Logfile of random's system information tool 1.09 (written by random/random)
Run by pctc at 2012-06-22 17:07:54
Microsoft Windows 7 Ultimate
System drive C: has 57 GB (56%) free of 103 GB
Total RAM: 2047 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:08:09, on 22.6.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SoundMan.exe
C:\Windows\alcwzrd.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Program Files\Ultima Online 2D\RSIT.exe
C:\Program Files\trend micro\pctc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={1F81FE4D-8 ... 2012-06-21 18:48:26&v=11.1.0.7&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 11D8894EE8}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [MSIDLL] rundll32.exe msiahc32.dll,RfiMNvnJU
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1301754893-1287375585-1057014856-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1301754893-1287375585-1057014856-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Guard-ICQ\GuardICQ.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: QipGuard - QIP.ru - C:\Program Files\QipGuard\QipGuard.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
--
End of file - 8483 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default
prefs.js - "browser.startup.homepage" - "http://vyveska.moria.cz/vyveska/index.php"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="
"avg@toolbar"=C:\ProgramData\AVG Secure Search\11.1.0.7\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.257 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
avg-secure-search.xml
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\
4fd880a65d11d@4fd880a65d156.info
plugin@yontoo.com
{687578b9-7132-4a7a-80e4-30ee31099e03}
{800b5000-a755-47e1-992b-48a1c1357f07}
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\searchplugins\
icqplugin-1.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2012-03-15 142288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll [2012-06-21 2068536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{687578b9-7132-4a7a-80e4-30ee31099e03} - uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2012-03-20 1056320]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll [2012-06-21 2068536]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2005-06-21 90112]
"AlcWzrd"=C:\Windows\ALCWZRD.EXE [2005-07-13 2806272]
"Alcmtr"=C:\Windows\ALCMTR.EXE [2005-05-03 69632]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-06-21 1104440]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PlayNC Launcher"= []
""= []
"MSIDLL"=msiahc32.dll,RfiMNvnJU []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7M\ICQ.exe [2012-06-19 127040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2012-03-27 421736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Windows\system32\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2012-03-30 1242448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE [2010-01-15 255536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Ultima Online 2D\Mobifactor.Powermp3.1.17.key.code.generator\Mobifactor.Powermp3.1.17.key.code.generator.exe"="C:\Program Files\Ultima Online 2D\Mobifactor.Powermp3.1.17.key.code.generator\Mobifactor.Powermp3.1.17.key.code.generator.exe:*:Enabled:Mobifactor.Powermp3.1.17.key.code.generator"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-06-22 17:07:55 ----D---- C:\Program Files\trend micro
2012-06-22 17:07:54 ----D---- C:\rsit
2012-06-21 18:48:25 ----D---- C:\Program Files\AVG Secure Search
2012-06-21 18:46:06 ----D---- C:\ProgramData\AVG Secure Search
2012-06-21 18:46:05 ----D---- C:\Program Files\Common Files\AVG Secure Search
2012-06-21 18:45:29 ----HD---- C:\ProgramData\Common Files
2012-06-20 20:17:34 ----A---- C:\Windows\system32\msiahc32.dll
2012-06-19 19:58:05 ----A---- C:\Windows\NeroDigital.ini
2012-06-19 19:54:38 ----D---- C:\Users\pctc\AppData\Roaming\ICQ Search
2012-06-19 19:54:33 ----D---- C:\Program Files\ICQ6Toolbar
2012-06-19 19:54:32 ----D---- C:\Program Files\Guard-ICQ
2012-06-19 19:54:28 ----D---- C:\ProgramData\ICQ
2012-06-19 19:54:16 ----D---- C:\Users\pctc\AppData\Roaming\ICQ
2012-06-19 19:54:07 ----D---- C:\Program Files\ICQ7M
2012-06-18 19:54:11 ----D---- C:\Program Files\Yontoo
2012-06-18 19:54:08 ----D---- C:\ProgramData\Tarma Installer
2012-06-18 19:47:40 ----D---- C:\Program Files\1ClickDownload
2012-06-16 22:01:46 ----D---- C:\Windows\pss
2012-06-16 21:59:33 ----D---- C:\Windows\system32\Lang
2012-06-16 21:32:38 ----A---- C:\Windows\UOUninst.exe
2012-06-16 21:31:37 ----D---- C:\Program Files\Ultima Online 2D
2012-06-16 17:56:23 ----D---- C:\Program Files\Google
2012-06-14 15:49:32 ----A---- C:\Windows\system32\drivers\prodigy.sys
2012-06-14 15:49:30 ----D---- C:\Program Files\NSS
2012-06-13 20:23:13 ----A---- C:\Windows\system32\rp_stats.dat
2012-06-13 20:23:13 ----A---- C:\Windows\system32\rp_rules.dat
2012-06-13 18:25:58 ----D---- C:\Users\pctc\AppData\Roaming\YourFileDownloader
2012-06-13 18:25:58 ----D---- C:\Program Files\YourFileDownloader
2012-06-13 14:00:38 ----A---- C:\user.js
2012-06-13 14:00:22 ----D---- C:\ProgramData\Premium
2012-06-13 14:00:17 ----D---- C:\Program Files\Optimizer Pro
2012-06-13 14:00:03 ----D---- C:\ProgramData\wxDfast
2012-06-13 13:59:37 ----D---- C:\ProgramData\InstallMate
2012-06-12 21:08:09 ----D---- C:\ProgramData\PC Suite
2012-06-12 21:08:08 ----D---- C:\Users\pctc\AppData\Roaming\PC Suite
2012-06-12 21:07:17 ----D---- C:\ProgramData\Nokia
2012-06-12 21:07:17 ----D---- C:\Program Files\Common Files\Nokia
2012-06-12 21:06:35 ----D---- C:\Program Files\DIFX
2012-06-12 21:06:34 ----A---- C:\Windows\system32\drivers\pccsmcfd.sys
2012-06-12 21:06:25 ----D---- C:\Program Files\PC Connectivity Solution
2012-06-12 21:05:34 ----A---- C:\Windows\system32\nmwcdcls.dll
2012-06-12 21:04:34 ----D---- C:\ProgramData\NokiaInstallerCache
2012-06-12 21:04:34 ----D---- C:\Program Files\Nokia
2012-06-11 22:47:22 ----D---- C:\Users\pctc\AppData\Roaming\InstallShield
2012-06-11 22:45:27 ----D---- C:\Program Files\NCsoft
2012-06-11 20:16:24 ----D---- C:\Program Files\NinjaTrader 7
2012-06-11 19:00:58 ----A---- C:\Windows\system32\lsdelete.exe
2012-06-10 20:39:24 ----A---- C:\Windows\system32\drivers\SBREDrv.sys
2012-06-10 20:28:17 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-06-10 20:28:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-06-10 20:21:07 ----A---- C:\Windows\system32\drivers\Lbd.sys
2012-06-10 20:20:57 ----D---- C:\ProgramData\Lavasoft
2012-06-10 20:20:57 ----D---- C:\Program Files\Lavasoft
2012-06-09 18:30:10 ----D---- C:\Users\pctc\AppData\Roaming\NVIDIA
2012-06-09 18:12:59 ----D---- C:\Program Files\DaemonicMU Season IV
2012-06-09 14:37:32 ----N---- C:\Windows\system32\drivers\imagesrv.sys
2012-06-09 14:37:32 ----N---- C:\Windows\system32\drivers\imagedrv.sys
2012-06-09 14:35:45 ----N---- C:\Windows\system32\TwnLib4.dll
2012-06-09 14:35:45 ----A---- C:\Windows\system32\TwnLib20.dll
2012-06-09 14:35:44 ----N---- C:\Windows\system32\ImagXRA7.dll
2012-06-09 14:35:44 ----N---- C:\Windows\system32\ImagXR7.dll
2012-06-09 14:35:44 ----N---- C:\Windows\system32\ImagXpr7.dll
2012-06-09 14:35:44 ----N---- C:\Windows\system32\ImagX7.dll
2012-06-09 14:35:44 ----D---- C:\Program Files\Common Files\Ahead
2012-06-09 14:35:44 ----A---- C:\Windows\system32\NeroCheck.exe
2012-06-09 14:35:43 ----D---- C:\Program Files\Ahead
2012-06-09 14:04:39 ----D---- C:\ProgramData\Adobe
2012-06-08 15:19:20 ----D---- C:\Users\pctc\AppData\Roaming\FreeCommander
2012-06-08 15:19:20 ----D---- C:\Program Files\FreeCommander
2012-06-07 20:29:56 ----D---- C:\Program Files\HWiNFO32
2012-06-07 20:17:39 ----D---- C:\Program Files\CCleaner
2012-06-07 07:25:32 ----A---- C:\Windows\system32\NtDirect.dll
2012-05-27 14:04:49 ----D---- C:\Program Files\rFactor
2012-05-27 14:03:02 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-05-27 14:02:49 ----D---- C:\Program Files\DAEMON Tools Lite
======List of files/folders modified in the last 1 month======
2012-06-22 17:08:09 ----D---- C:\Windows\Prefetch
2012-06-22 17:07:59 ----D---- C:\Windows\Temp
2012-06-22 17:07:55 ----RD---- C:\Program Files
2012-06-22 17:03:30 ----D---- C:\Windows\System32
2012-06-22 17:03:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-22 16:59:02 ----D---- C:\Windows\Tasks
2012-06-22 16:58:51 ----D---- C:\Windows
2012-06-22 16:58:50 ----D---- C:\ProgramData\NVIDIA
2012-06-22 16:55:02 ----D---- C:\Users\pctc\AppData\Roaming\uTorrent
2012-06-22 16:54:59 ----D---- C:\Windows\inf
2012-06-22 15:00:12 ----D---- C:\Windows\system32\Tasks
2012-06-22 02:38:40 ----D---- C:\Warcraft III
2012-06-21 18:46:11 ----SHD---- C:\System Volume Information
2012-06-21 18:46:06 ----HD---- C:\ProgramData
2012-06-21 18:46:05 ----D---- C:\Program Files\Common Files
2012-06-21 13:41:26 ----D---- C:\Windows\system32\config
2012-06-20 18:56:01 ----SD---- C:\Users\pctc\AppData\Roaming\Microsoft
2012-06-20 17:53:04 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-06-20 09:48:30 ----D---- C:\Windows\system32\wdi
2012-06-19 19:54:34 ----HD---- C:\Program Files\InstallShield Installation Information
2012-06-18 21:59:28 ----SHD---- C:\Windows\Installer
2012-06-17 16:14:52 ----D---- C:\Program Files\Steam
2012-06-16 21:59:05 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-06-16 18:45:32 ----D---- C:\Program Files\Mozilla Firefox
2012-06-14 16:36:33 ----D---- C:\Windows\system32\drivers
2012-06-14 16:03:39 ----D---- C:\Windows\system32\catroot
2012-06-14 16:03:38 ----D---- C:\Windows\system32\DriverStore
2012-06-13 17:39:01 ----D---- C:\Windows\system32\drivers\UMDF
2012-06-12 21:08:18 ----D---- C:\Windows\winsxs
2012-06-12 21:06:34 ----DC---- C:\Windows\system32\DRVSTORE
2012-06-12 21:06:33 ----D---- C:\Windows\system32\catroot2
2012-06-11 18:56:47 ----D---- C:\Windows\system32\NDF
2012-06-10 20:30:36 ----D---- C:\Users\pctc\AppData\Roaming\QipGuard
2012-06-10 19:05:14 ----D---- C:\Windows\SoftwareDistribution
2012-06-09 14:28:16 ----D---- C:\Temp
2012-06-07 21:09:16 ----D---- C:\Windows\Logs
2012-06-07 20:18:48 ----D---- C:\Users\pctc\AppData\Roaming\DAEMON Tools Lite
2012-06-07 20:18:30 ----D---- C:\Windows\Panther
2012-06-07 20:18:30 ----D---- C:\Windows\debug
2012-05-27 14:04:40 ----D---- C:\ProgramData\DAEMON Tools Lite
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-27 242240]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS [2010-09-29 20088]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RtkHDAud.sys [2005-07-13 3851264]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-04-22 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [2012-06-19 1564368]
R2 ICQ Service;ICQ Service; C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE [2012-03-20 247872]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 645440]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-05-01 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2012-05-01 107832]
R2 QipGuard;QipGuard; C:\Program Files\QipGuard\QipGuard.exe [2012-03-15 191440]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-21 935480]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-16 116648]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2012-06-10 2152152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 257224]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-16 116648]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 821608]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-04-22 720936]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-05-19 529232]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím jen o preventivní kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím jen o preventivní kontrolu
Zdravim a pekny vecer preji 
Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy
Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam
- Nahrady za Spybota:
- Samozrejme pouzivejte jen jeden z nich
- Osobne doporucuji SuperAntiSpyware
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
CREATERESTOREPOINT netsvcs drivers32 savembr:0 /md5start atapi.sys autochk.exe cdrom.sys explorer.exe hal.dll scecli.dll svchost.exe tcpip.sys userinit.exe winlogon.exe /md5stop %systemroot%*.* /U /s %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 %SYSTEMDRIVE%\*.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 %PROGRAMFILES%\Opera\opera.exe /md5 %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 %SystemDrive%\PhysicalMBR.bin /md5 *crack* /s *keygen* /s *loader* /s- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím jen o preventivní kontrolu
Taky přeji pěkný večer a díky , udělal jsem vše . Prosil bych ještě o doporučení nějakého free antiviru.
