C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 10335 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\DriverScanner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-21 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-21 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0BD2AEF-6A48-42DC-85CE-F4C335C59B5E}]
Password Manager XP Helper - C:\PROGRA~1\PASSWO~1\PMHelper.dll [2009-02-06 97792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2011-10-13 5574456]
"Služba Acronis Scheduler2"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2010-12-17 391144]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16 499608]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"DXM6Patch_981116"=C:\Windows\p_981116.exe [1998-11-30 497376]
"svchost.exe"=C:\Users\juras\AppData\Roaming\svchost.exe [2009-07-14 20992]
"RemoteControl11"=C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe [2011-04-20 234792]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"svchost.exe"=C:\Users\juras\AppData\Roaming\svchost.exe [2009-07-14 20992]
"SoftAuto.exe"=C:\Program Files\Creative\Software Update 3\SoftAuto.exe [2008-08-13 405504]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-02-29 17148552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3codecp"=l3codecp.acm
"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-02 19:27:27 ----D---- C:\Program Files\trend micro
2012-05-02 19:27:26 ----D---- C:\rsit
2012-05-02 18:16:31 ----D---- C:\ApolloOutput
2012-05-02 18:15:44 ----D---- C:\Program Files\No1 DVD Ripper
2012-05-02 16:37:14 ----D---- C:\Windows\Minidump
2012-04-26 13:40:19 ----D---- C:\Program Files\jv16 PowerTools 2012
2012-04-14 17:01:55 ----D---- C:\Program Files\TurAtlas
2012-04-13 12:22:18 ----D---- C:\Program Files\Yamicsoft
2012-04-11 10:16:56 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-11 10:16:56 ----A---- C:\Windows\system32\jscript9.dll
2012-04-11 10:16:56 ----A---- C:\Windows\system32\jscript.dll
2012-04-11 10:16:56 ----A---- C:\Windows\system32\iertutil.dll
2012-04-11 10:16:55 ----A---- C:\Windows\system32\wininet.dll
2012-04-11 10:16:55 ----A---- C:\Windows\system32\url.dll
2012-04-11 10:16:55 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-11 10:16:54 ----A---- C:\Windows\system32\urlmon.dll
2012-04-11 10:16:54 ----A---- C:\Windows\system32\ieui.dll
2012-04-11 10:16:52 ----A---- C:\Windows\system32\ieframe.dll
2012-04-11 10:16:51 ----A---- C:\Windows\system32\mshtml.dll
2012-04-11 10:12:22 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-11 10:12:21 ----A---- C:\Windows\system32\wmi.dll
2012-04-11 10:12:21 ----A---- C:\Windows\system32\wintrust.dll
2012-04-11 10:12:21 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-11 10:11:23 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-04-11 10:11:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-09 09:24:50 ----D---- C:\ProgramData\ZoneFiveSoftware
2012-04-07 07:25:59 ----D---- C:\Program Files\Auslogics
2012-04-05 17:55:05 ----D---- C:\Users\juras\AppData\Roaming\AVS4YOU
2012-04-05 17:53:51 ----D---- C:\Program Files\Common Files\AVSMedia
2012-04-05 17:53:46 ----D---- C:\ProgramData\AVS4YOU
2012-04-05 17:53:46 ----A---- C:\Windows\system32\GdiPlus.dll
2012-04-04 11:32:27 ----D---- C:\Users\juras\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

======List of files/folders modified in the last 1 month======

2012-05-02 19:27:51 ----D---- C:\Windows\Temp
2012-05-02 19:27:39 ----D---- C:\Windows\Prefetch
2012-05-02 19:27:27 ----D---- C:\Program Files
2012-05-02 19:27:25 ----D---- C:\Users\juras\AppData\Roaming\uTorrent
2012-05-02 19:10:53 ----D---- C:\Users\juras\AppData\Roaming\Skype
2012-05-02 18:15:46 ----D---- C:\Windows\System32
2012-05-02 17:17:49 ----D---- C:\Windows\system32\config
2012-05-02 16:42:01 ----D---- C:\Windows\inf
2012-05-02 16:42:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-02 16:37:14 ----D---- C:\Windows
2012-05-02 16:20:33 ----D---- C:\ProgramData\CyberLink
2012-05-02 15:47:58 ----D---- C:\Users\juras\AppData\Roaming\vlc
2012-05-02 15:47:46 ----D---- C:\Users\juras\AppData\Roaming\dvdcss
2012-05-02 15:26:35 ----D---- C:\Windows\Tasks
2012-05-02 15:26:35 ----D---- C:\Windows\system32\Tasks
2012-04-26 05:21:42 ----D---- C:\Program Files\CCleaner
2012-04-20 17:45:17 ----D---- C:\Windows\system32\NDF
2012-04-20 05:14:00 ----D---- C:\Program Files\uTorrent
2012-04-17 07:26:12 ----D---- C:\Windows\system32\wdi
2012-04-17 06:26:24 ----D---- C:\Users\juras\AppData\Roaming\MediaMonkey
2012-04-15 19:32:59 ----SD---- C:\Users\juras\AppData\Roaming\Microsoft
2012-04-14 18:05:09 ----D---- C:\Program Files\Mp3tag
2012-04-14 13:06:06 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-04-13 13:34:49 ----D---- C:\Windows\debug
2012-04-13 13:26:47 ----SHD---- C:\Windows\Installer
2012-04-13 12:22:21 ----SHD---- C:\Config.Msi
2012-04-12 17:37:47 ----D---- C:\Garmin
2012-04-11 10:43:28 ----RSD---- C:\Windows\assembly
2012-04-11 10:43:28 ----D---- C:\Windows\Microsoft.NET
2012-04-11 10:20:01 ----D---- C:\Windows\winsxs
2012-04-11 10:18:29 ----D---- C:\Windows\system32\migration
2012-04-11 10:18:29 ----D---- C:\Windows\system32\drivers
2012-04-11 10:18:29 ----D---- C:\Program Files\Internet Explorer
2012-04-11 10:17:45 ----D---- C:\ProgramData\Microsoft Help
2012-04-11 10:17:37 ----A---- C:\Windows\win.ini
2012-04-11 10:17:04 ----D---- C:\Windows\system32\catroot2
2012-04-11 10:17:04 ----D---- C:\Windows\system32\catroot
2012-04-11 10:12:29 ----A---- C:\Windows\system32\MRT.exe
2012-04-09 10:09:13 ----D---- C:\Windows\SoftwareDistribution
2012-04-09 10:03:39 ----D---- C:\Users\juras\AppData\Roaming\Vso
2012-04-09 09:24:50 ----HD---- C:\ProgramData
2012-04-05 17:53:51 ----D---- C:\Program Files\Common Files
2012-04-05 17:36:57 ----D---- C:\ProgramData\DVD Shrink
2012-04-05 17:35:50 ----D---- C:\Program Files\DVD Shrink
2012-04-04 14:51:29 ----D---- C:\Program Files\Adobe
2012-04-04 14:48:53 ----D---- C:\Program Files\Common Files\Adobe
2012-04-04 14:43:08 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-04-04 14:23:34 ----D---- C:\Program Files\Common Files\PX Storage Engine
2012-04-04 11:14:14 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2012-04-04 11:04:38 ----D---- C:\Windows\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2011-07-08 104024]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-03-19 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-05-26 170528]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 752128]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2011-11-14 600928]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13:41]; \??\C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 77296]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
R2 ntk_PowerDVD;ntk_PowerDVD; \??\C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-04-20 71664]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2011-11-14 167968]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-08 4450816]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2011-07-15 13216]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 514152]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2011-07-08 197224]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2010-12-17 804952]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 afcdpsrv;Služba Acronis Nonstop Backup; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 3246040]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2011-07-08 733184]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2010-08-19 247152]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2011-12-26 186760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 KMService;KMService; C:\Windows\system32\srvany.exe [2011-12-01 8192]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-29 867080]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 02 kvě 2012 19:02