OTL logfile created on: 22.6.2012 21:03:59 - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\pctc\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,34% Memory free
4,00 Gb Paging File | 3,12 Gb Available in Paging File | 78,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,22 Gb Total Space | 55,50 Gb Free Space | 55,37% Space Free | Partition Type: NTFS
Drive O: | 48,73 Gb Total Space | 4,49 Gb Free Space | 9,22% Space Free | Partition Type: NTFS
Computer Name: PCTC-PC | User Name: pctc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.06.22 20:40:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pctc\Downloads\OTL.exe
PRC - [2012.06.19 19:54:32 | 001,564,368 | ---- | M] () -- C:\Program Files\Guard-ICQ\GuardICQ.exe
PRC - [2012.06.11 18:26:06 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.03.15 22:14:14 | 000,191,440 | ---- | M] (QIP.ru) -- C:\Program Files\QipGuard\QipGuard.exe
PRC - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.02.29 22:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2005.07.13 15:47:42 | 002,806,272 | R--- | M] (RealTek Semicoductor Corp.) -- C:\Windows\alcwzrd.exe
PRC - [2005.06.21 15:09:58 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SoundMan.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.22 20:59:59 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.06.22 20:59:59 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.06.22 20:44:33 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.06.22 20:44:33 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.06.20 17:53:04 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 19:54:32 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2012.06.16 18:45:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.19 14:18:05 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.03.15 22:14:14 | 000,191,440 | ---- | M] (QIP.ru) [Auto | Running] -- C:\Program Files\QipGuard\QipGuard.exe -- (QipGuard)
SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2012.05.27 14:03:02 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.09.29 23:13:46 | 000,020,088 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2005.07.13 17:26:52 | 003,851,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 11D8894EE8}
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT3072253
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={1F81FE4D-8 ... 2012-06-21 18:48:26&v=11.1.0.7&sap=hp
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTer ... 11d8894ee8
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1F81 ... 2012-06-21 18:48:26&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT3072253
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://vyveska.moria.cz/vyveska/index.php"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... ource=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://vyveska.moria.cz/vyveska/index.php"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 18:45:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 18:45:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.03.30 17:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pctc\AppData\Roaming\Mozilla\Extensions
[2012.06.19 19:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions
[2012.05.30 17:16:49 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012.06.19 19:54:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.13 14:00:53 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\4fd880a65d11d@4fd880a65d156.info
[2012.06.18 19:54:12 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com
[2012.06.20 20:03:51 | 000,000,950 | ---- | M] () -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\searchplugins\icqplugin-1.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\searchplugins\icqplugin.xml
[2012.03.30 17:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.04 11:19:09 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PCTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HDU7UFEU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.18 19:48:59 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\PCTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HDU7UFEU.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.06.18 19:48:01 | 000,086,818 | ---- | M] () (No name found) -- C:\USERS\PCTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HDU7UFEU.DEFAULT\EXTENSIONS\ONECLICKDOWNLOADER@ONECLICKDOWNLOADER.COM.XPI
[2012.06.16 18:45:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.21 18:48:24 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.16 18:54:44 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 10:38:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.03.13 10:38:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.03.13 10:38:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.03.13 10:38:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.03.13 10:38:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\Windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\Windows\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1301754893-1287375585-1057014856-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 94.74.192.252 94.74.192.244
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E07C8C35-916C-4C88-BCE2-39DB71D198D7}: DhcpNameServer = 192.168.1.254 94.74.192.252 94.74.192.244
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\Shell - "" = AutoRun
O33 - MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\Shell\AutoRun\command - "" = E:\Setup.exe autorun
O33 - MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\Shell\setup\command - "" = E:\Setup.exe autorun
O33 - MountPoints2\{e0af875c-7b21-11e1-ace3-0011d8894ee8}\Shell - "" = AutoRun
O33 - MountPoints2\{e0af875c-7b21-11e1-ace3-0011d8894ee8}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.06.22 20:46:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.22 20:44:14 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.22 20:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.22 20:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.22 20:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.22 17:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.06.22 17:07:54 | 000,000,000 | ---D | C] -- C:\rsit
[2012.06.21 18:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.06.21 18:45:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.06.20 18:56:01 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Local\Macromedia
[2012.06.19 19:54:38 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Roaming\ICQ Search
[2012.06.19 19:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.06.19 19:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2012.06.19 19:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Guard-ICQ
[2012.06.19 19:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2012.06.19 19:54:16 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Roaming\ICQ
[2012.06.19 19:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7M
[2012.06.18 19:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012.06.18 19:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.06.18 19:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012.06.16 22:02:49 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Local\uTorrentControl2
[2012.06.16 22:01:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.16 21:59:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2012.06.16 21:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima Online 2D
[2012.06.16 21:32:38 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultima Online 2D
[2012.06.16 21:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ultima Online 2D
[2012.06.16 17:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.06.16 17:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.06.16 17:05:03 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
========== Files - Modified Within 7 Days ==========
[2012.06.22 21:05:50 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.06.22 21:04:54 | 000,780,918 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.06.22 21:04:54 | 000,660,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.22 21:04:54 | 000,170,734 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.06.22 21:04:54 | 000,153,966 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.22 21:04:44 | 000,012,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 21:04:44 | 000,012,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 21:00:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.22 20:59:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.22 20:59:27 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.22 20:44:09 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.22 16:59:02 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.06.22 16:58:55 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.22 16:58:54 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.22 16:55:32 | 000,026,670 | ---- | M] () -- C:\Users\pctc\Documents\cc_20120622_165523.reg
[2012.06.22 14:59:50 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.06.22 14:59:50 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.06.20 17:53:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.20 17:53:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.19 20:12:09 | 000,940,794 | ---- | M] () -- C:\Windows\System32\LoopyMusic.wav
[2012.06.19 20:12:09 | 000,146,650 | ---- | M] () -- C:\Windows\System32\BuzzingBee.wav
[2012.06.19 19:58:05 | 000,000,047 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.06.19 19:54:38 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.17 16:15:17 | 000,010,276 | ---- | M] () -- C:\Users\pctc\Documents\cc_20120617_161510.reg
[2012.06.16 21:45:47 | 000,001,713 | ---- | M] () -- C:\Users\pctc\Desktop\UOAM.lnk
[2012.06.16 21:40:54 | 000,001,101 | ---- | M] () -- C:\Users\pctc\Desktop\ilaunch.lnk
[2012.06.16 21:32:38 | 000,172,032 | ---- | M] () -- C:\Windows\UOUninst.exe
[2012.06.16 18:54:56 | 000,000,750 | ---- | M] () -- C:\user.js
========== Files Created - No Company Name ==========
[2012.06.22 21:05:50 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.06.22 20:44:09 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.22 16:55:30 | 000,026,670 | ---- | C] () -- C:\Users\pctc\Documents\cc_20120622_165523.reg
[2012.06.22 15:27:11 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.06.19 20:12:09 | 000,146,650 | ---- | C] () -- C:\Windows\System32\BuzzingBee.wav
[2012.06.19 20:12:08 | 000,940,794 | ---- | C] () -- C:\Windows\System32\LoopyMusic.wav
[2012.06.19 19:58:05 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.06.19 19:54:38 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.17 16:15:13 | 000,010,276 | ---- | C] () -- C:\Users\pctc\Documents\cc_20120617_161510.reg
[2012.06.16 21:45:29 | 000,001,713 | ---- | C] () -- C:\Users\pctc\Desktop\UOAM.lnk
[2012.06.16 21:40:27 | 000,001,101 | ---- | C] () -- C:\Users\pctc\Desktop\ilaunch.lnk
[2012.06.16 21:32:38 | 000,172,032 | ---- | C] () -- C:\Windows\UOUninst.exe
[2012.06.16 17:56:27 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.16 17:56:26 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.13 20:23:13 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012.06.13 20:23:13 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012.06.13 14:03:31 | 000,000,127 | ---- | C] () -- C:\Users\pctc\wxDownloadFast.ini
[2012.06.12 17:23:59 | 000,000,107 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.06.10 19:10:18 | 000,007,597 | ---- | C] () -- C:\Users\pctc\AppData\Local\Resmon.ResmonCfg
[2012.06.07 07:25:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\NtDirect.dll
[2012.05.01 12:15:47 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.05.01 12:15:47 | 000,022,328 | ---- | C] () -- C:\Users\pctc\AppData\Roaming\PnkBstrK.sys
[2012.05.01 12:15:20 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.05.01 12:15:18 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.05.01 12:15:18 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.03.30 16:14:40 | 000,040,960 | R--- | C] () -- C:\Windows\System32\ChCfg.exe
[2012.03.30 16:12:33 | 002,515,790 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
========== LOP Check ==========
[2012.06.07 20:18:48 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\DAEMON Tools Lite
[2012.06.08 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\FreeCommander
[2012.06.22 15:29:27 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\ICQ
[2012.06.19 19:54:38 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\ICQ Search
[2012.04.21 13:21:02 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\klonsoft
[2012.04.29 14:28:58 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Mumble
[2012.06.13 17:39:59 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\PC Suite
[2012.03.30 16:26:51 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\QIP
[2012.06.10 20:30:36 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\QipGuard
[2012.06.22 16:55:02 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\uTorrent