Zdravim

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

devet · #3 Příspěvek od **devet** » 02 kvě 2012 19:41

Také zdravím,
Jen na okraj. Při spuštění PALMu se zobrazí pouze media. Kalendář i konatkty však jdou normálně zálohovat i přenášet, takže knihovny fungují.
Požadovaný log

RogueKiller V7.4.1 [05/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: juras [Práva správce]
Mód: Kontrola -- Datum: 05/02/2012 20:39:32

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 7 ¤¤¤
[HJ NAME] HKCU\[...]\Run : svchost.exe (C:\Users\juras\AppData\Roaming\svchost.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Run : DXM6Patch_981116 (C:\Windows\p_981116.exe /Q:A) -> FOUND
[HJ NAME] HKLM\[...]\Run : svchost.exe (C:\Users\juras\AppData\Roaming\svchost.exe) -> FOUND
[HJ NAME] HKUS\S-1-5-21-3205401070-2780276767-202384574-1000[...]\Run : svchost.exe (C:\Users\juras\AppData\Roaming\svchost.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HIDDEN VAL] HKLM\[...]\Run : S ("C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe") -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3250620AS ATA Device +++++
--- User ---
[MBR] 0eb06dd015fb5496112819c242916374
[BSP] 9834c895b5c9f83fff1097a2bb6c61f3 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238474 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HE502IJ ATA Device +++++
--- User ---
[MBR] 00d8c7c86fdf4cb5673466796c008245
[BSP] cfbe0f39cfa65f3a3fdd19177ee77b58 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

#4 Příspěvek od **vyosek** » 02 kvě 2012 19:43

Zaliskane je to ovsem od sklepa az na pudu

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

devet · #5 Příspěvek od **devet** » 02 kvě 2012 20:19

Chlape,
díky za trpělivost s námi lamami. Tedy i se mnou.

Zpráva OPRAVA
RogueKiller V7.4.1 [05/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: juras [Práva správce]
Mód: Odebrat -- Datum: 05/02/2012 21:17:56

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 6 ¤¤¤
[HJ NAME] HKCU\[...]\Run : svchost.exe (C:\Users\juras\AppData\Roaming\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : DXM6Patch_981116 (C:\Windows\p_981116.exe /Q:A) -> DELETED
[HJ NAME] HKLM\[...]\Run : svchost.exe (C:\Users\juras\AppData\Roaming\svchost.exe) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HIDDEN VAL] HKLM\[...]\Run : S ("C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe") -> ERROR [0x1]

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3250620AS ATA Device +++++
--- User ---
[MBR] 0eb06dd015fb5496112819c242916374
[BSP] 9834c895b5c9f83fff1097a2bb6c61f3 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238474 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HE502IJ ATA Device +++++
--- User ---
[MBR] 00d8c7c86fdf4cb5673466796c008245
[BSP] cfbe0f39cfa65f3a3fdd19177ee77b58 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Zpráva HOST
RogueKiller V7.4.1 [05/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: juras [Práva správce]
Mód: Oprava HOSTS -- Datum: 05/02/2012 21:18:17

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#6 Příspěvek od **vyosek** » 02 kvě 2012 20:23

Neni zac, tohle bylo zahrivaci kolo a slo vam dobre

Takze jdeme mazat poradne

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

devet · #7 Příspěvek od **devet** » 02 kvě 2012 20:53

Tak hotovo.
ComboFix 12-05-02.03 - juras 02.05.2012 21:41:34.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2031.1150 [GMT 2:00]
Spuštěný z: c:\users\juras\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\juras\AppData\Local\Temp\{8D4029D1-328C-4271-861F-DE5E8E98A2D1}\fpb.tmp
c:\users\juras\AppData\Roaming\svchost.exe
c:\users\juras\Documents\CyberLink.1424c_GM4_Trial_VDE120326-02.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-02 do 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 19:48 . 2012-05-02 19:49 -------- d-----w- c:\users\juras\AppData\Local\temp
2012-05-02 19:48 . 2012-05-02 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 17:27 . 2012-05-02 17:27 -------- d-----w- c:\program files\trend micro
2012-05-02 17:27 . 2012-05-02 17:28 -------- d-----w- C:\rsit
2012-05-02 16:17 . 2012-05-02 16:17 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD8C23FC-8092-459C-B058-42FA93D9EED1}\offreg.dll
2012-05-02 16:16 . 2012-05-02 16:17 -------- d-----w- C:\ApolloOutput
2012-05-02 16:15 . 2012-05-02 16:16 -------- d-----w- c:\program files\No1 DVD Ripper
2012-05-02 13:22 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD8C23FC-8092-459C-B058-42FA93D9EED1}\mpengine.dll
2012-04-26 11:41 . 2012-04-26 11:41 0 ----a-w- c:\users\juras\AppData\Local\jv16PT_temp.tmp
2012-04-26 11:40 . 2012-04-26 11:46 -------- d-----w- c:\program files\jv16 PowerTools 2012
2012-04-14 15:01 . 2012-04-14 15:01 -------- d-----w- c:\program files\TurAtlas
2012-04-13 10:22 . 2012-04-13 10:22 -------- d-----w- c:\program files\Yamicsoft
2012-04-11 08:12 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 08:12 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 08:12 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 08:12 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 08:11 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 08:11 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 07:27 . 2012-04-09 07:27 -------- d-----w- c:\users\juras\AppData\Local\ZoneFiveSoftware
2012-04-09 07:24 . 2012-04-09 07:24 -------- d-----w- c:\programdata\ZoneFiveSoftware
2012-04-07 07:44 . 2012-04-07 07:44 -------- d-----w- c:\users\juras\AppData\Local\GHISLER
2012-04-07 05:25 . 2012-04-07 05:25 -------- d-----w- c:\program files\Auslogics
2012-04-05 15:55 . 2012-04-05 15:55 -------- d-----w- c:\users\juras\AppData\Roaming\AVS4YOU
2012-04-05 15:53 . 2012-04-05 16:10 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-04-05 15:53 . 2012-04-05 15:55 -------- d-----w- c:\programdata\AVS4YOU
2012-04-05 15:53 . 2011-08-22 14:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-04-04 09:32 . 2012-04-04 09:32 -------- d-----w- c:\users\juras\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-04-04 09:04 . 2012-04-04 08:54 142421 ----a-w- c:\windows\system32\drivers\etc\Crack.exe
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 11:06 . 2012-03-31 05:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 11:06 . 2011-05-29 04:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-02 12:36 . 2012-04-02 12:36 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-04-02 12:36 . 2012-04-02 12:36 514152 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-04-02 12:36 . 2011-03-21 11:22 100968 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-02-23 08:18 . 2011-05-26 06:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 12:25 . 2011-05-31 16:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-17 05:34 . 2012-03-14 05:53 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 05:53 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 05:53 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38 . 2012-03-14 05:53 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 05:53 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-06-06 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 5574456]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-12-01 8192]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-08 197224]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 752128]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 77296]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 3246040]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-04-20 71664]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-11-14 167968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 514152]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 11:06]
.
2012-05-02 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-11-28 12:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill form using Password Manager XP - c:\program files\Password Manager XP\InsPwd.htm
IE: Generate password using Password Manager XP - c:\program files\Password Manager XP\GenPwd.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Save form data to Password Manager XP - c:\program files\Password Manager XP\SavePwd.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
------- Asociace souborů -------
.
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-05-02 21:51:58
ComboFix-quarantined-files.txt 2012-05-02 19:51
.
Před spuštěním: Volných bajtů: 205 231 218 688
Po spuštění: Volných bajtů: 205 149 589 504
.
- - End Of File - - F77D0E71B7706337C191D9C0EF852E1B

#8 Příspěvek od **vyosek** » 03 kvě 2012 09:33

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

File::
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\DriverScanner.job
c:\users\juras\AppData\Local\jv16PT_temp.tmp

FCopy::
c:\users\juras\AppData\Local\jv16PT_temp.tmp | c:\users\juras\AppData\Local\jv16PT_temp.tmp

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
"SwitchBoard"=-
"RemoteControl11"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

devet · #9 Příspěvek od **devet** » 03 kvě 2012 11:25

Pane,
omlouvám se za zdržení. Musel jsem chvíli i pracovat.
Tady je log
ComboFix 12-05-02.03 - juras 03.05.2012 11:54:19.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2031.1083 [GMT 2:00]
Spuštěný z: c:\users\juras\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\juras\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\users\juras\AppData\Local\jv16PT_temp.tmp"
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\DriverScanner.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-03 do 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-03 10:19 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC5089A9-929C-4EE9-9F90-C6E8E6B06F2C}\mpengine.dll
2012-05-03 10:17 . 2012-05-03 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-03 05:08 . 2012-05-03 05:08 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD8C23FC-8092-459C-B058-42FA93D9EED1}\offreg.dll
2012-05-03 04:05 . 2012-05-03 04:05 -------- d-----w- C:\ApolloOutput
2012-05-02 19:52 . 2012-05-03 10:19 -------- d-----w- c:\users\juras\AppData\Local\temp
2012-05-02 17:27 . 2012-05-02 17:27 -------- d-----w- c:\program files\trend micro
2012-05-02 17:27 . 2012-05-02 17:28 -------- d-----w- C:\rsit
2012-05-02 13:22 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD8C23FC-8092-459C-B058-42FA93D9EED1}\mpengine.dll
2012-04-26 11:40 . 2012-04-26 11:46 -------- d-----w- c:\program files\jv16 PowerTools 2012
2012-04-14 15:01 . 2012-04-14 15:01 -------- d-----w- c:\program files\TurAtlas
2012-04-13 10:22 . 2012-04-13 10:22 -------- d-----w- c:\program files\Yamicsoft
2012-04-11 08:12 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 08:12 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 08:12 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 08:12 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 08:11 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 08:11 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 07:27 . 2012-04-09 07:27 -------- d-----w- c:\users\juras\AppData\Local\ZoneFiveSoftware
2012-04-09 07:24 . 2012-04-09 07:24 -------- d-----w- c:\programdata\ZoneFiveSoftware
2012-04-07 07:44 . 2012-04-07 07:44 -------- d-----w- c:\users\juras\AppData\Local\GHISLER
2012-04-07 05:25 . 2012-04-07 05:25 -------- d-----w- c:\program files\Auslogics
2012-04-05 15:55 . 2012-04-05 15:55 -------- d-----w- c:\users\juras\AppData\Roaming\AVS4YOU
2012-04-05 15:53 . 2012-04-05 16:10 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-04-05 15:53 . 2012-04-05 15:55 -------- d-----w- c:\programdata\AVS4YOU
2012-04-05 15:53 . 2011-08-22 14:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-04-04 09:32 . 2012-04-04 09:32 -------- d-----w- c:\users\juras\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-04-04 09:04 . 2012-04-04 08:54 142421 ----a-w- c:\windows\system32\drivers\etc\Crack.exe
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 11:06 . 2012-03-31 05:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 11:06 . 2011-05-29 04:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-02 12:36 . 2012-04-02 12:36 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-04-02 12:36 . 2012-04-02 12:36 514152 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-04-02 12:36 . 2011-03-21 11:22 100968 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-02-23 08:18 . 2011-05-26 06:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 12:25 . 2011-05-31 16:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-17 05:34 . 2012-03-14 05:53 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 05:53 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 05:53 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38 . 2012-03-14 05:53 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-06-06 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 5574456]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-12-01 8192]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-08 197224]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1343400]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-11-14 752128]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/30 10:13];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 77296]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-14 3246040]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-04-20 71664]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-11-14 167968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-04-02 514152]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 11:06]
.
2012-05-03 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-11-28 12:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill form using Password Manager XP - c:\program files\Password Manager XP\InsPwd.htm
IE: Generate password using Password Manager XP - c:\program files\Password Manager XP\GenPwd.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Save form data to Password Manager XP - c:\program files\Password Manager XP\SavePwd.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1272)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\taskhost.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Photodex\ProShowProducer\ScsiAccess.exe
c:\windows\system32\conhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2012-05-03 12:23:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-03 10:23
ComboFix2.txt 2012-05-02 19:51
.
Před spuštěním: Volných bajtů: 209 407 537 152
Po spuštění: Volných bajtů: 209 367 891 968
.
- - End Of File - - 1A531284FC1C3559DCD830F5FE969389

#10 Příspěvek od **vyosek** » 04 kvě 2012 09:03

Nic se nedeje, tez tu nejsem porad

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
user32.dll
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

devet · #11 Příspěvek od **devet** » 09 kvě 2012 05:09

Hrome, včera večer jsem udělal potřebné a dneska to zde NENÍ. Přece nemám halucinace?
juráš

devet · #12 Příspěvek od **devet** » 09 kvě 2012 06:09

Tak znovu,
ono se to asi nevešlo do limitu znaků...