[2012.06.13 18:25:58 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\YourFileDownloader
[2012.06.22 16:59:02 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.06.22 16:58:54 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0621bd8565ed8e77fe35192f3527d184\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0621bd8565ed8e77fe35192f3527d184\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\*.tmp files -> C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\*.tmp files -> C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2c5f26fc6994205fab65ceaa269150ce\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2c5f26fc6994205fab65ceaa269150ce\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\*.tmp files -> C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\532a39d0c771c9f9d9c4f7d1043b2cdd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\532a39d0c771c9f9d9c4f7d1043b2cdd\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\5509430fd91377311302d36dd6297115\*.tmp files -> C:\Windows\SoftwareDistribution\Download\5509430fd91377311302d36dd6297115\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\577dc8de87ba1dc48034de2b5df64148\*.tmp files -> C:\Windows\SoftwareDistribution\Download\577dc8de87ba1dc48034de2b5df64148\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\67aac2ca3d16a4c232d51c161a21cc2f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\67aac2ca3d16a4c232d51c161a21cc2f\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\*.tmp files -> C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp files -> C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\*.tmp files -> C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\7b1940a7021dac42f195c0e65d9d65c8\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7b1940a7021dac42f195c0e65d9d65c8\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\7e447a3f1c4c7a5679cd9cc1c4d6b4b7\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7e447a3f1c4c7a5679cd9cc1c4d6b4b7\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\87c301b0a97efb0f746dbd46207063f2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\87c301b0a97efb0f746dbd46207063f2\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\97875b2c70acf6c807ca8ab6164148d5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\97875b2c70acf6c807ca8ab6164148d5\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\*.tmp files -> C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a1715b29668ced55a2c85ca5cd2a1ce2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a1715b29668ced55a2c85ca5cd2a1ce2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a8196892bd76342cb950f681349dae19\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a8196892bd76342cb950f681349dae19\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\abfadd8eb7aca92614a050a72b9598ff\*.tmp files -> C:\Windows\SoftwareDistribution\Download\abfadd8eb7aca92614a050a72b9598ff\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b9d8c43f9c432dead199ceb161398297\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b9d8c43f9c432dead199ceb161398297\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\cefa2cef91fb0871957226952420cd7a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\cefa2cef91fb0871957226952420cd7a\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\f93b9f3a461843093b394763232dab93\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f93b9f3a461843093b394763232dab93\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\fb203e4b2a21f7dd2993137e2126ff55\*.tmp files -> C:\Windows\SoftwareDistribution\Download\fb203e4b2a21f7dd2993137e2126ff55\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.03.31 13:48:37 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Adobe
[2012.05.14 12:24:28 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Apple Computer
[2012.06.07 20:18:48 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\DAEMON Tools Lite
[2012.06.08 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\FreeCommander
[2012.06.22 15:29:27 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\ICQ
[2012.06.19 19:54:38 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\ICQ Search
[2012.03.30 16:02:26 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Identities
[2012.06.11 22:47:23 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\InstallShield
[2012.04.21 13:21:02 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\klonsoft
[2012.03.31 13:48:37 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Macromedia
[2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Media Center Programs
[2012.06.20 18:56:01 | 000,000,000 | --SD | M] -- C:\Users\pctc\AppData\Roaming\Microsoft
[2012.03.30 17:56:26 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Mozilla
[2012.04.29 14:28:58 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Mumble
[2012.06.09 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\NVIDIA
[2012.06.13 17:39:59 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\PC Suite
[2012.03.30 16:26:51 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\QIP
[2012.06.10 20:30:36 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\QipGuard
[2012.06.22 20:44:14 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.22 16:55:02 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\uTorrent
[2012.03.30 21:00:23 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\WinRAR
[2012.06.13 18:25:58 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\YourFileDownloader
< %APPDATA%\*.exe /s >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2012.06.22 16:59:02 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.06.22 21:00:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.06.22 16:58:54 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.06.22 16:58:55 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.06.22 21:04:44 | 000,012,624 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 21:04:44 | 000,012,624 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 17:53:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2012.06.20 17:53:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2012.06.22 21:04:54 | 000,170,734 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.06.22 21:04:54 | 000,153,966 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.06.22 21:04:54 | 000,780,918 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.06.22 21:04:54 | 000,660,084 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.06.22 21:04:54 | 000,004,564 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2012.06.22 14:59:50 | 000,000,044 | ---- | M] () -- C:\Windows\system32\rp_rules.dat
[2012.06.22 14:59:50 | 000,000,064 | ---- | M] () -- C:\Windows\system32\rp_stats.dat
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"PlayNC Launcher" =
"" =
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -- [2012.06.11 18:26:06 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.06.16 18:45:31 | 000,913,888 | ---- | M] (Mozilla Corporation) MD5=D3C0837346C49095B8AF9EF54AD7E90A -- C:\Program Files\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.06.22 21:05:50 | 000,000,512 | ---- | M] () MD5=2B393A770CCAFEBE7DB584F2A03DF69F -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2008.09.23 16:19:06 | 000,016,223 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0001.OZJ
[2008.09.23 16:19:06 | 000,017,939 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0002.OZJ
[2008.09.23 16:19:06 | 000,020,684 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0003.OZJ
[2008.09.23 16:19:06 | 000,023,889 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0004.OZJ
[2008.09.23 16:19:06 | 000,027,580 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0005.OZJ
[2008.09.23 16:19:06 | 000,029,199 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0006.OZJ
[2008.09.23 16:19:06 | 000,028,015 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0007.OZJ
[2008.05.20 16:23:32 | 000,011,320 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\knight_plancrack_a.bmd
[2008.05.26 10:10:42 | 000,005,648 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\knight_plancrack_b.bmd
[2008.04.24 15:01:00 | 000,160,240 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\knight_plancrack_grand.bmd
[2003.01.13 13:38:06 | 000,003,448 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Item\firecracker.OZJ
[2006.07.03 09:30:54 | 000,016,685 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Object40\han_mcrack.OZJ
[2003.12.05 14:52:40 | 000,000,796 | ---- | M] () -- \Program Files\Rockstar Games\GTA San Andreas\data\Decision\Craig\crack1.ped
[2012.05.01 07:40:38 | 000,038,067 | ---- | M] () -- \Users\pctc\AppData\Roaming\uTorrent\Far Cry 2 with no CD or activation required crack.torrent
< *keygen* /s >
< *loader* /s >
[2012.05.21 12:32:40 | 000,607,888 | ---- | M] () -- \Poker\Poker 770\data\loader.dll
[2012.05.21 12:32:37 | 000,002,707 | ---- | M] () -- \Poker\Poker 770\data\loader.gam
[2012.05.21 12:34:05 | 000,005,265 | ---- | M] () -- \Poker\Poker 770\data\mgames\[en]\as2\movies\shared\loader.swf
[2012.05.21 12:32:37 | 000,002,608 | ---- | M] () -- \Poker\Poker 770\widgetbar\widgets\themecloud\resources\html\img\ajax-loader.gif
[2012.04.30 11:28:56 | 001,753,600 | ---- | M] () -- \Program Files\1ClickDownload\1ClickDownloader.exe
[2012.03.01 20:23:20 | 000,112,128 | ---- | M] () -- \Program Files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2012.06.19 19:54:07 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012.06.19 19:54:08 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012.06.19 19:54:07 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.06.19 19:55:58 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7M\Xtraz\icq\content\profile_lightboxs\preloader.html
[2011.10.17 14:10:26 | 000,071,528 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2011.11.06 11:09:52 | 000,083,816 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2012.06.20 20:10:01 | 000,292,744 | ---- | M] () -- \Program Files\Ultima Online 2D\Brothersoft_downloader_For_DivX_Mobile_Media(1).exe
[2012.04.06 13:24:50 | 000,057,728 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2012.04.06 13:24:42 | 000,057,728 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2012.04.06 13:24:44 | 000,057,728 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2012.04.06 13:24:46 | 000,057,728 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2012.04.06 13:24:46 | 000,057,728 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2012.04.06 13:24:48 | 000,061,770 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2012.04.06 13:24:48 | 000,061,770 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2012.06.21 18:48:38 | 000,006,494 | ---- | M] () -- \Users\pctc\AppData\Local\Temp\avg@toolbar\modules\skin\ajax-loader.gif
[2012.06.21 18:48:38 | 000,000,729 | ---- | M] () -- \Users\pctc\AppData\Local\Temp\avg@toolbar\modules\skin\loader.gif
[2012.05.14 21:02:08 | 000,009,051 | ---- | M] () -- \Users\pctc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\loader.gif
[2012.05.14 21:02:08 | 000,016,119 | ---- | M] () -- \Users\pctc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.jpg
[2012.05.14 21:02:08 | 000,018,434 | ---- | M] () -- \Users\pctc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.png
[2012.05.14 21:02:08 | 000,009,283 | ---- | M] () -- \Users\pctc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\ImageInfoLoader.js
[2012.05.14 21:02:08 | 000,001,699 | ---- | M] () -- \Users\pctc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\NewsLoader.js
[2012.03.31 14:59:53 | 000,001,564 | ---- | M] () -- \Users\pctc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eurobattle.net\Euroloader.lnk
[2012.04.18 00:39:24 | 000,010,145 | ---- | M] () -- \Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\conduitCommon\modules\3.12.0.8\ExternalLibraryLoader.jsm
[2012.06.18 19:48:01 | 000,086,818 | ---- | M] () -- \Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2012.05.30 08:43:28 | 000,010,145 | ---- | M] () -- \Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules\ExternalLibraryLoader.jsm
[2012.03.31 14:59:53 | 000,001,528 | ---- | M] () -- \Users\pctc\Desktop\Euroloader.lnk
[2012.03.30 17:58:00 | 000,301,608 | ---- | M] () -- \Users\pctc\Downloads\SoftonicDownloader_for_steam.exe
[2011.09.25 22:18:06 | 000,098,816 | ---- | M] () -- \Warcraft III\euroloader.exe
[2011.05.06 17:47:43 | 000,000,046 | ---- | M] () -- \Warcraft III\euroloader.txt
[2012.06.21 18:47:42 | 000,105,368 | ---- | M] () -- \Windows\Prefetch\BROTHERSOFT_DOWNLOADER_FOR_DI-148BD467.pf
[2012.06.21 18:45:03 | 000,097,628 | ---- | M] () -- \Windows\Prefetch\BROTHERSOFT_DOWNLOADER_FOR_DI-C65F4600.pf
[2012.06.21 18:46:21 | 000,100,858 | ---- | M] () -- \Windows\Prefetch\BROTHERSOFT_DOWNLOADER_FOR_WE-1BB50C89.pf
[2012.06.22 01:34:36 | 000,006,540 | ---- | M] () -- \Windows\Prefetch\EUROLOADER.EXE-DD6D9D56.pf