A moc děkuji
juras

OTL Extras logfile created on: 8.5.2012 17:53:34 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\juras\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,98 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,82% Memory free
7,93 Gb Paging File | 6,89 Gb Available in Paging File | 86,82% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 194,95 Gb Free Space | 83,71% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 55,78 Gb Free Space | 11,98% Space Free | Partition Type: NTFS

Computer Name: JURAS-PC | User Name: juras | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017B0B12-A217-48E0-ACB4-582E33028908}" = lport=139 | protocol=6 | dir=in | app=system |
"{0D01F302-2E4A-4AFB-B7AF-2B56BC882BC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D860569-E01E-481E-BD15-A297122E8FFA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{15C887AC-C8E6-4E51-B376-D460878D9306}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1A5FE928-044D-4188-85D6-5E2232FF4331}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{250FDB6C-546D-4D59-9A7D-A3B2C02533A1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{29ED93AF-E755-4EBF-A979-19774766BB5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{37FA5990-2BF1-48D2-AD35-F72AD3B63F55}" = lport=2869 | protocol=6 | dir=in | name=creative centrale tcp port 1 |
"{48F6437E-EA60-4CC4-9975-CD2C57BFFA60}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A8CD90F-5357-4187-A993-08525DCE0092}" = rport=137 | protocol=17 | dir=out | app=system |
"{4F2EA2CC-CD8C-4300-8347-300D3B88D7A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59F1431C-8354-45A4-9191-901DF72E0ED0}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C6DDE89-0C1B-4962-9EEE-8A202A3909A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{601AC4DE-BA6D-4BB3-BBE1-1200F626DA44}" = lport=2861 | protocol=6 | dir=in | name=creative centrale tcp port 2 |
"{6894EAD2-3E63-4D35-AC91-5E7EBCC01054}" = lport=445 | protocol=6 | dir=in | app=system |
"{86F7BDEC-49C4-4D65-9BC8-DA6C8641F043}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8AE82184-15B9-49FB-9053-9643EBF1E6E5}" = lport=137 | protocol=17 | dir=in | app=system |
"{9BF25948-D907-4948-AE5D-04B311218A0E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A4719812-6332-43A6-A86D-25196A8AF0EF}" = lport=1900 | protocol=17 | dir=in | name=creative centrale udp port |
"{B6803A66-9F63-4B93-8D79-F3E39AE70725}" = rport=139 | protocol=6 | dir=out | app=system |
"{C5FE503D-1C95-4698-83C3-0BE474A2C867}" = lport=138 | protocol=17 | dir=in | app=system |
"{D9851320-12DE-48D5-838A-6DF0B2D0BD10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5D059D5-CB29-4749-A16F-63C537A36170}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FC219E72-C9C3-481E-B4B2-364EDE1136B3}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C056957-0D2D-4ED4-B64A-365DFA40BD2C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{111C2004-B554-4859-BB16-5C60B20B3B20}" = dir=in | app=c:\program files\cyberlink\powerdvd11\powerdvd11.exe |
"{132A10F2-0D4A-42BA-AC12-D12EFDABBAEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1800FF02-B368-4DBA-8362-2C17A4158FF1}" = dir=in | app=c:\program files\cyberlink\powerdvd11\pdvd11serv.exe |
"{1DCE8F44-C1ED-4ED0-A0CB-6F34C254E84E}" = protocol=6 | dir=in | app=c:\windows\system32\nbirv4svr.exe |
"{2E95A405-34E6-414C-A343-497CE7AD7A39}" = dir=in | app=c:\program files\cyberlink\powerdvd11\common\mediaserver\clmsserver.exe |
"{43D38D0D-68C9-42C1-8844-D395A45E96DE}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4D70515A-7ECF-4C8E-9E4C-55BD37A10C6E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{5BB64825-0D7A-4B15-B015-6A8AECB1999B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{62EFBD9C-92BA-420B-99A8-DA34165663E8}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{71859116-5C0A-46CA-8DC1-B0B1CC0F1EC5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{78C92BF0-B61F-48AA-9D06-D85DA10AE08F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{7941B413-73FD-4A2D-8C24-4031F42E27DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80F3B060-1844-49CD-A697-7F8CC0AFD916}" = protocol=17 | dir=in | app=c:\program files\creative\creative centrale\ctupnpfn.exe |
"{835DFA20-1652-4273-BA59-EF560EA67FDE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe |
"{867DC315-4EDB-4E85-ACA6-38E52C97C0BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8884FA21-8B47-4C0F-9EC1-52D0142EDF3B}" = protocol=6 | dir=in | app=c:\program files\creative\creative centrale\ctupnpfn.exe |
"{908B5275-35AA-4CE5-BDB3-FEB1CF3AF7ED}" = protocol=17 | dir=in | app=c:\windows\system32\nbirv4svr.exe |
"{B0FE4542-8CF8-46EC-B1BC-D8D15C214A50}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B1101865-4CE1-477E-B413-0047C70DFB95}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BD0D1E4A-F152-4F77-9653-A943F1A6FAF3}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{C5A0D57E-3A38-4E17-9998-75E902AC5D7D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CFA7C193-ECF1-4D33-83F3-0D68C58665CA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D8F03EAA-10B5-47B2-9EA5-42AECCBB40EB}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{E1E057D2-9E68-40F1-ADA3-E4536A137912}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E8940EEE-B71A-41F1-A755-096E54725C99}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{721D6C70-12A2-461A-98B5-5AE397470BBC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8A85DDF0-CCAA-44EF-81AE-2BD16CB8AC44}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{C0EFE3FC-8980-4A07-BFE9-42E449F19D2B}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"TCP Query User{DE29CD5C-63EB-4B38-8E40-52700ABD960C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E98F03C4-6A31-4701-8F3C-324F7392D055}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"UDP Query User{20D6C92F-1EBB-44E4-80FE-22855AFE89B4}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{685E7CDB-39A3-4EEF-8212-0EDBEA5D5CD9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6CB66F9D-04CB-42ED-93BB-AE36DCCE490C}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"UDP Query User{7574B345-5E8B-4E43-BAF3-9E0E5B4D8FB6}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{90D8C0F3-878A-4BD5-80FD-56AA8DBA4F19}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1873789F-59D5-4002-8A2F-60A827B78F98}_is1" = GmapTool 0.6.0
"{1BA48248-113E-4978-88C7-1078048DC257}" = Similarity 1.6.4
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{253AD5C7-94ED-44BF-AA0C-890A80817A87}_is1" = Boilsoft Video Splitter 6.11
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50E51FC4-22C6-4F03-A363-327E351C9BC2}" = ATLAS Czech 2012 NT
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5E7F8D38-6FFF-424E-B68B-354ACA64B91C}" = iriver plus 4
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7584DE6B-A7CE-439F-83F7-D9CA07950501}" = ESET NOD32 Antivirus
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AA38575-25A1-4C2F-B40B-2188EB73FF0E}" = Garmin TOPO Österreich v2
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A158B7D-A6E3-49B6-8702-A6A10CCC6323}" = Garmin POI Loader
"{8C20F904-9288-4A7A-A0C4-1458AA2B295E}" = TOPO Czech PRO 2011
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0015-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{2304F942-79D2-46F7-A512-269A7F5B7EFC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{A162C5E6-7778-4D5B-9F0A-38F0122DD859}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-002C-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{8148DB19-71B1-4415-8B26-DF5B9E873FC3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{EEF3E2C0-135B-44DC-BEDD-7F01CFBEFF46}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Czech
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B28311A2-EA16-4F85-80CE-1BF2B0912C8F}" = Garmin City Navigator Europe NT 2012.40 Update
"{B2DB8AB1-813D-4B2B-904E-4EEFDF71CBC6}" = TNod User & Password Finder
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C5FC2B06-C148-4ECC-AF0B-407C1939E248}_is1" = Pics Print 3
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF31EA4D-DB9D-4142-A778-2CDC2484ED4D}" = CYKLO Czech 2011 NT
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{FA300000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 3.0
"{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.34
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}" = Windows 7 Manager
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Balíček ovladače systému Windows - Nokia Modem (10/07/2010 4.6)
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Absolute Patience" = Absolute Patience
"Acoustica Premium Edition_is1" = Acoustica Premium Edition 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"aignesamdeadlink_is1" = AM-DeadLink 4.4
"Ant Movie Catalog_is1" = Ant Movie Catalog
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.3
"Ashampoo WinOptimizer 9_is1" = Ashampoo WinOptimizer 9 v.9.4.0
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"AudioLabel" = AudioLabel
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"BeyondCompare3_is1" = Beyond Compare Version 3.3.4
"Boilsoft ASF Converter_is1" = Boilsoft ASF Converter 2.68
"CCleaner" = CCleaner
"CDDB MP3 Tool" = CDDB MP3 Tool (remove only)
"ClipX" = ClipX
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Centrale" = Creative Centrale
"Cyklotrasy 2.27" = Cyklotrasy 2.27
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.8 (09/12/2011) Qt
"E5372C32E8562C76C24DBA6525002B1031495F34" = Balíček ovladače systému Windows - Nokia Modem (06/09/2010 7.01.0.8)
"EssentialPIM Pro" = EssentialPIM Pro
"FormatFactory" = FormatFactory 2.60
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"IrfanView" = IrfanView (remove only)
"MahJong Suite_is1" = MahJong Suite 2011 v8.5
"Mariáš" = Mariáš
"MediaMonkey_is1" = MediaMonkey 4.0
"Memory Stick Voice Editor" = Memory Stick Voice Editor
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mp3tag" = Mp3tag v2.50
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Password Manager XP" = Password Manager XP
"Photodex Presenter" = Photodex Presenter
"PowerISO" = PowerISO
"ProShow Producer" = ProShow Producer
"PSPad editor_is1" = PSPad editor
"TNod" = TNod User & Password Finder
"Totalcmd" = Total Commander (Remove or Repair)
"TreeSize Professional_is1" = TreeSize Professional 5.3.4
"Turistické trasy 2.27" = Turistické trasy 2.27
"Types" = Types
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.5.565
"VLC media player" = VLC media player 2.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"WinDjView" = WinDjView 1.0.3
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Xilisoft Video to Audio Converter" = Xilisoft Video to Audio Converter
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZENMXUG" = Creative ZEN MX Documentation
"ZENX-FI" = Creative ZEN X-Fi User's Guide

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3205401070-2780276767-202384574-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Turistické trasy 2.23" = Turistické trasy 2.23
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9.2.2012 1:59:27 | Computer Name = juras-PC | Source = Customer Experience Improvement Program | ID = 1006
Description =

Error - 9.2.2012 4:06:58 | Computer Name = juras-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\cyberlink\powerdirector\muitransfer\MUIStartMenuX64.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 9.2.2012 15:00:04 | Computer Name = juras-PC | Source = Customer Experience Improvement Program | ID = 1006
Description =

Error - 10.2.2012 1:42:41 | Computer Name = JURAS-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 18.2.2012 12:48:06 | Computer Name = juras-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 18.2.2012 12:51:39 | Computer Name = juras-PC | Source = Customer Experience Improvement Program | ID = 1006
Description =

Error - 18.2.2012 13:19:58 | Computer Name = juras-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 19.2.2012 2:06:37 | Computer Name = juras-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 19.2.2012 3:00:30 | Computer Name = juras-PC | Source = Customer Experience Improvement Program | ID = 1006
Description =

Error - 20.2.2012 2:01:53 | Computer Name = juras-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

[ System Events ]
Error - 2.5.2012 15:49:00 | Computer Name = juras-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 2.5.2012 16:07:54 | Computer Name = juras-PC | Source = Service Control Manager | ID = 7031
Description = Služba Windows Defender byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error - 2.5.2012 23:54:39 | Computer Name = juras-PC | Source = DCOM | ID = 10001
Description =

Error - 3.5.2012 5:53:38 | Computer Name = juras-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 3.5.2012 6:10:44 | Computer Name = juras-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 3.5.2012 6:19:07 | Computer Name = juras-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (12:18:00, ?3.?5.?2012) bylo neočekávané.

Error - 3.5.2012 6:25:25 | Computer Name = juras-PC | Source = DCOM | ID = 10001
Description =

Error - 3.5.2012 13:29:26 | Computer Name = juras-PC | Source = DCOM | ID = 10001
Description =

Error - 3.5.2012 22:55:37 | Computer Name = juras-PC | Source = DCOM | ID = 10001
Description =

Error - 8.5.2012 11:19:26 | Computer Name = juras-PC | Source = DCOM | ID = 10001
Description =

< End of report >

devet · #13 Příspěvek od **devet** » 09 kvě 2012 06:11

A jeste tento:

OTL logfile created on: 9.5.2012 6:19:35 - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\juras\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,98 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 56,02% Memory free
7,93 Gb Paging File | 7,06 Gb Available in Paging File | 89,02% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 193,41 Gb Free Space | 83,05% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 55,74 Gb Free Space | 11,97% Space Free | Partition Type: NTFS

Computer Name: JURAS-PC | User Name: juras | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.05.09 06:10:29 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\juras\Desktop\OTL.exe
PRC - [2012.04.23 14:07:52 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.26 20:29:00 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2011.11.14 09:12:14 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.10.13 08:00:22 | 005,574,456 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.09.22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011.04.20 05:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011.03.31 15:37:11 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011.03.31 15:37:06 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.17 10:22:40 | 000,804,952 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010.02.01 16:51:07 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
PRC - [2008.12.11 13:45:22 | 000,114,688 | ---- | M] () -- C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
PRC - [2008.08.13 05:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe
PRC - [2008.01.03 18:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2005.07.15 23:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe

========== Modules (No Company Name) ==========

MOD - [2011.10.13 07:59:42 | 011,227,192 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.03.02 13:40:52 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.12.11 13:45:22 | 000,114,688 | ---- | M] () -- C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
MOD - [2008.05.02 06:15:37 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2008.03.30 16:22:42 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll
MOD - [2005.10.24 16:02:46 | 000,050,688 | ---- | M] () -- C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\AsMultiLang.dll