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.26 19:52:20 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.26 19:52:20 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.26 19:52:20 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2009.07.14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2009.07.14 04:17:55 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 04:17:55 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winload.exe_75835076
[2009.07.14 04:17:55 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.26 19:50:45 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
< End of report >
OTL logfile created on: 22.6.2012 21:03:59 - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\pctc\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,34% Memory free
4,00 Gb Paging File | 3,12 Gb Available in Paging File | 78,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,22 Gb Total Space | 55,50 Gb Free Space | 55,37% Space Free | Partition Type: NTFS
Drive O: | 48,73 Gb Total Space | 4,49 Gb Free Space | 9,22% Space Free | Partition Type: NTFS
Computer Name: PCTC-PC | User Name: pctc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.06.22 20:40:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pctc\Downloads\OTL.exe
PRC - [2012.06.19 19:54:32 | 001,564,368 | ---- | M] () -- C:\Program Files\Guard-ICQ\GuardICQ.exe
PRC - [2012.06.11 18:26:06 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.03.15 22:14:14 | 000,191,440 | ---- | M] (QIP.ru) -- C:\Program Files\QipGuard\QipGuard.exe
PRC - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.02.29 22:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2005.07.13 15:47:42 | 002,806,272 | R--- | M] (RealTek Semicoductor Corp.) -- C:\Windows\alcwzrd.exe
PRC - [2005.06.21 15:09:58 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SoundMan.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.22 20:59:59 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.06.22 20:59:59 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.06.22 20:44:33 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.06.22 20:44:33 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.06.20 17:53:04 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 19:54:32 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2012.06.16 18:45:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.19 14:18:05 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.03.15 22:14:14 | 000,191,440 | ---- | M] (QIP.ru) [Auto | Running] -- C:\Program Files\QipGuard\QipGuard.exe -- (QipGuard)
SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2012.05.27 14:03:02 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.09.29 23:13:46 | 000,020,088 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2005.07.13 17:26:52 | 003,851,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 11D8894EE8}
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT3072253
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={1F81FE4D-8 ... 2012-06-21 18:48:26&v=11.1.0.7&sap=hp
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTer ... 11d8894ee8
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1F81 ... 2012-06-21 18:48:26&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT3072253
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://vyveska.moria.cz/vyveska/index.php"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... ource=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://vyveska.moria.cz/vyveska/index.php"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 18:45:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 18:45:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.03.30 17:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pctc\AppData\Roaming\Mozilla\Extensions
[2012.06.19 19:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions
[2012.05.30 17:16:49 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012.06.19 19:54:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.13 14:00:53 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\4fd880a65d11d@4fd880a65d156.info
[2012.06.18 19:54:12 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com
[2012.06.20 20:03:51 | 000,000,950 | ---- | M] () -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\searchplugins\icqplugin-1.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\searchplugins\icqplugin.xml
[2012.03.30 17:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.04 11:19:09 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PCTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HDU7UFEU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.18 19:48:59 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\PCTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HDU7UFEU.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.06.18 19:48:01 | 000,086,818 | ---- | M] () (No name found) -- C:\USERS\PCTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HDU7UFEU.DEFAULT\EXTENSIONS\ONECLICKDOWNLOADER@ONECLICKDOWNLOADER.COM.XPI
[2012.06.16 18:45:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.21 18:48:24 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.16 18:54:44 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 10:38:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.03.13 10:38:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.03.13 10:38:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.03.13 10:38:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.03.13 10:38:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\Windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\Windows\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1301754893-1287375585-1057014856-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 94.74.192.252 94.74.192.244
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E07C8C35-916C-4C88-BCE2-39DB71D198D7}: DhcpNameServer = 192.168.1.254 94.74.192.252 94.74.192.244
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\Shell - "" = AutoRun
O33 - MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\Shell\AutoRun\command - "" = E:\Setup.exe autorun
O33 - MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\Shell\setup\command - "" = E:\Setup.exe autorun
O33 - MountPoints2\{e0af875c-7b21-11e1-ace3-0011d8894ee8}\Shell - "" = AutoRun
O33 - MountPoints2\{e0af875c-7b21-11e1-ace3-0011d8894ee8}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.06.22 20:46:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.22 20:44:14 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.22 20:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.22 20:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.22 20:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.22 17:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.06.22 17:07:54 | 000,000,000 | ---D | C] -- C:\rsit
[2012.06.21 18:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.06.21 18:45:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.06.20 18:56:01 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Local\Macromedia
[2012.06.19 19:54:38 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Roaming\ICQ Search
[2012.06.19 19:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.06.19 19:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2012.06.19 19:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Guard-ICQ
[2012.06.19 19:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2012.06.19 19:54:16 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Roaming\ICQ
[2012.06.19 19:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7M
[2012.06.18 19:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012.06.18 19:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.06.18 19:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012.06.16 22:02:49 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Local\uTorrentControl2
[2012.06.16 22:01:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.16 21:59:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2012.06.16 21:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima Online 2D
[2012.06.16 21:32:38 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultima Online 2D
[2012.06.16 21:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ultima Online 2D
[2012.06.16 17:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.06.16 17:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.06.16 17:05:03 | 000,000,000 | ---D | C] -- C:\Users\pctc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
========== Files - Modified Within 7 Days ==========
[2012.06.22 21:05:50 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.06.22 21:04:54 | 000,780,918 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.06.22 21:04:54 | 000,660,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.22 21:04:54 | 000,170,734 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.06.22 21:04:54 | 000,153,966 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.22 21:04:44 | 000,012,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 21:04:44 | 000,012,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 21:00:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.22 20:59:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.22 20:59:27 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.22 20:44:09 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.22 16:59:02 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.06.22 16:58:55 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.22 16:58:54 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.22 16:55:32 | 000,026,670 | ---- | M] () -- C:\Users\pctc\Documents\cc_20120622_165523.reg
[2012.06.22 14:59:50 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.06.22 14:59:50 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.06.20 17:53:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.20 17:53:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.19 20:12:09 | 000,940,794 | ---- | M] () -- C:\Windows\System32\LoopyMusic.wav
[2012.06.19 20:12:09 | 000,146,650 | ---- | M] () -- C:\Windows\System32\BuzzingBee.wav
[2012.06.19 19:58:05 | 000,000,047 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.06.19 19:54:38 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.17 16:15:17 | 000,010,276 | ---- | M] () -- C:\Users\pctc\Documents\cc_20120617_161510.reg
[2012.06.16 21:45:47 | 000,001,713 | ---- | M] () -- C:\Users\pctc\Desktop\UOAM.lnk
[2012.06.16 21:40:54 | 000,001,101 | ---- | M] () -- C:\Users\pctc\Desktop\ilaunch.lnk
[2012.06.16 21:32:38 | 000,172,032 | ---- | M] () -- C:\Windows\UOUninst.exe
[2012.06.16 18:54:56 | 000,000,750 | ---- | M] () -- C:\user.js
========== Files Created - No Company Name ==========
[2012.06.22 21:05:50 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.06.22 20:44:09 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.22 16:55:30 | 000,026,670 | ---- | C] () -- C:\Users\pctc\Documents\cc_20120622_165523.reg
[2012.06.22 15:27:11 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.06.19 20:12:09 | 000,146,650 | ---- | C] () -- C:\Windows\System32\BuzzingBee.wav
[2012.06.19 20:12:08 | 000,940,794 | ---- | C] () -- C:\Windows\System32\LoopyMusic.wav
[2012.06.19 19:58:05 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.06.19 19:54:38 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.17 16:15:13 | 000,010,276 | ---- | C] () -- C:\Users\pctc\Documents\cc_20120617_161510.reg
[2012.06.16 21:45:29 | 000,001,713 | ---- | C] () -- C:\Users\pctc\Desktop\UOAM.lnk
[2012.06.16 21:40:27 | 000,001,101 | ---- | C] () -- C:\Users\pctc\Desktop\ilaunch.lnk
[2012.06.16 21:32:38 | 000,172,032 | ---- | C] () -- C:\Windows\UOUninst.exe
[2012.06.16 17:56:27 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.16 17:56:26 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.13 20:23:13 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012.06.13 20:23:13 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012.06.13 14:03:31 | 000,000,127 | ---- | C] () -- C:\Users\pctc\wxDownloadFast.ini
[2012.06.12 17:23:59 | 000,000,107 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.06.10 19:10:18 | 000,007,597 | ---- | C] () -- C:\Users\pctc\AppData\Local\Resmon.ResmonCfg
[2012.06.07 07:25:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\NtDirect.dll
[2012.05.01 12:15:47 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.05.01 12:15:47 | 000,022,328 | ---- | C] () -- C:\Users\pctc\AppData\Roaming\PnkBstrK.sys
[2012.05.01 12:15:20 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.05.01 12:15:18 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.05.01 12:15:18 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.03.30 16:14:40 | 000,040,960 | R--- | C] () -- C:\Windows\System32\ChCfg.exe
[2012.03.30 16:12:33 | 002,515,790 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
========== LOP Check ==========
[2012.06.07 20:18:48 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\DAEMON Tools Lite
[2012.06.08 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\FreeCommander
[2012.06.22 15:29:27 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\ICQ
[2012.06.19 19:54:38 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\ICQ Search
[2012.04.21 13:21:02 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\klonsoft
[2012.04.29 14:28:58 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Mumble
[2012.06.13 17:39:59 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\PC Suite
[2012.03.30 16:26:51 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\QIP
[2012.06.10 20:30:36 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\QipGuard
[2012.06.22 16:55:02 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\uTorrent
[2012.06.13 18:25:58 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\YourFileDownloader
[2012.06.22 16:59:02 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.06.22 16:58:54 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0621bd8565ed8e77fe35192f3527d184\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0621bd8565ed8e77fe35192f3527d184\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\*.tmp files -> C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\*.tmp files -> C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2c5f26fc6994205fab65ceaa269150ce\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2c5f26fc6994205fab65ceaa269150ce\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\*.tmp files -> C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\532a39d0c771c9f9d9c4f7d1043b2cdd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\532a39d0c771c9f9d9c4f7d1043b2cdd\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\5509430fd91377311302d36dd6297115\*.tmp files -> C:\Windows\SoftwareDistribution\Download\5509430fd91377311302d36dd6297115\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\577dc8de87ba1dc48034de2b5df64148\*.tmp files -> C:\Windows\SoftwareDistribution\Download\577dc8de87ba1dc48034de2b5df64148\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\67aac2ca3d16a4c232d51c161a21cc2f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\67aac2ca3d16a4c232d51c161a21cc2f\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\*.tmp files -> C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp files -> C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\*.tmp files -> C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\7b1940a7021dac42f195c0e65d9d65c8\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7b1940a7021dac42f195c0e65d9d65c8\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\7e447a3f1c4c7a5679cd9cc1c4d6b4b7\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7e447a3f1c4c7a5679cd9cc1c4d6b4b7\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\87c301b0a97efb0f746dbd46207063f2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\87c301b0a97efb0f746dbd46207063f2\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\97875b2c70acf6c807ca8ab6164148d5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\97875b2c70acf6c807ca8ab6164148d5\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\*.tmp files -> C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a1715b29668ced55a2c85ca5cd2a1ce2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a1715b29668ced55a2c85ca5cd2a1ce2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a8196892bd76342cb950f681349dae19\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a8196892bd76342cb950f681349dae19\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\abfadd8eb7aca92614a050a72b9598ff\*.tmp files -> C:\Windows\SoftwareDistribution\Download\abfadd8eb7aca92614a050a72b9598ff\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b9d8c43f9c432dead199ceb161398297\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b9d8c43f9c432dead199ceb161398297\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\cefa2cef91fb0871957226952420cd7a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\cefa2cef91fb0871957226952420cd7a\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\f93b9f3a461843093b394763232dab93\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f93b9f3a461843093b394763232dab93\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\fb203e4b2a21f7dd2993137e2126ff55\*.tmp files -> C:\Windows\SoftwareDistribution\Download\fb203e4b2a21f7dd2993137e2126ff55\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.03.31 13:48:37 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Adobe
[2012.05.14 12:24:28 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Apple Computer
[2012.06.07 20:18:48 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\DAEMON Tools Lite
[2012.06.08 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\FreeCommander
[2012.06.22 15:29:27 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\ICQ
[2012.06.19 19:54:38 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\ICQ Search
[2012.03.30 16:02:26 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Identities
[2012.06.11 22:47:23 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\InstallShield
[2012.04.21 13:21:02 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\klonsoft
[2012.03.31 13:48:37 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Macromedia
[2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Media Center Programs
[2012.06.20 18:56:01 | 000,000,000 | --SD | M] -- C:\Users\pctc\AppData\Roaming\Microsoft
[2012.03.30 17:56:26 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Mozilla
[2012.04.29 14:28:58 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\Mumble
[2012.06.09 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\NVIDIA
[2012.06.13 17:39:59 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\PC Suite
[2012.03.30 16:26:51 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\QIP
[2012.06.10 20:30:36 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\QipGuard
[2012.06.22 20:44:14 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.22 16:55:02 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\uTorrent
[2012.03.30 21:00:23 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\WinRAR
[2012.06.13 18:25:58 | 000,000,000 | ---D | M] -- C:\Users\pctc\AppData\Roaming\YourFileDownloader
< %APPDATA%\*.exe /s >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2012.06.22 16:59:02 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.06.22 21:00:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.06.22 16:58:54 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.06.22 16:58:55 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.06.22 21:04:44 | 000,012,624 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 21:04:44 | 000,012,624 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 17:53:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2012.06.20 17:53:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2012.06.22 21:04:54 | 000,170,734 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.06.22 21:04:54 | 000,153,966 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.06.22 21:04:54 | 000,780,918 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.06.22 21:04:54 | 000,660,084 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.06.22 21:04:54 | 000,004,564 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2012.06.22 14:59:50 | 000,000,044 | ---- | M] () -- C:\Windows\system32\rp_rules.dat
[2012.06.22 14:59:50 | 000,000,064 | ---- | M] () -- C:\Windows\system32\rp_stats.dat
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"PlayNC Launcher" =
"" =
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -- [2012.06.11 18:26:06 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.06.16 18:45:31 | 000,913,888 | ---- | M] (Mozilla Corporation) MD5=D3C0837346C49095B8AF9EF54AD7E90A -- C:\Program Files\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.06.22 21:05:50 | 000,000,512 | ---- | M] () MD5=2B393A770CCAFEBE7DB584F2A03DF69F -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2008.09.23 16:19:06 | 000,016,223 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0001.OZJ
[2008.09.23 16:19:06 | 000,017,939 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0002.OZJ
[2008.09.23 16:19:06 | 000,020,684 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0003.OZJ
[2008.09.23 16:19:06 | 000,023,889 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0004.OZJ
[2008.09.23 16:19:06 | 000,027,580 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0005.OZJ
[2008.09.23 16:19:06 | 000,029,199 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0006.OZJ
[2008.09.23 16:19:06 | 000,028,015 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\firecracker0007.OZJ
[2008.05.20 16:23:32 | 000,011,320 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\knight_plancrack_a.bmd
[2008.05.26 10:10:42 | 000,005,648 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\knight_plancrack_b.bmd
[2008.04.24 15:01:00 | 000,160,240 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Effect\knight_plancrack_grand.bmd
[2003.01.13 13:38:06 | 000,003,448 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Item\firecracker.OZJ
[2006.07.03 09:30:54 | 000,016,685 | ---- | M] () -- \Program Files\DaemonicMU Season IV\Data\Object40\han_mcrack.OZJ
[2003.12.05 14:52:40 | 000,000,796 | ---- | M] () -- \Program Files\Rockstar Games\GTA San Andreas\data\Decision\Craig\crack1.ped
[2012.05.01 07:40:38 | 000,038,067 | ---- | M] () -- \Users\pctc\AppData\Roaming\uTorrent\Far Cry 2 with no CD or activation required crack.torrent
< *keygen* /s >
< *loader* /s >
[2012.05.21 12:32:40 | 000,607,888 | ---- | M] () -- \Poker\Poker 770\data\loader.dll
[2012.05.21 12:32:37 | 000,002,707 | ---- | M] () -- \Poker\Poker 770\data\loader.gam
[2012.05.21 12:34:05 | 000,005,265 | ---- | M] () -- \Poker\Poker 770\data\mgames\[en]\as2\movies\shared\loader.swf
[2012.05.21 12:32:37 | 000,002,608 | ---- | M] () -- \Poker\Poker 770\widgetbar\widgets\themecloud\resources\html\img\ajax-loader.gif
[2012.04.30 11:28:56 | 001,753,600 | ---- | M] () -- \Program Files\1ClickDownload\1ClickDownloader.exe
[2012.03.01 20:23:20 | 000,112,128 | ---- | M] () -- \Program Files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2012.06.19 19:54:07 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012.06.19 19:54:08 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012.06.19 19:54:07 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.06.19 19:55:58 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7M\Xtraz\icq\content\profile_lightboxs\preloader.html
[2011.10.17 14:10:26 | 000,071,528 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2011.11.06 11:09:52 | 000,083,816 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2012.06.20 20:10:01 | 000,292,744 | ---- | M] () -- \Program Files\Ultima Online 2D\Brothersoft_downloader_For_DivX_Mobile_Media(1).exe
[2012.04.06 13:24:50 | 000,057,728 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2012.04.06 13:24:42 | 000,057,728 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2012.04.06 13:24:44 | 000,057,728 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2012.04.06 13:24:46 | 000,057,728 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2012.04.06 13:24:46 | 000,057,728 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2012.04.06 13:24:48 | 000,061,770 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2012.04.06 13:24:48 | 000,061,770 | ---- | M] () -- \Users\pctc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2012.06.21 18:48:38 | 000,006,494 | ---- | M] () -- \Users\pctc\AppData\Local\Temp\avg@toolbar\modules\skin\ajax-loader.gif
[2012.06.21 18:48:38 | 000,000,729 | ---- | M] () -- \Users\pctc\AppData\Local\Temp\avg@toolbar\modules\skin\loader.gif
[2012.05.14 21:02:08 | 000,009,051 | ---- | M] () -- \Users\pctc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\loader.gif
[2012.05.14 21:02:08 | 000,016,119 | ---- | M] () -- \Users\pctc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.jpg
[2012.05.14 21:02:08 | 000,018,434 | ---- | M] () -- \Users\pctc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.png
[2012.05.14 21:02:08 | 000,009,283 | ---- | M] () -- \Users\pctc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\ImageInfoLoader.js
[2012.05.14 21:02:08 | 000,001,699 | ---- | M] () -- \Users\pctc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\NewsLoader.js
[2012.03.31 14:59:53 | 000,001,564 | ---- | M] () -- \Users\pctc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eurobattle.net\Euroloader.lnk
[2012.04.18 00:39:24 | 000,010,145 | ---- | M] () -- \Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\conduitCommon\modules\3.12.0.8\ExternalLibraryLoader.jsm
[2012.06.18 19:48:01 | 000,086,818 | ---- | M] () -- \Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2012.05.30 08:43:28 | 000,010,145 | ---- | M] () -- \Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules\ExternalLibraryLoader.jsm
[2012.03.31 14:59:53 | 000,001,528 | ---- | M] () -- \Users\pctc\Desktop\Euroloader.lnk
[2012.03.30 17:58:00 | 000,301,608 | ---- | M] () -- \Users\pctc\Downloads\SoftonicDownloader_for_steam.exe
[2011.09.25 22:18:06 | 000,098,816 | ---- | M] () -- \Warcraft III\euroloader.exe
[2011.05.06 17:47:43 | 000,000,046 | ---- | M] () -- \Warcraft III\euroloader.txt
[2012.06.21 18:47:42 | 000,105,368 | ---- | M] () -- \Windows\Prefetch\BROTHERSOFT_DOWNLOADER_FOR_DI-148BD467.pf
[2012.06.21 18:45:03 | 000,097,628 | ---- | M] () -- \Windows\Prefetch\BROTHERSOFT_DOWNLOADER_FOR_DI-C65F4600.pf
[2012.06.21 18:46:21 | 000,100,858 | ---- | M] () -- \Windows\Prefetch\BROTHERSOFT_DOWNLOADER_FOR_WE-1BB50C89.pf
[2012.06.22 01:34:36 | 000,006,540 | ---- | M] () -- \Windows\Prefetch\EUROLOADER.EXE-DD6D9D56.pf
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.26 19:52:20 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.26 19:52:20 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.26 19:52:20 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2009.07.14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2009.07.14 04:17:55 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 04:17:55 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winload.exe_75835076
[2009.07.14 04:17:55 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.26 19:50:45 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
< End of report >
Re: Prosím jen o preventivní kontrolu
omlouvam se ale oba logy nevlezly najednou , jen doufám ,že to není ten samý
OTL Extras logfile created on: 22.6.2012 21:03:59 - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\pctc\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,34% Memory free
4,00 Gb Paging File | 3,12 Gb Available in Paging File | 78,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,22 Gb Total Space | 55,50 Gb Free Space | 55,37% Space Free | Partition Type: NTFS
Drive O: | 48,73 Gb Total Space | 4,49 Gb Free Space | 9,22% Space Free | Partition Type: NTFS
Computer Name: PCTC-PC | User Name: pctc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ultima Online 2D\Mobifactor.Powermp3.1.17.key.code.generator\Mobifactor.Powermp3.1.17.key.code.generator.exe" = C:\Program Files\Ultima Online 2D\Mobifactor.Powermp3.1.17.key.code.generator\Mobifactor.Powermp3.1.17.key.code.generator.exe:*:Enabled:Mobifactor.Powermp3.1.17.key.code.generator -- (Windows (R) Codename Longhorn DDK provider)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DAF878E-9C87-40A7-A87E-9F7C74BFEFAC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{16E3A8EA-6DDB-4676-933B-A34CC93E332E}" = rport=445 | protocol=6 | dir=out | app=system |
"{2BB8F9AE-5351-4F97-9FB7-D8F0E0BF07F6}" = rport=138 | protocol=17 | dir=out | app=system |
"{2F7C0B50-A69F-4413-80DB-79DDB5A79418}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39DA4C30-2131-4FFB-86C1-BDBBBDDA7E22}" = lport=10243 | protocol=6 | dir=in | app=system |
"{45F55304-8423-4C39-BE7E-E5717857DB5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A4F607C-0E17-4D57-81FB-64B2F02FFEF6}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B9A4993-3150-4489-A790-6E685868C62B}" = lport=139 | protocol=6 | dir=in | app=system |
"{626160D1-3A5C-475C-BCF7-5199169C9FB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6266F6A9-5AAA-4B3D-A3A4-C61E581799CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D25931A-A49C-4D23-9BB3-5B1348BF77A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{833CFA9D-3B8C-4211-BD00-97F46EF90863}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85B8E7D9-3FE8-4FFE-88FC-C199D79B2570}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{88E63285-C640-4DC2-935A-BD4367B13665}" = rport=139 | protocol=6 | dir=out | app=system |
"{901B5FC9-3C1C-4D27-B362-1230D081DD76}" = rport=10243 | protocol=6 | dir=out | app=system |
"{95EA23FB-CE1A-48AE-996F-B6760D3B56BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B002CC09-0485-48E4-8873-9324A31748B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1A36F99-B558-4E8A-A557-4CDEA66002AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD6F74A9-AE59-4CE6-9F48-1433BB87A5AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{DEE85C40-B346-4261-9D5C-94689E68D240}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD8016A2-8BB0-4705-8D0C-09F94BED45E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0007C28D-ECB3-4C9B-9C45-7C42FF783D4F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{00E9544A-3934-4BEE-AD5B-1B9084E969BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0FCF0EF2-71A2-4578-AA91-B26027660108}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1AA9CE94-1A65-45FD-AD2E-AEB8FAF72A3B}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{21876746-8E4D-4F79-BF98-80FB296DD27E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{24396C11-4828-44D4-84A6-B86A250A30A0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{29CD8620-737D-42E5-9756-664D89CF9B2E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{36687DC1-9E3A-42D8-AFBB-690FF570EC7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3D77FBA8-1338-4DD0-8130-9FAC428FA46B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{40CDC2E3-4730-4B75-AE84-4351D9C6240C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{428CEA07-A41B-42ED-A2B4-FC7DDF4384C4}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{433E88F9-BB92-4990-9E47-906BDE7397F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{593795DF-E61F-43E9-B631-E0D5D8284C86}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{62C1B8F7-2934-4220-80CE-AAD8F67C818B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{72A3CE9B-5B03-4CE2-8003-4AFA8F5B639D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{753171E7-A0EF-4C05-A3CC-DAA1FA76405B}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{762156E4-17C7-428B-BA2B-4361EEED806F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{79B1A032-58CD-486B-9589-0DC1BE2407FE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{7D2AFC70-8780-4FA2-927F-05FEE4CC0AF2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{82818434-B72D-4E6F-9344-0343605884C4}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{840CBE78-269B-42EF-8EE6-577D59CDE740}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F2E6182-7B08-4445-8432-E574EE617CF1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93109835-DE8C-4A0F-AF14-2F8C8BE83CE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93C576D7-CAE8-4F8D-9C9D-434BF7105B99}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{950BC468-4F8F-4900-AEBD-729C5376E2CC}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{95706BE2-4216-4AC6-BE23-988BAB5D2A08}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\microsoft flight\flight.exe |
"{964CE562-C30D-4304-BC27-DB6646AD8FE0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{97D1C206-1273-47D9-87E9-1358B64089C3}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{98C482AA-F780-4127-9B22-4FBE74B9FE57}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{9B4CC83A-A914-424B-8A36-7FCF8979F83B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DF906E0-C227-4336-AA53-1A46279F06CF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A5747F8E-877D-4C13-8DAB-50C6CC4AC604}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B709E10B-DCB1-415C-888C-A67F3B8CDD1F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BDF9D51B-2B1B-464E-9640-6A7DE7DBBC48}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C917146D-E438-4E38-8E48-0954E6CE786E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE43C66D-51BE-4E38-9CF9-C5233BD5E422}" = protocol=6 | dir=out | app=system |
"{D0054FCA-71C8-40BA-A9C4-F4078E7848A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0A0E89A-A15C-4DCD-9FCE-619DBD27AC5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EDBC6F28-661F-4728-B015-7824FBCE37C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0F2F43F-8839-488C-B871-EC1ED5533692}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F6D6F391-C1A9-43F4-A978-D154C5C9D466}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\microsoft flight\flight.exe |
"{F74853A3-397E-44B1-B37F-17DECDB02FE0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{F97314E0-DB0C-49DF-BA0B-37AE594A500B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4B8EC11E-5211-4F39-BD61-288F68932941}C:\program files\ultima online 2d\mapa\uoautomap\uoam.exe" = protocol=6 | dir=in | app=c:\program files\ultima online 2d\mapa\uoautomap\uoam.exe |
"TCP Query User{7B5A2E5E-7BCE-4EA4-97E0-E7F74765EF34}C:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\warcraft iii\war3.exe |
"TCP Query User{7BD602EE-CAF8-4C54-AE5D-1A2755AB9411}C:\program files\ninjatrader 7\bin\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files\ninjatrader 7\bin\ninjatrader.exe |
"TCP Query User{87D55048-84BA-43A7-9A95-F7F148117C3A}C:\warcraft iii\gproxy.exe" = protocol=6 | dir=in | app=c:\warcraft iii\gproxy.exe |
"TCP Query User{A54A07C2-D497-4C0A-BE35-9F10F97D7E48}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{D29EBE99-6B2F-4F2B-9EC5-381551375F03}C:\program files\qip 2012\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip 2012\qip.exe |
"TCP Query User{DA8888E7-ECE1-4C45-B8D7-BA12562A0CA0}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{3A0DDC29-695F-48B7-800F-3C10A31B2789}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{4E2522DE-3950-4FB7-A043-A36BD073E6E3}C:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\warcraft iii\war3.exe |
"UDP Query User{6CB95C6C-2E3E-4109-923E-F1E5DA5EE6A8}C:\program files\qip 2012\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip 2012\qip.exe |
"UDP Query User{98470793-EDB8-4E58-8682-A7F6C08093C4}C:\program files\ultima online 2d\mapa\uoautomap\uoam.exe" = protocol=17 | dir=in | app=c:\program files\ultima online 2d\mapa\uoautomap\uoam.exe |
"UDP Query User{A98FA7C8-4E7F-4AF5-945B-5E372D85A7E6}C:\warcraft iii\gproxy.exe" = protocol=17 | dir=in | app=c:\warcraft iii\gproxy.exe |
"UDP Query User{C06F97D6-BAC7-4A2A-B26B-B47907340CC8}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{CCD6A287-5E9E-473F-BB5A-95EDE1B6FEDC}C:\program files\ninjatrader 7\bin\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files\ninjatrader 7\bin\ninjatrader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C76A500-2852-4848-9555-1DB015ABD439}" = NinjaTrader 7
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{62C68336-B969-4097-B0BD-A3A0FBFD59C1}" = Mumble 1.2.3
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DD1E180-64EE-4595-A97F-33FA51E4588B}_is1" = DaemonicMU Season IV 1.65
"{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v4.4 build 1429
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E05BA620-C140-4B79-B3E1-DCEA883F685A}" = Nokia Firmware RM-247 APAC
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"1ClickDownload" = 1ClickDownloader
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Eurobattle.net1.26" = Eurobattle.net
"FreeCommander_is1" = FreeCommander 2009.02a
"Guard.Mail.ru" = Guard.ICQ
"HWiNFO32_is1" = HWiNFO32 Version 3.62
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 cs)" = Mozilla Firefox 13.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NSS" = NSS (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"rFactor" = rFactor (remove only)
"Steam App 203850" = Microsoft Flight
"Steam App 240" = Counter-Strike: Source
"UltimaOnline" = Ultima Online 2D
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.00 (32-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Poker 770" = Poker 770
"QIP 2012" = QIP 2012 4.0.7210
"QipGuard" = QIP Internet Guardian
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.6.2012 11:39:00 | Computer Name = pctc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu language
v prvku assemblyIdentity je neplatná.
Error - 22.6.2012 14:30:18 | Computer Name = pctc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.6.2012 14:30:18 | Computer Name = pctc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4235
Error - 22.6.2012 14:30:18 | Computer Name = pctc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4235
Error - 22.6.2012 14:54:41 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 22.6.2012 14:54:42 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 22.6.2012 14:54:42 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
Error - 22.6.2012 15:04:51 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 22.6.2012 15:04:51 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 22.6.2012 15:04:51 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
[ System Events ]
Error - 21.6.2012 14:24:51 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 21.6.2012 18:58:49 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 6:03:05 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 8:59:10 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 9:26:43 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 10:58:44 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 12:43:12 | Computer Name = pctc-PC | Source = Tcpip | ID = 4199
Description = Systém zjistil konflikt IP adresy 192.168.1.1 se systémem, jehož síťová
hardwarová adresa je 48-5B-39-BC-39-83. Síťové operace v systému mohou být přerušeny.
Error - 22.6.2012 14:44:44 | Computer Name = pctc-PC | Source = DCOM | ID = 10010
Description =
Error - 22.6.2012 14:48:35 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 14:59:25 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
< End of report >
OTL Extras logfile created on: 22.6.2012 21:03:59 - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\pctc\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,34% Memory free
4,00 Gb Paging File | 3,12 Gb Available in Paging File | 78,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,22 Gb Total Space | 55,50 Gb Free Space | 55,37% Space Free | Partition Type: NTFS
Drive O: | 48,73 Gb Total Space | 4,49 Gb Free Space | 9,22% Space Free | Partition Type: NTFS
Computer Name: PCTC-PC | User Name: pctc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ultima Online 2D\Mobifactor.Powermp3.1.17.key.code.generator\Mobifactor.Powermp3.1.17.key.code.generator.exe" = C:\Program Files\Ultima Online 2D\Mobifactor.Powermp3.1.17.key.code.generator\Mobifactor.Powermp3.1.17.key.code.generator.exe:*:Enabled:Mobifactor.Powermp3.1.17.key.code.generator -- (Windows (R) Codename Longhorn DDK provider)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DAF878E-9C87-40A7-A87E-9F7C74BFEFAC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{16E3A8EA-6DDB-4676-933B-A34CC93E332E}" = rport=445 | protocol=6 | dir=out | app=system |
"{2BB8F9AE-5351-4F97-9FB7-D8F0E0BF07F6}" = rport=138 | protocol=17 | dir=out | app=system |
"{2F7C0B50-A69F-4413-80DB-79DDB5A79418}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39DA4C30-2131-4FFB-86C1-BDBBBDDA7E22}" = lport=10243 | protocol=6 | dir=in | app=system |
"{45F55304-8423-4C39-BE7E-E5717857DB5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A4F607C-0E17-4D57-81FB-64B2F02FFEF6}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B9A4993-3150-4489-A790-6E685868C62B}" = lport=139 | protocol=6 | dir=in | app=system |
"{626160D1-3A5C-475C-BCF7-5199169C9FB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6266F6A9-5AAA-4B3D-A3A4-C61E581799CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D25931A-A49C-4D23-9BB3-5B1348BF77A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{833CFA9D-3B8C-4211-BD00-97F46EF90863}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85B8E7D9-3FE8-4FFE-88FC-C199D79B2570}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{88E63285-C640-4DC2-935A-BD4367B13665}" = rport=139 | protocol=6 | dir=out | app=system |
"{901B5FC9-3C1C-4D27-B362-1230D081DD76}" = rport=10243 | protocol=6 | dir=out | app=system |
"{95EA23FB-CE1A-48AE-996F-B6760D3B56BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B002CC09-0485-48E4-8873-9324A31748B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1A36F99-B558-4E8A-A557-4CDEA66002AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD6F74A9-AE59-4CE6-9F48-1433BB87A5AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{DEE85C40-B346-4261-9D5C-94689E68D240}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD8016A2-8BB0-4705-8D0C-09F94BED45E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0007C28D-ECB3-4C9B-9C45-7C42FF783D4F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{00E9544A-3934-4BEE-AD5B-1B9084E969BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0FCF0EF2-71A2-4578-AA91-B26027660108}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1AA9CE94-1A65-45FD-AD2E-AEB8FAF72A3B}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{21876746-8E4D-4F79-BF98-80FB296DD27E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{24396C11-4828-44D4-84A6-B86A250A30A0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{29CD8620-737D-42E5-9756-664D89CF9B2E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{36687DC1-9E3A-42D8-AFBB-690FF570EC7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3D77FBA8-1338-4DD0-8130-9FAC428FA46B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{40CDC2E3-4730-4B75-AE84-4351D9C6240C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{428CEA07-A41B-42ED-A2B4-FC7DDF4384C4}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{433E88F9-BB92-4990-9E47-906BDE7397F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{593795DF-E61F-43E9-B631-E0D5D8284C86}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{62C1B8F7-2934-4220-80CE-AAD8F67C818B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{72A3CE9B-5B03-4CE2-8003-4AFA8F5B639D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{753171E7-A0EF-4C05-A3CC-DAA1FA76405B}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{762156E4-17C7-428B-BA2B-4361EEED806F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{79B1A032-58CD-486B-9589-0DC1BE2407FE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{7D2AFC70-8780-4FA2-927F-05FEE4CC0AF2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{82818434-B72D-4E6F-9344-0343605884C4}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{840CBE78-269B-42EF-8EE6-577D59CDE740}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F2E6182-7B08-4445-8432-E574EE617CF1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93109835-DE8C-4A0F-AF14-2F8C8BE83CE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93C576D7-CAE8-4F8D-9C9D-434BF7105B99}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{950BC468-4F8F-4900-AEBD-729C5376E2CC}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{95706BE2-4216-4AC6-BE23-988BAB5D2A08}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\microsoft flight\flight.exe |
"{964CE562-C30D-4304-BC27-DB6646AD8FE0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{97D1C206-1273-47D9-87E9-1358B64089C3}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{98C482AA-F780-4127-9B22-4FBE74B9FE57}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{9B4CC83A-A914-424B-8A36-7FCF8979F83B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DF906E0-C227-4336-AA53-1A46279F06CF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A5747F8E-877D-4C13-8DAB-50C6CC4AC604}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B709E10B-DCB1-415C-888C-A67F3B8CDD1F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BDF9D51B-2B1B-464E-9640-6A7DE7DBBC48}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C917146D-E438-4E38-8E48-0954E6CE786E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE43C66D-51BE-4E38-9CF9-C5233BD5E422}" = protocol=6 | dir=out | app=system |
"{D0054FCA-71C8-40BA-A9C4-F4078E7848A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0A0E89A-A15C-4DCD-9FCE-619DBD27AC5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EDBC6F28-661F-4728-B015-7824FBCE37C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0F2F43F-8839-488C-B871-EC1ED5533692}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F6D6F391-C1A9-43F4-A978-D154C5C9D466}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\microsoft flight\flight.exe |
"{F74853A3-397E-44B1-B37F-17DECDB02FE0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{F97314E0-DB0C-49DF-BA0B-37AE594A500B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4B8EC11E-5211-4F39-BD61-288F68932941}C:\program files\ultima online 2d\mapa\uoautomap\uoam.exe" = protocol=6 | dir=in | app=c:\program files\ultima online 2d\mapa\uoautomap\uoam.exe |
"TCP Query User{7B5A2E5E-7BCE-4EA4-97E0-E7F74765EF34}C:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\warcraft iii\war3.exe |
"TCP Query User{7BD602EE-CAF8-4C54-AE5D-1A2755AB9411}C:\program files\ninjatrader 7\bin\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files\ninjatrader 7\bin\ninjatrader.exe |
"TCP Query User{87D55048-84BA-43A7-9A95-F7F148117C3A}C:\warcraft iii\gproxy.exe" = protocol=6 | dir=in | app=c:\warcraft iii\gproxy.exe |
"TCP Query User{A54A07C2-D497-4C0A-BE35-9F10F97D7E48}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{D29EBE99-6B2F-4F2B-9EC5-381551375F03}C:\program files\qip 2012\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip 2012\qip.exe |
"TCP Query User{DA8888E7-ECE1-4C45-B8D7-BA12562A0CA0}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{3A0DDC29-695F-48B7-800F-3C10A31B2789}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{4E2522DE-3950-4FB7-A043-A36BD073E6E3}C:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\warcraft iii\war3.exe |
"UDP Query User{6CB95C6C-2E3E-4109-923E-F1E5DA5EE6A8}C:\program files\qip 2012\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip 2012\qip.exe |
"UDP Query User{98470793-EDB8-4E58-8682-A7F6C08093C4}C:\program files\ultima online 2d\mapa\uoautomap\uoam.exe" = protocol=17 | dir=in | app=c:\program files\ultima online 2d\mapa\uoautomap\uoam.exe |
"UDP Query User{A98FA7C8-4E7F-4AF5-945B-5E372D85A7E6}C:\warcraft iii\gproxy.exe" = protocol=17 | dir=in | app=c:\warcraft iii\gproxy.exe |
"UDP Query User{C06F97D6-BAC7-4A2A-B26B-B47907340CC8}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{CCD6A287-5E9E-473F-BB5A-95EDE1B6FEDC}C:\program files\ninjatrader 7\bin\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files\ninjatrader 7\bin\ninjatrader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C76A500-2852-4848-9555-1DB015ABD439}" = NinjaTrader 7
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{62C68336-B969-4097-B0BD-A3A0FBFD59C1}" = Mumble 1.2.3
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DD1E180-64EE-4595-A97F-33FA51E4588B}_is1" = DaemonicMU Season IV 1.65
"{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v4.4 build 1429
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E05BA620-C140-4B79-B3E1-DCEA883F685A}" = Nokia Firmware RM-247 APAC
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"1ClickDownload" = 1ClickDownloader
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Eurobattle.net1.26" = Eurobattle.net
"FreeCommander_is1" = FreeCommander 2009.02a
"Guard.Mail.ru" = Guard.ICQ
"HWiNFO32_is1" = HWiNFO32 Version 3.62
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 cs)" = Mozilla Firefox 13.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NSS" = NSS (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"rFactor" = rFactor (remove only)
"Steam App 203850" = Microsoft Flight
"Steam App 240" = Counter-Strike: Source
"UltimaOnline" = Ultima Online 2D
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.00 (32-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Poker 770" = Poker 770
"QIP 2012" = QIP 2012 4.0.7210
"QipGuard" = QIP Internet Guardian
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.6.2012 11:39:00 | Computer Name = pctc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu language
v prvku assemblyIdentity je neplatná.
Error - 22.6.2012 14:30:18 | Computer Name = pctc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.6.2012 14:30:18 | Computer Name = pctc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4235
Error - 22.6.2012 14:30:18 | Computer Name = pctc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4235
Error - 22.6.2012 14:54:41 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 22.6.2012 14:54:42 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 22.6.2012 14:54:42 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
Error - 22.6.2012 15:04:51 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 22.6.2012 15:04:51 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 22.6.2012 15:04:51 | Computer Name = pctc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
[ System Events ]
Error - 21.6.2012 14:24:51 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 21.6.2012 18:58:49 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 6:03:05 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 8:59:10 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 9:26:43 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 10:58:44 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 12:43:12 | Computer Name = pctc-PC | Source = Tcpip | ID = 4199
Description = Systém zjistil konflikt IP adresy 192.168.1.1 se systémem, jehož síťová
hardwarová adresa je 48-5B-39-BC-39-83. Síťové operace v systému mohou být přerušeny.
Error - 22.6.2012 14:44:44 | Computer Name = pctc-PC | Source = DCOM | ID = 10010
Description =
Error - 22.6.2012 14:48:35 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
Error - 22.6.2012 14:59:25 | Computer Name = pctc-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Některé funkce řízení napájení při činnosti procesoru byly zakázány
z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.
< End of report >
Re: Prosím jen o preventivní kontrolu
Rozdeleni je v poradku 
Spustte znovu OTL
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
:otl IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10011&barid={DD35587C-B96D-11E1-A9C8-0011D8894EE8} IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={1F81FE4D-81D1-4B26-A4A0-27EB9332279E}&mid=d69c8953edc347d0a386d1589e6da71b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=pp015&pr=sa&d=2012-06-21 18:48:26&v=11.1.0.7&sap=hp IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112560&tt=060612_8_&babsrc=SP_ss&mntrId=8c82bbb90000000000000011d8894ee8 IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms} IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1F81FE4D-81D1-4B26-A4A0-27EB9332279E}&mid=d69c8953edc347d0a386d1589e6da71b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=pp015&pr=sa&d=2012-06-21 18:48:26&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE IE - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" [2012.05.30 17:16:49 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012.06.19 19:54:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.13 14:00:53 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\4fd880a65d11d@4fd880a65d156.info [2012.06.18 19:54:12 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com [2012.06.20 20:03:51 | 000,000,950 | ---- | M] () -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\searchplugins\icqplugin-1.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\searchplugins\icqplugin.xml O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O13 - gopher Prefix: missing O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O33 - MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\Shell - "" = AutoRun O33 - MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\Shell - "" = AutoRun [2012.06.19 19:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar [2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\0621bd8565ed8e77fe35192f3527d184\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0621bd8565ed8e77fe35192f3527d184\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\*.tmp files -> C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\*.tmp files -> C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\2c5f26fc6994205fab65ceaa269150ce\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2c5f26fc6994205fab65ceaa269150ce\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\*.tmp files -> C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\532a39d0c771c9f9d9c4f7d1043b2cdd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\532a39d0c771c9f9d9c4f7d1043b2cdd\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\5509430fd91377311302d36dd6297115\*.tmp files -> C:\Windows\SoftwareDistribution\Download\5509430fd91377311302d36dd6297115\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\577dc8de87ba1dc48034de2b5df64148\*.tmp files -> C:\Windows\SoftwareDistribution\Download\577dc8de87ba1dc48034de2b5df64148\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\67aac2ca3d16a4c232d51c161a21cc2f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\67aac2ca3d16a4c232d51c161a21cc2f\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\*.tmp files -> C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp files -> C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\*.tmp files -> C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\7b1940a7021dac42f195c0e65d9d65c8\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7b1940a7021dac42f195c0e65d9d65c8\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\7e447a3f1c4c7a5679cd9cc1c4d6b4b7\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7e447a3f1c4c7a5679cd9cc1c4d6b4b7\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\87c301b0a97efb0f746dbd46207063f2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\87c301b0a97efb0f746dbd46207063f2\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\97875b2c70acf6c807ca8ab6164148d5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\97875b2c70acf6c807ca8ab6164148d5\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\*.tmp files -> C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\a1715b29668ced55a2c85ca5cd2a1ce2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a1715b29668ced55a2c85ca5cd2a1ce2\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\a8196892bd76342cb950f681349dae19\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a8196892bd76342cb950f681349dae19\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\abfadd8eb7aca92614a050a72b9598ff\*.tmp files -> C:\Windows\SoftwareDistribution\Download\abfadd8eb7aca92614a050a72b9598ff\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\b9d8c43f9c432dead199ceb161398297\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b9d8c43f9c432dead199ceb161398297\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\cefa2cef91fb0871957226952420cd7a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\cefa2cef91fb0871957226952420cd7a\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp -> ] [2 C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\f93b9f3a461843093b394763232dab93\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f93b9f3a461843093b394763232dab93\*.tmp -> ] [1 C:\Windows\SoftwareDistribution\Download\fb203e4b2a21f7dd2993137e2126ff55\*.tmp files -> C:\Windows\SoftwareDistribution\Download\fb203e4b2a21f7dd2993137e2126ff55\*.tmp -> ] [2012.06.22 16:59:02 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012.06.22 21:00:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.06.22 16:58:54 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.06.22 16:58:55 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job :services Guard.Mail.ru :reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "PlayNC Launcher"=- ""=- "MSIDLL"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] :files C:\Program Files\ICQ6Toolbar %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Nasledne kliknete na Opravit
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím jen o preventivní kontrolu
prosím o radu nějaký antivir co nezatěžuje systém a free , děkuji
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/ResultsExt.as ... ource=2&q=" removed from keyword.URL
Prefs.js: "http://search.sweetim.com/search.asp?src=2&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\4fd880a65d11d@4fd880a65d156.info\content folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\4fd880a65d11d@4fd880a65d156.info folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\ not found.
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\0621bd8565ed8e77fe35192f3527d184\BIT5290.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\BITD9F9.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\BIT9F64.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\2c5f26fc6994205fab65ceaa269150ce\BIT4DC8.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\BIT418C.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\BIT8F26.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\BIT9C2E.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\532a39d0c771c9f9d9c4f7d1043b2cdd\BIT3F45.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\5509430fd91377311302d36dd6297115\BIT1D42.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\577dc8de87ba1dc48034de2b5df64148\BIT2BAA.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\67aac2ca3d16a4c232d51c161a21cc2f\BIT212E.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\BIT140.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\BIT39D1.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\BITD0FC.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\BIT37CC.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\7b1940a7021dac42f195c0e65d9d65c8\BIT4EA4.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\7e447a3f1c4c7a5679cd9cc1c4d6b4b7\BIT2353.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\87c301b0a97efb0f746dbd46207063f2\BITC976.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\BIT6E08.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\BIT70A1.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\97875b2c70acf6c807ca8ab6164148d5\BIT2A12.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\BIT2875.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\BIT1429.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\BIT4C3F.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\BITB4F7.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a1715b29668ced55a2c85ca5cd2a1ce2\BIT3C06.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a8196892bd76342cb950f681349dae19\BIT3E5A.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\BITA308.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\BIT848E.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\abfadd8eb7aca92614a050a72b9598ff\BIT35C5.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\BITE7DB.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\BIT2ADE.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\b9d8c43f9c432dead199ceb161398297\BIT5831.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\BIT6EEB.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\cefa2cef91fb0871957226952420cd7a\BIT248E.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\BIT12DE.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\BIT1FC5.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\BIT390B.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\f93b9f3a461843093b394763232dab93\BIT33EF.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\fb203e4b2a21f7dd2993137e2126ff55\BIT4321.tmp deleted successfully.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== SERVICES/DRIVERS ==========
Service Guard.Mail.ru stopped successfully!
Service Guard.Mail.ru deleted successfully!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSIDLL not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk\ deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\ICQ6Toolbar not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: pctc
->Temp folder emptied: 62387193 bytes
->Temporary Internet Files folder emptied: 2701057 bytes
->FireFox cache emptied: 77131911 bytes
->Flash cache emptied: 1011 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 113713 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 136,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: pctc
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.51.0 log created on 06232012_095637
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1301754893-1287375585-1057014856-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/ResultsExt.as ... ource=2&q=" removed from keyword.URL
Prefs.js: "http://search.sweetim.com/search.asp?src=2&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\4fd880a65d11d@4fd880a65d156.info\content folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\4fd880a65d11d@4fd880a65d156.info folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\pctc\AppData\Roaming\Mozilla\Firefox\Profiles\hdu7ufeu.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Users\pctc\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1301754893-1287375585-1057014856-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81521c1f-a7e8-11e1-b4cb-0011d8894ee8}\ not found.
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\0621bd8565ed8e77fe35192f3527d184\BIT5290.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\06da3cdfb0050a98275d69640d835b95\BITD9F9.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\292cecf341b10250b33cd9bf744327c7\BIT9F64.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\2c5f26fc6994205fab65ceaa269150ce\BIT4DC8.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\34fc32d3cc6bfb7a80cc4aa990e61be4\BIT418C.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a285d24f6223d1d2ab38f3148913cc0\BIT8F26.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\3a5787cf7a6a7ef85605467894d2c81f\BIT9C2E.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\532a39d0c771c9f9d9c4f7d1043b2cdd\BIT3F45.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\5509430fd91377311302d36dd6297115\BIT1D42.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\577dc8de87ba1dc48034de2b5df64148\BIT2BAA.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\67aac2ca3d16a4c232d51c161a21cc2f\BIT212E.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\6af852a1958ec458a83c008f772add02\BIT140.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\BIT39D1.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\7261cb1455493726a09f1d3fceb822f6\BITD0FC.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\79503a7502d1ed9c9a2120e88c7c6964\BIT37CC.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\7b1940a7021dac42f195c0e65d9d65c8\BIT4EA4.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\7e447a3f1c4c7a5679cd9cc1c4d6b4b7\BIT2353.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\87c301b0a97efb0f746dbd46207063f2\BITC976.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\BIT6E08.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\BIT70A1.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\97875b2c70acf6c807ca8ab6164148d5\BIT2A12.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\989d58d49fb412d4e0300b104cf77e03\BIT2875.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\9995216a525c0d082222dc1b933f8042\BIT1429.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\9ae11229564459b318db220d0d172016\BIT4C3F.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\9d9673ae73d88410844524d14cadbf18\BITB4F7.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a1715b29668ced55a2c85ca5cd2a1ce2\BIT3C06.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a8196892bd76342cb950f681349dae19\BIT3E5A.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\a8e12e4a38aa5b6d76ef8455d6f63b2e\BITA308.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\a91aea70f320822e874199d90f084521\BIT848E.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\abfadd8eb7aca92614a050a72b9598ff\BIT35C5.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\b21037e6d8f433d1d9e9b35c1325c3ea\BITE7DB.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\BIT2ADE.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\b9d8c43f9c432dead199ceb161398297\BIT5831.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\c77e984815555ef0e7db49969e5d8531\BIT6EEB.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\cefa2cef91fb0871957226952420cd7a\BIT248E.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\BIT12DE.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\BIT1FC5.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\e9551aec026b37c28ef7729272c5864b\BIT390B.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\f93b9f3a461843093b394763232dab93\BIT33EF.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\fb203e4b2a21f7dd2993137e2126ff55\BIT4321.tmp deleted successfully.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== SERVICES/DRIVERS ==========
Service Guard.Mail.ru stopped successfully!
Service Guard.Mail.ru deleted successfully!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSIDLL not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk\ deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\ICQ6Toolbar not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: pctc
->Temp folder emptied: 62387193 bytes
->Temporary Internet Files folder emptied: 2701057 bytes
->FireFox cache emptied: 77131911 bytes
->Flash cache emptied: 1011 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 113713 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 136,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: pctc
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.51.0 log created on 06232012_095637
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Re: Prosím jen o preventivní kontrolu
Z free AV mohu doporucit Avast ci Aviru(ta je bohuzel anglicky), ale Avast bych zvolit radeji 
AVG je zrout systemu a jeste s docela slabou detekci 
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím jen o preventivní kontrolu
Děkuji a přeji pěkný den.
Re: Prosím jen o preventivní kontrolu
Nemate zac, rado se stalo 
pekny zbytek vikendu i Vam
pekny zbytek vikendu i Vam
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?