========== Win32 Services (SafeList) ==========

SRV - [2012.05.08 18:07:00 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.26 20:29:00 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2011.12.01 05:13:38 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011.11.14 09:12:14 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.29 06:18:17 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.05.26 12:13:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.04.20 05:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.03.31 15:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.03.31 15:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010.12.17 10:22:40 | 000,804,952 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.02.01 16:51:07 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Classic.3.0)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.05.21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011.11.14 09:12:16 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.11.14 09:12:13 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011.11.14 09:12:13 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.08.09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011.08.04 10:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011.08.04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011.07.15 13:35:40 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.07.08 15:51:19 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2011.07.08 15:51:08 | 000,104,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2011.07.08 15:45:07 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.05.26 09:37:25 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011.04.20 05:56:48 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)
DRV - [2011.04.12 11:16:53 | 000,077,296 | ---- | M] (CyberLink Corp.) [2011/05/30 10:13:41] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.11.09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.12.17 17:14:04 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007.12.04 17:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes,DefaultScope = {14a879e5-1dcc-4458-a961-f13d1238868f}
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{14a879e5-1dcc-4458-a961-f13d1238868f}: "URL" = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{1a4ed156-bdb1-4bb5-a4b9-66ba87f5987d}: "URL" = http://www.firmy.cz/phr/{searchTerms}?sourceid=IE_5
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{1e53c4ad-d44b-4b4f-8668-047d65378d84}: "URL" = http://www.mapy.cz/?query={searchTerms}&sourceid=IE_5
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{4082b300-683b-49ca-ac1c-623fc7e3b809}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... rceid=IE_5
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{589B9367-407E-4585-9C53-83CE1DCAED16}: "URL" = http://www.google.cz/search?q={searchTe ... {startPage}
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatc ... 093&lng=cs
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PackageInstaller\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PackageInstaller\NPInstal.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\juras\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.12.23 17:22:37 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012.05.03 12:19:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Password Manager XP Helper) - {F0BD2AEF-6A48-42DC-85CE-F4C335C59B5E} - C:\Program Files\Password Manager XP\PMHelper.dll (CP Lab)
O3 - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-3205401070-2780276767-202384574-1000..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill form using Password Manager XP - C:\Program Files\Password Manager XP\InsPwd.htm ()
O8 - Extra context menu item: Generate password using Password Manager XP - C:\Program Files\Password Manager XP\GenPwd.htm ()
O8 - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Save form data to Password Manager XP - C:\Program Files\Password Manager XP\SavePwd.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D9467A0-4B2F-489C-8F84-57E7756511EE}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.05.09 06:10:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\juras\Desktop\OTL.exe
[2012.05.09 06:04:08 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.09 06:03:25 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.09 06:03:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.09 06:03:24 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.08 18:38:13 | 000,000,000 | ---D | C] -- C:\Users\juras\Desktop\viry
[2012.05.03 12:19:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.05.03 06:05:44 | 000,000,000 | ---D | C] -- C:\ApolloOutput
[2012.05.03 06:03:51 | 000,000,000 | ---D | C] -- C:\Users\juras\Documents\My Albums
[2012.05.02 21:52:00 | 000,000,000 | ---D | C] -- C:\Users\juras\AppData\Local\temp
[2012.05.02 21:40:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.05.02 21:40:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.05.02 21:40:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.05.02 21:40:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.05.02 21:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.02 20:37:45 | 000,000,000 | ---D | C] -- C:\Users\juras\Desktop\RK_Quarantine
[2012.05.02 19:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.05.02 19:27:26 | 000,000,000 | ---D | C] -- C:\rsit
[2012.05.02 18:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No1 DVD Ripper
[2012.05.02 16:37:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.05.02 15:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.05.02 11:39:19 | 000,000,000 | ---D | C] -- C:\Users\juras\Desktop\Nová složka (2)
[2012.01.08 10:04:03 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\juras\AppData\Roaming\pcouffin.sys
[2011.06.06 11:49:35 | 006,664,704 | ---- | C] (Hazar & Co.) -- C:\Users\juras\AppData\Roaming\RemoveWAT 2.2.6.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.05.09 06:21:51 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.05.09 06:17:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.05.09 06:17:38 | 003,772,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.09 06:17:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.09 06:11:30 | 000,634,308 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.05.09 06:11:30 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.09 06:11:30 | 000,122,898 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.05.09 06:11:30 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.09 06:10:29 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\juras\Desktop\OTL.exe
[2012.05.09 06:06:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.08 18:07:00 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.08 18:06:59 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.08 17:48:09 | 000,519,371 | ---- | M] () -- C:\Users\juras\Desktop\030512.pdf
[2012.05.03 12:19:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.05.02 18:17:53 | 000,002,560 | ---- | M] () -- C:\DVDSample.bmk
[2012.05.02 16:37:09 | 217,818,506 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.02 11:38:20 | 002,604,016 | ---- | M] () -- C:\Users\juras\Desktop\MZ_vystava.rar
[2012.05.02 07:14:51 | 006,115,953 | ---- | M] () -- C:\Users\juras\Desktop\Game-Purp-Yellow-decentlydope.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.08 17:55:29 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.05.08 17:48:09 | 000,519,371 | ---- | C] () -- C:\Users\juras\Desktop\030512.pdf
[2012.05.02 21:40:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.02 21:40:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.02 21:40:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.02 21:40:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.02 21:40:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.02 18:17:53 | 000,002,560 | ---- | C] () -- C:\DVDSample.bmk
[2012.05.02 16:37:09 | 217,818,506 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.05.02 15:26:35 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2012.05.02 11:38:20 | 002,604,016 | ---- | C] () -- C:\Users\juras\Desktop\MZ_vystava.rar
[2012.05.02 07:14:44 | 006,115,953 | ---- | C] () -- C:\Users\juras\Desktop\Game-Purp-Yellow-decentlydope.mp3
[2012.01.08 10:04:21 | 000,000,022 | ---- | C] () -- C:\Windows\System32\sycd5.dll
[2012.01.08 10:04:03 | 000,087,608 | ---- | C] () -- C:\Users\juras\AppData\Roaming\inst.exe
[2012.01.08 10:04:03 | 000,007,887 | ---- | C] () -- C:\Users\juras\AppData\Roaming\pcouffin.cat
[2012.01.08 10:04:03 | 000,001,144 | ---- | C] () -- C:\Users\juras\AppData\Roaming\pcouffin.inf
[2011.12.01 05:13:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.07.15 13:35:40 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011.07.12 07:27:47 | 000,000,186 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011.07.08 15:45:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011.06.14 12:48:31 | 000,070,144 | ---- | C] () -- C:\Users\juras\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.06 11:50:08 | 000,000,030 | ---- | C] () -- C:\Users\juras\AppData\Roaming\data.dat
[2011.06.06 10:35:59 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2011.05.30 11:52:48 | 000,016,384 | ---- | C] () -- C:\Users\juras\AppData\Roaming\lshss.exe
[2011.05.30 10:50:41 | 000,077,824 | ---- | C] () -- C:\Windows\System32\csdlocalmon.dll
[2011.05.30 10:05:37 | 000,001,057 | ---- | C] () -- C:\Users\juras\AppData\Roaming\vso_ts_preview.xml
[2011.05.30 08:09:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.29 08:09:49 | 000,000,540 | ---- | C] () -- C:\Users\juras\AppData\Roaming\AutoGK.ini
[2011.05.29 07:36:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.05.29 05:36:03 | 000,000,022 | -HS- | C] () -- C:\Users\juras\AppData\Roaming\Sys2662.Config.Repository.bin
[2011.05.29 05:15:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.05.29 05:15:00 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.05.28 22:08:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.26 12:36:04 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.05.26 08:27:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011.11.14 09:12:15 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\584EDDD0-5EDC-461B-AD00-855FC46EAA93
[2011.06.07 05:03:07 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Abelssoft
[2011.05.29 06:59:14 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Acronis
[2011.05.29 05:13:30 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\aignes
[2011.12.17 11:38:45 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Ashampoo
[2011.05.29 05:17:33 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Auslogics
[2011.05.30 10:03:51 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Boilsoft
[2012.04.04 11:32:27 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.25 18:36:49 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\DVDFab
[2011.10.20 19:44:12 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\EssentialPIM Pro
[2011.11.15 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\EurekaLog
[2011.10.19 14:00:15 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\FA7DD63A-9776-429C-94DA-0C2124AEEB16
[2011.06.01 11:19:50 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\GARMIN
[2011.06.06 15:41:35 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\GHISLER
[2011.06.06 10:35:59 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\HotSync
[2011.05.29 06:33:04 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\IrfanView
[2011.05.30 10:50:33 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Iriver
[2011.06.01 22:08:49 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\JAM Software
[2012.01.26 20:33:29 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\MahJong Suite
[2012.04.17 06:26:24 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\MediaMonkey
[2011.05.30 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\ML
[2011.05.29 06:38:25 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Netscape
[2011.09.15 13:31:49 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Nokia
[2011.05.26 13:51:16 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Password Manager XP
[2011.05.26 13:38:02 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\PC Suite
[2011.05.29 06:35:47 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Photodex
[2011.07.12 07:30:44 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Q-Dir
[2011.10.07 10:08:39 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Radiosity
[2011.05.26 13:46:37 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Scooter Software
[2012.02.28 15:13:05 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Similarity
[2011.11.24 11:42:19 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\TeamViewer
[2011.05.30 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\UDC Profiles
[2011.07.09 11:51:54 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Uniblue
[2012.05.09 06:21:46 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\uTorrent
[2011.05.30 10:38:33 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\VideoReDo-TVSuite
[2012.04.09 10:03:39 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Vso
[2012.05.09 06:17:50 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012.01.24 07:50:44 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.09.29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2012.03.30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011.09.29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011.09.29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\ERDNT\cache\tcpip.sys
[2011.09.29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys
[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011.06.21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011.06.21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011.06.21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012.03.30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: USER32.DLL >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2011.06.06 11:50:03 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=7BD7F45FF37FA0669CD32CA0EF46E22C -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\{0F518C7A-A15B-4E03-AF78-407064655B43}\*.tmp files -> C:\Windows\Temp\{0F518C7A-A15B-4E03-AF78-407064655B43}\*.tmp -> ]
[1 C:\Windows\Temp\{57337571-5672-4E79-8520-69A5DE4486CA}\*.tmp files -> C:\Windows\Temp\{57337571-5672-4E79-8520-69A5DE4486CA}\*.tmp -> ]
[1 C:\Windows\Temp\{6B932DE3-A86B-4371-BF07-A82B8B4B93C3}\*.tmp files -> C:\Windows\Temp\{6B932DE3-A86B-4371-BF07-A82B8B4B93C3}\*.tmp -> ]
[1 C:\Windows\Temp\{74CD0D9D-C379-426E-B923-847988137965}\*.tmp files -> C:\Windows\Temp\{74CD0D9D-C379-426E-B923-847988137965}\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.11.14 09:12:15 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\584EDDD0-5EDC-461B-AD00-855FC46EAA93
[2011.06.07 05:03:07 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Abelssoft
[2011.05.29 06:59:14 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Acronis
[2012.01.23 15:13:36 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Adobe
[2011.05.29 05:13:30 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\aignes
[2011.11.05 07:45:13 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Apple Computer
[2011.05.26 13:32:12 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Arcsoft
[2011.12.17 11:38:45 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Ashampoo
[2011.06.14 13:15:50 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\ATI
[2011.05.29 05:17:33 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Auslogics
[2012.04.05 17:55:05 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\AVS4YOU
[2011.05.30 10:03:51 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Boilsoft
[2012.04.04 11:32:27 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.12 11:17:52 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Creative
[2011.05.30 10:16:16 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\CyberLink
[2012.05.02 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\dvdcss
[2011.12.25 18:36:49 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\DVDFab
[2011.10.20 19:44:12 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\EssentialPIM Pro
[2011.11.15 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\EurekaLog
[2011.10.19 14:00:15 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\FA7DD63A-9776-429C-94DA-0C2124AEEB16
[2011.06.01 11:19:50 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\GARMIN
[2011.06.06 15:41:35 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\GHISLER
[2011.06.06 10:35:59 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\HotSync
[2011.05.26 08:41:04 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Identities
[2011.05.29 06:33:04 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\IrfanView
[2011.05.30 10:50:33 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Iriver
[2011.06.01 22:08:49 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\JAM Software
[2011.05.26 13:53:08 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Macromedia
[2012.01.26 20:33:29 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\MahJong Suite
[2009.07.14 11:20:15 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Media Center Programs
[2011.11.05 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Media Player Classic
[2012.04.17 06:26:24 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\MediaMonkey
[2012.04.15 19:32:59 | 000,000,000 | --SD | M] -- C:\Users\juras\AppData\Roaming\Microsoft
[2011.05.30 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\ML
[2011.05.29 06:38:25 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Mozilla
[2011.05.29 06:38:25 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Netscape
[2011.09.15 13:31:49 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Nokia
[2011.05.26 13:51:16 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Password Manager XP
[2011.05.26 13:38:02 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\PC Suite
[2011.05.29 06:35:47 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Photodex
[2011.05.29 06:54:58 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\PSpad
[2011.07.12 07:30:44 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Q-Dir
[2011.10.07 10:08:39 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Radiosity
[2011.05.26 13:46:37 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Scooter Software
[2012.02.28 15:13:05 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Similarity
[2012.05.03 12:09:28 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Skype
[2012.03.20 13:13:30 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\skypePM
[2011.11.24 11:42:19 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\TeamViewer
[2011.05.30 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\UDC Profiles
[2011.07.09 11:51:54 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Uniblue
[2012.05.09 06:36:40 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\uTorrent
[2011.05.30 10:38:33 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\VideoReDo-TVSuite
[2012.05.02 15:47:58 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\vlc
[2012.04.09 10:03:39 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\Vso
[2012.01.26 10:46:54 | 000,000,000 | ---D | M] -- C:\Users\juras\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2012.01.08 10:12:05 | 000,087,608 | ---- | M] () -- C:\Users\juras\AppData\Roaming\inst.exe
[2011.05.30 11:53:17 | 000,016,384 | ---- | M] () -- C:\Users\juras\AppData\Roaming\lshss.exe
[2011.06.06 11:49:35 | 006,664,704 | ---- | M] (Hazar & Co.) -- C:\Users\juras\AppData\Roaming\RemoveWAT 2.2.6.exe
[2012.04.12 18:17:29 | 000,092,560 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{1094DCE4-8107-41C5-A818-6704F46F7CF8}\Windows7Manager_2.exe
[2011.06.14 13:13:39 | 000,010,134 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe
[2012.03.21 19:18:18 | 000,092,560 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{A15BAB8A-A6B5-4213-B391-EF4E833B4D4F}\Windows7Manager.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\ClickCleaner.exe
[2011.05.26 10:01:50 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\ContextMenuManager.exe
[2011.05.26 10:01:50 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\DesktopCleaner.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\DiskAnalyzer.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\DuplicateFilesFinder.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\FileSecurity.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\FileSplitter.exe
[2011.05.26 10:01:50 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\FreeMemory.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\IEManager.exe
[2011.05.26 10:01:50 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\IPSwitcher.exe
[2011.05.26 10:01:50 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\JumpListQuickLauncher.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\JunkFileCleaner.exe
[2011.05.26 10:01:50 | 000,005,430 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\LiveUpdate.exe
[2011.05.26 10:01:50 | 000,013,262 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\OptimizationWizard.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\PrivacyProtector.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\ProcessManager.exe
[2011.05.26 10:01:50 | 000,099,678 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\RegistryCleaner.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\RegistryDefrag.exe
[2011.05.26 10:01:50 | 000,304,886 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\RegistryTools.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\RepairCenter.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\RunShortcutCreator.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\ServiceManager.exe
[2011.05.26 10:01:50 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\SmartUninstaller.exe
[2011.05.26 10:01:50 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\StartupManager.exe
[2011.05.26 10:01:50 | 000,082,726 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\SuperCopy.exe
[2011.05.26 10:01:50 | 000,014,534 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\SystemFolder_msiexec.exe
[2011.05.26 10:01:50 | 000,007,886 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\SystemInfo.exe
[2011.05.26 10:01:50 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\TaskSchedulerManager.exe
[2011.05.26 10:01:50 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\VisualCustomizer.exe
[2011.05.26 10:01:50 | 000,092,560 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\Windows7Manager.exe
[2011.05.26 10:01:50 | 000,013,262 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{BBAFC2B5-3C85-44B8-8D11-F25AC5C30E11}\WinUtilities.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\ClickCleaner_1.exe
[2012.04.04 14:54:13 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\ContextMenuManager.exe
[2012.04.04 14:54:13 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\DesktopCleaner.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\DiskAnalyzer.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\DuplicateFilesFinder.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\FileSecurity.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\FileSplitter.exe
[2012.04.04 14:54:13 | 000,099,678 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\FileUndelete.exe
[2012.04.04 14:54:13 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\FreeMemory.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\IEManager.exe
[2012.04.04 14:54:13 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\IPSwitcher.exe
[2012.04.04 14:54:13 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\JumpListQuickLauncher.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\JunkFileCleaner.exe
[2012.04.04 14:54:14 | 000,005,430 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\LiveUpdate_1.exe
[2012.04.04 14:54:13 | 000,082,726 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\MyTask.exe
[2012.04.04 14:54:13 | 000,013,262 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\OptimizationWizard.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\PrivacyProtector.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\ProcessManager.exe
[2012.04.04 14:54:13 | 000,099,678 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\RegistryCleaner.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\RegistryDefrag.exe
[2012.04.04 14:54:13 | 000,304,886 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\RegistryTools.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\RepairCenter.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\RunShortcutCreator.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\ServiceManager.exe
[2012.04.04 14:54:13 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\SmartUninstaller.exe
[2012.04.04 14:54:13 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\StartupManager.exe
[2012.04.04 14:54:13 | 000,082,726 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\SuperCopy.exe
[2012.04.04 14:54:14 | 000,014,534 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\SystemFolder_msiexec.exe
[2012.04.04 14:54:13 | 000,007,886 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\SystemInfo.exe
[2012.04.04 14:54:13 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\TaskSchedulerManager.exe
[2012.04.04 14:54:13 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\VisualCustomizer.exe
[2012.04.04 14:54:13 | 000,092,560 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\Windows7Manager_2.exe
[2012.04.04 14:54:13 | 000,013,262 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{F8A43536-3A52-49BE-BD1C-4A51C943F2B7}\WinUtilities.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\ClickCleaner.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\ClickCleaner_1.exe
[2012.04.13 12:22:19 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\ContextMenuManager.exe
[2012.04.13 12:22:19 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\DesktopCleaner.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\DiskAnalyzer.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\DuplicateFilesFinder.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\FileSecurity.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\FileSplitter.exe
[2012.04.13 12:22:19 | 000,099,678 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\FileUndelete.exe
[2012.04.13 12:22:19 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\FreeMemory.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\IEManager.exe
[2012.04.13 12:22:19 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\IPSwitcher.exe
[2012.04.13 12:22:19 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\JumpListQuickLauncher.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\JunkFileCleaner.exe
[2012.04.13 12:22:19 | 000,005,430 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\LiveUpdate.exe
[2012.04.13 12:22:19 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\LogonBackgroundChanger.exe
[2012.04.13 12:22:19 | 000,082,726 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\MyTask.exe
[2012.04.13 12:22:19 | 000,013,262 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\OptimizationWizard.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\PrivacyProtector.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\ProcessManager.exe
[2012.04.13 12:22:19 | 000,099,678 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\RegistryCleaner.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\RegistryDefrag.exe
[2012.04.13 12:22:19 | 000,304,886 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\RegistryTools.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\RepairCenter.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\RunShortcutCreator.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\ServiceManager.exe
[2012.04.13 12:22:19 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\SmartUninstaller.exe
[2012.04.13 12:22:19 | 000,015,086 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\StartupManager.exe
[2012.04.13 12:22:19 | 000,082,726 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\SuperCopy.exe
[2012.04.13 12:22:19 | 000,014,534 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\SystemFolder_msiexec.exe
[2012.04.13 12:22:19 | 000,007,886 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\SystemInfo.exe
[2012.04.13 12:22:19 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\TaskSchedulerManager.exe
[2012.04.13 12:22:19 | 000,017,542 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\VisualCustomizer.exe
[2012.04.13 12:22:19 | 000,092,560 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\Windows7Manager_2.exe
[2012.04.13 12:22:19 | 000,013,262 | R--- | M] () -- C:\Users\juras\AppData\Roaming\Microsoft\Installer\{FE9EB1B9-8D38-450B-B135-EB4E6BAA42CD}\WinUtilities.exe
[2012.05.02 15:26:10 | 005,815,696 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\juras\AppData\Roaming\Uniblue\DriverScanner\_temp\ub.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012.05.09 06:06:01 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.05.09 06:17:50 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.05.08 18:07:00 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2012.05.08 18:06:59 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2012.05.09 06:17:38 | 003,772,640 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2012.05.09 06:12:43 | 055,656,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MRT.exe
[2012.05.09 06:24:41 | 000,122,898 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.05.09 06:24:41 | 000,107,034 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.05.09 06:24:41 | 000,634,308 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.05.09 06:24:41 | 000,618,714 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.05.09 06:24:41 | 001,478,586 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SoftAuto.exe" = "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" -- [2008.08.13 05:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\not active]

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2011.05.26 09:21:51 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.05.09 06:21:51 | 000,000,512 | ---- | M] () MD5=0EB06DD015FB5496112819C242916374 -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:16E15B52
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:0888F409

< End of report >

#14 Příspěvek od **vyosek** » 10 kvě 2012 06:54

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes,DefaultScope = {14a879e5-1dcc-4458-a961-f13d1238868f}
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{14a879e5-1dcc-4458-a961-f13d1238868f}: "URL" = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{1a4ed156-bdb1-4bb5-a4b9-66ba87f5987d}: "URL" = http://www.firmy.cz/phr/{searchTerms}?sourceid=IE_5
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{1e53c4ad-d44b-4b4f-8668-047d65378d84}: "URL" = http://www.mapy.cz/?query={searchTerms}&sourceid=IE_5
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{4082b300-683b-49ca-ac1c-623fc7e3b809}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=IE_5
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{589B9367-407E-4585-9C53-83CE1DCAED16}: "URL" = http://www.google.cz/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3205401070-2780276767-202384574-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80093&lng=cs
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2011.06.06 11:49:35 | 006,664,704 | ---- | C] (Hazar & Co.) -- C:\Users\juras\AppData\Roaming\RemoveWAT 2.2.6.exe
@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:16E15B52
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:0888F409

:files
C:\Windows\System32\user32.dll | C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll /replace
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

devet · #15 Příspěvek od **devet** » 10 kvě 2012 12:07

vyosek,
tak jsem to spustil a čekal. Bohužel výsledek (log) nemám, protože Widle se nechtěli nastartovat. Musel jsem na potřetí dát opravu a vrátit se k původnímu..
Omlouvám se za těžkosti, které se mnou jsou.
juráš

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu