Vir na flash disku.

Zpráva

Majki27 · #1 Příspěvek od **Majki27** » 06 zář 2012 12:14

Dobrý den, je to zhruba týden, co jsem zřejmě strčil flešku kam jsem neměl a pravděpodobně si do PC zatáhl vir. Po otevření flash disku se mi tamní složky změnily na zástupce, které nejdou otevřít. Při rozkliknutí těchto zástupců složek se objeví hláška:"Systém Windows nemůže nalézt H:\RECYCLER\0xA25D5DBD.exe. Přesvěčte se, zda je název zadán správně, a akci opakujte. Pro hledání souboru klepněte na tlačítko Start a pak na položku Hledat." To samé se mi stalo při "zapíchnutí" digitálního foťáku do PC.

Googlil jsem a zavedlo mě to sem tak prosím o pomoc.

Jestli vám to pomůže tenhle pán měl stejný problém ------> http://forum.viry.cz/viewtopic.php?f=13&t=112308

#2 Příspěvek od **vyosek** » 06 zář 2012 14:10

Zdravim

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

#3 Příspěvek od **vyosek** » 15 zář 2012 03:27

Jak to tu vypada

Pokud nebude zde vyvijena nejaka cinnost - bude tema na zaklade Pravidla o zamykani temat

Majki27 · #4 Příspěvek od **Majki27** » 25 zář 2012 10:16

Zdravim omlouuvam se za spozdeni ale nemel sem pristup k pc.

Log s usbfixu

############################## | UsbFix 7.059 | [Deletion]

User: Michal (Administrator) # MICHAL-HP [Hewlett-Packard p6-2004cs]
Updated 16/09/2011 by El Desaparecido
Started at 11:03:11 | 25/09/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

CPU: AMD A8-3820 APU with Radeon(tm) HD Graphics
CPU 2: AMD A8-3820 APU with Radeon(tm) HD Graphics
Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 9.0.8112.16421

Windows Firewall: Enabled
RAM -> 3571 Mb
C:\ (%systemdrive%) -> Fixed drive # 452 Gb (313 Mb free - 69%) [OS] # NTFS
D:\ -> Fixed drive # 13 Gb (2 Mb free - 12%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> Removable drive # 982 Mb (871 Mb free - 89%) [] # FAT

################## | Files # Infected Folders |

Deleted ! H:\2577.lnk
Deleted ! H:\CellDB.lnk
Deleted ! H:\Locality.lnk
Deleted ! H:\MP3.lnk
Deleted ! H:\WMDRM.lnk
Deleted ! H:\MSMETADATA.lnk
Deleted ! C:\Users\Michal\AppData\Local\Temp\AutoRun.exe
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-2907856862-3694389842-1000245825-500
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-4104658914-801406617-3508022457-1000
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-4104658914-801406617-3508022457-500
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-4104658914-801406617-3508022457-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-4104658914-801406617-3508022457-500

(!) Temporary files deleted.

################## | Registry |

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{2a8b9275-b526-11e1-abb2-e840f20c9e39}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a3b87c9e-7d5e-11e1-8b18-e840f20c9e39}

################## | Listing |

[25/09/2012 - 11:05:49 | SHD ] C:\$RECYCLE.BIN
[11/02/2011 - 19:00:42 | N | 8192] C:\BOOTSECT.BAK
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[25/09/2012 - 10:24:38 | ASH | 2808225792] C:\hiberfil.sys
[23/02/2012 - 14:30:06 | D ] C:\hp
[09/07/2012 - 16:41:23 | N | 0] C:\icon_3122500059
[23/02/2012 - 13:29:47 | N | 0] C:\OS
[25/09/2012 - 10:24:39 | ASH | 3744305152] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[23/08/2012 - 15:41:14 | D ] C:\Program Files
[25/09/2012 - 11:01:26 | D ] C:\Program Files (x86)
[08/09/2012 - 10:54:15 | HD ] C:\ProgramData
[11/02/2011 - 21:24:35 | SHD ] C:\Recovery
[25/09/2012 - 11:01:40 | D ] C:\rsit
[29/03/2012 - 23:51:25 | D ] C:\SWSETUP
[22/09/2012 - 20:57:20 | SHD ] C:\System Volume Information
[29/03/2012 - 23:51:20 | D ] C:\SYSTEM.SAV
[22/08/2012 - 22:22:00 | N | 209269] C:\torrent.exe
[25/09/2012 - 11:05:49 | D ] C:\UsbFix
[25/09/2012 - 11:03:24 | A | 2702] C:\UsbFix.txt
[29/03/2012 - 23:47:34 | D ] C:\Users
[02/09/2012 - 09:49:03 | D ] C:\Windows
[25/09/2012 - 11:05:49 | SHD ] D:\$RECYCLE.BIN
[29/03/2012 - 23:47:29 | D ] D:\boot
[20/11/2010 - 08:40:07 | ASH | 383786] D:\bootmgr
[29/03/2012 - 23:47:28 | N | 0] D:\BT_HP.FLG
[23/02/2012 - 15:12:27 | N | 490] D:\CSP.DAT
[23/02/2012 - 15:25:09 | N | 13229] D:\DeployRp.log
[15/04/2012 - 14:44:10 | D ] D:\hp
[06/04/2012 - 11:37:34 | N | 20] D:\HPSF_Rep.txt
[29/03/2012 - 23:51:16 | N | 8] D:\HP_WSD.dat
[29/03/2012 - 23:47:11 | N | 44] D:\language.ini
[29/03/2012 - 23:47:29 | D ] D:\preload
[29/03/2012 - 23:47:29 | SD ] D:\Recovery
[23/02/2012 - 15:25:09 | N | 0] D:\RPCONFIG.LOG
[01/07/2012 - 20:50:29 | SHD ] D:\System Volume Information
[01/01/2000 - 00:03:14 | D ] H:\2577
[01/01/2000 - 00:04:00 | D ] H:\CellDB
[01/01/2000 - 00:04:18 | D ] H:\Locality
[01/01/2000 - 00:04:34 | D ] H:\MP3
[30/11/2007 - 18:07:38 | D ] H:\WMDRM
[20/04/2011 - 21:10:54 | D ] H:\MSMETADATA
[01/01/2000 - 00:04:36 | N | 41744] H:\PST_manual.txt
[02/09/2012 - 09:25:10 | D ] H:\Storage Card

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
H:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)

A log s RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal at 2012-09-25 11:14:54
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 321 GB (69%) free of 463 GB
Total RAM: 3571 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:57, on 25.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Michal\Downloads\RSIT (1).exe
C:\Program Files (x86)\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESL Wire Helper Service (EslWireHelper) - Unknown owner - C:\Program Files\EslWire\service\WireHelperSvc.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12320 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForMICHAL-HP$.job
C:\Windows\tasks\HPCeeScheduleForMichal.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\15hlbxs9.default

prefs.js - "browser.startup.homepage" - "http://www.google.com"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\15hlbxs9.default\extensions\
plugin@yontoo.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-16 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-06-28 1162352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-16 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo - C:\Program Files (x86)\Yontoo\YontooIEClient.dll [2012-08-11 194928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02 1089288]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2011-08-17 1055808]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-06-28 1162352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-06-30 336384]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-09 54576]
""= []
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-02 1155928]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2011-05-17 61112]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2011-05-06 658424]
"Guard.Mail.ru.gui"=C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [2012-04-11 1564368]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-04-04 843712]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-06-28 4273976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2012-08-04 1353080]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-03 742264]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"ICQ"=C:\Program Files (x86)\ICQ7.7\ICQ.exe [2012-04-11 127040]
"ESL Wire"=C:\Program Files\EslWire\wire.exe [2012-09-04 4061696]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2012-02-23 52920]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-09-25 11:06:36 ----RASHD---- C:\Autorun.inf
2012-09-25 11:03:04 ----D---- C:\UsbFix
2012-09-25 11:03:04 ----A---- C:\UsbFix.txt
2012-09-25 11:01:26 ----D---- C:\rsit
2012-09-25 11:01:26 ----D---- C:\Program Files (x86)\trend micro
2012-09-22 20:57:41 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 20:57:40 ----A---- C:\Windows\SysWOW64\vbscript.dll
2012-09-22 20:57:40 ----A---- C:\Windows\SysWOW64\url.dll
2012-09-22 20:57:40 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 20:57:40 ----A---- C:\Windows\SysWOW64\ieui.dll
2012-09-22 20:57:39 ----A---- C:\Windows\SysWOW64\urlmon.dll
2012-09-22 20:57:39 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 20:57:38 ----A---- C:\Windows\SysWOW64\wininet.dll
2012-09-22 20:57:38 ----A---- C:\Windows\SysWOW64\jscript9.dll
2012-09-22 20:57:38 ----A---- C:\Windows\SysWOW64\jscript.dll
2012-09-22 20:57:37 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 20:57:37 ----A---- C:\Windows\SysWOW64\iertutil.dll
2012-09-22 20:57:36 ----A---- C:\Windows\SysWOW64\mshtml.dll
2012-09-22 20:57:34 ----A---- C:\Windows\SysWOW64\ieframe.dll
2012-09-18 22:49:40 ----RD---- C:\Program Files (x86)\Skype
2012-09-18 22:49:40 ----D---- C:\Program Files (x86)\Common Files\Skype
2012-09-16 21:59:26 ----A---- C:\Windows\SysWOW64\shoD66E.tmp
2012-09-12 09:54:08 ----A---- C:\Windows\SysWOW64\d3d10level9.dll
2012-09-08 10:54:25 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2012-09-08 10:54:15 ----D---- C:\ProgramData\Skype
2012-09-04 15:53:52 ----A---- C:\Windows\SysWOW64\sho961D.tmp
2012-09-02 09:49:03 ----D---- C:\Windows\WindowsMobile
2012-08-30 23:58:58 ----A---- C:\Windows\SysWOW64\sho48AD.tmp
2012-08-28 21:29:23 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll
2012-08-28 21:29:23 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll
2012-08-28 21:29:23 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-08-28 21:26:35 ----D---- C:\Windows\SysWOW64\URTTEMP

======List of files/folders modified in the last 1 month======

2012-09-25 11:14:56 ----D---- C:\Windows\Temp
2012-09-25 11:05:49 ----SHD---- C:\$RECYCLE.BIN
2012-09-25 11:01:26 ----D---- C:\Program Files (x86)
2012-09-25 11:00:53 ----D---- C:\Windows\System32
2012-09-25 11:00:53 ----D---- C:\Windows\inf
2012-09-25 10:26:04 ----D---- C:\Users\Michal\AppData\Roaming\uTorrent
2012-09-25 10:25:54 ----D---- C:\Users\Michal\AppData\Roaming\ICQ
2012-09-25 10:25:10 ----D---- C:\ProgramData\PDFC
2012-09-25 10:24:58 ----D---- C:\Program Files (x86)\Steam
2012-09-24 23:36:19 ----D---- C:\Program Files (x86)\Warcraft III
2012-09-23 18:42:40 ----D---- C:\Windows\winsxs
2012-09-23 18:41:59 ----D---- C:\Windows\SysWOW64\migration
2012-09-23 18:41:59 ----D---- C:\Windows\SysWOW64
2012-09-23 18:41:59 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-22 20:57:20 ----SHD---- C:\System Volume Information
2012-09-21 10:57:04 ----D---- C:\Windows\Tasks
2012-09-21 10:55:26 ----D---- C:\Users\Michal\AppData\Roaming\HpUpdate
2012-09-21 10:55:26 ----D---- C:\Users\Michal\AppData\Roaming\HP Support Assistant
2012-09-18 22:49:44 ----SHD---- C:\Windows\Installer
2012-09-18 22:49:40 ----D---- C:\Program Files (x86)\Common Files
2012-09-18 22:48:22 ----D---- C:\Users\Michal\AppData\Roaming\SoftGrid Client
2012-09-18 14:47:06 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2012-09-15 21:06:18 ----D---- C:\Windows\Prefetch
2012-09-11 12:07:47 ----D---- C:\Users\Michal\AppData\Roaming\FreeBurner
2012-09-08 21:46:16 ----D---- C:\Program Files (x86)\Common Files\Steam
2012-09-08 10:54:15 ----HD---- C:\ProgramData
2012-09-02 09:50:09 ----SD---- C:\ProgramData\Microsoft
2012-09-02 09:49:03 ----D---- C:\Windows
2012-08-28 21:28:21 ----D---- C:\Windows\Registration
2012-08-28 21:28:06 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-28 21:27:13 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\drivers\amd_sata.sys []
R0 amd_xata;amd_xata; C:\Windows\system32\drivers\amd_xata.sys []
R0 aswNdis;avast! Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\aswNdis.sys []
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\Windows\SysWOW64\drivers\aswNdis2.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 aswFW;avast! TDI Firewall driver; C:\Windows\SysWOW64\drivers\aswFW.sys []
R1 aswKbd;aswKbd; C:\Windows\SysWOW64\drivers\aswKbd.sys []
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 ESLWireAC;ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys []
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys []
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys []
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys []
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\drivers\usbfilter.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-06-28 44808]
R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-06-28 133912]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-22 2286976]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 EslWireHelper;ESL Wire Helper Service; C:\Program Files\EslWire\service\WireHelperSvc.exe [2012-09-04 678416]
S2 ezSharedSvc;Easybits Services for Windows; C:\Windows\System32\ezSharedSvcHost.exe [2010-04-23 514232]
S2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [2012-04-11 1564368]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 116648]
S2 HPAuto;HP Auto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568]
S2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
S2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
S2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 116648]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-03-28 799800]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-11-19 4925184]
S3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-09-08 529744]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Majki27 · #5 Příspěvek od **Majki27** » 25 zář 2012 11:02

#6 Příspěvek od **vyosek** » 25 zář 2012 12:25

Zdravim

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Majki27 · #7 Příspěvek od **Majki27** » 25 zář 2012 13:05

OTL logfile created on: 9/25/2012 1:39:31 PM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Michal\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.49 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 32.75% Memory free
6.97 Gb Paging File | 4.20 Gb Available in Paging File | 60.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.29 Gb Total Space | 313.51 Gb Free Space | 69.32% Space Free | Partition Type: NTFS
Drive D: | 13.37 Gb Total Space | 1.65 Gb Free Space | 12.33% Space Free | Partition Type: NTFS

Computer Name: MICHAL-HP | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012/09/25 13:36:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michal\Downloads\OTL.exe
PRC - [2012/09/21 19:37:43 | 000,086,077 | ---- | M] (Valve) -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\hl.exe
PRC - [2012/09/08 10:52:19 | 000,071,464 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\GameOverlayUI.exe
PRC - [2012/09/08 10:52:07 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/08/30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/08/04 09:05:52 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/06/28 14:51:53 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/28 14:51:51 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/06/28 14:51:48 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/03/19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/25 13:23:07 | 000,053,248 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\voice_miles.dll
MOD - [2012/09/25 13:22:57 | 000,535,552 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\platform\servers\serverbrowser.dll
MOD - [2012/09/25 13:22:57 | 000,258,106 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\Core.dll
MOD - [2012/09/25 13:22:57 | 000,090,112 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\DemoPlayer.dll
MOD - [2012/09/25 13:22:56 | 001,074,496 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\cstrike\cl_dlls\client.dll
MOD - [2012/09/25 13:22:56 | 000,245,819 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\vgui2.dll
MOD - [2012/09/25 13:22:53 | 000,155,232 | -H-- | M] () -- C:\Users\Michal\AppData\Local\Temp\~5289.tmp
MOD - [2012/09/21 19:37:44 | 001,840,440 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\hw.dll
MOD - [2012/09/21 19:37:44 | 000,845,112 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\valve\cl_dlls\GameUI.dll
MOD - [2012/09/21 19:37:44 | 000,351,744 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\Mss32.dll
MOD - [2012/09/21 19:37:44 | 000,344,064 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\tier0.dll
MOD - [2012/09/21 19:37:44 | 000,161,792 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\Mssv29.asi
MOD - [2012/09/21 19:37:44 | 000,142,848 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\Mssv12.asi
MOD - [2012/09/21 19:37:44 | 000,125,952 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\Mp3dec.asi
MOD - [2012/09/21 19:37:44 | 000,122,974 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\FileSystem_Steam.dll
MOD - [2012/09/21 19:37:44 | 000,081,920 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\valve\cl_dlls\particleman.dll
MOD - [2012/09/21 19:37:43 | 000,352,256 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\vgui.dll
MOD - [2012/09/08 10:52:07 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/09/08 10:52:06 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/09/08 10:52:06 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/09/08 10:52:06 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/09/08 10:52:06 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/30 04:58:44 | 012,237,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/30 04:57:27 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/30 04:57:26 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll

========== Services (SafeList) ==========

SRV - [2012/09/08 10:52:07 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/11 12:43:19 | 001,564,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/06 02:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/02 07:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 23:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 23:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://cs.wikipedia.org/wiki/Special:Se ... earchTerms}
IE - HKLM\..\SearchScopes\{E54EED88-732F-4E07-88B3-7CF68B43C242}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://cs.wikipedia.org/wiki/Special:Se ... earchTerms}
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\{E54EED88-732F-4E07-88B3-7CF68B43C242}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1451

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/01 21:04:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 21:28:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/25 21:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Extensions
[2012/08/24 18:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\15hlbxs9.default\extensions
[2012/08/24 18:21:42 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\15hlbxs9.default\extensions\plugin@yontoo.com
[2012/04/25 21:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/01 21:04:37 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/21 05:17:43 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2012/04/21 05:17:43 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2012/04/21 05:17:44 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2012/04/21 05:17:44 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012/04/21 05:17:44 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1451_0\
CHR - Extension: FlashControl = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.15_0\
CHR - Extension: Yontoo = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
CHR - Extension: Gmail = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4104658914-801406617-3508022457-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4104658914-801406617-3508022457-1000..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKU\S-1-5-21-4104658914-801406617-3508022457-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4104658914-801406617-3508022457-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4104658914-801406617-3508022457-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{453AD3EC-1B63-4178-8B32-CBB9ECE0957C}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/25 11:52:48 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/09/25 11:52:48 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012/09/25 11:52:48 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2012/09/25 11:03:04 | 000,000,000 | ---D | C] -- C:\UsbFix
[2012/09/25 11:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2012/09/25 11:01:26 | 000,000,000 | ---D | C] -- C:\rsit
[2012/09/22 20:57:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 20:57:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 20:57:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 20:57:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 20:57:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 20:57:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/18 22:49:40 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/09/18 22:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/18 22:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012/09/25 13:41:00 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/09/25 13:12:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/25 10:24:51 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/25 10:24:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/25 10:24:38 | 2808,225,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/24 20:13:34 | 003,860,269 | ---- | M] () -- C:\Users\Michal\Desktop\cs.rar
[2012/09/22 14:15:38 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMichal.job
[2012/09/18 22:49:40 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/25 13:41:00 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/08/28 21:28:18 | 000,000,094 | ---- | C] () -- C:\Users\Michal\AppData\Local\fusioncache.dat
[2012/05/26 09:17:54 | 000,024,315 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012/04/27 11:18:23 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/04/15 20:05:59 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL
[2012/04/15 20:05:58 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012/03/29 23:44:19 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/02/23 14:18:49 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2012/02/23 14:04:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/23 14:00:48 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/11 09:45:16 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/11 19:15:43 | 001,629,694 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/03 14:00:31 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
[2012/09/11 12:07:47 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\FreeBurner
[2012/09/25 10:25:54 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ICQ
[2012/04/18 14:04:47 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Leadertech
[2012/05/20 14:42:04 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Shifters Admin Reason
[2012/09/18 22:48:22 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\SoftGrid Client
[2012/05/31 17:24:23 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TeamViewer
[2012/08/23 15:42:03 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TP
[2012/03/31 14:01:16 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TS3Client
[2012/09/25 10:26:04 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\uTorrent
[2012/04/07 16:23:30 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,626 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/29 23:51:22 | 000,000,336 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForMichal.job
[2012/03/29 23:54:24 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/03/29 23:54:24 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 10:07:34 | 000,000,344 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForMICHAL-HP$.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2012/02/23 13:56:23 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/02/23 13:56:23 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/02/23 13:56:23 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/02/23 13:56:23 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/02/23 13:56:23 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/02/23 13:56:23 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010/11/21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/09/29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/08/22 20:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012/03/30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2012/02/23 13:53:05 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2012/03/30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2012/02/23 13:53:05 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2012/08/22 20:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/08/22 20:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011/09/29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[25 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp -> ]
[3 C:\Windows\SysWOW64\*.tmp files -> C:\Windows\SysWOW64\*.tmp -> ]
[1 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\*.tmp files -> C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\*.tmp -> ]
[3 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp files -> C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2012/08/22 22:22:00 | 000,209,269 | ---- | M] () -- C:\torrent.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/04/25 21:07:41 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Adobe
[2012/03/29 23:53:27 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ATI
[2012/04/03 13:56:38 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\CyberLink
[2012/04/03 14:00:31 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
[2012/09/11 12:07:47 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\FreeBurner
[2012/04/23 10:16:21 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Hewlett-Packard
[2012/09/21 10:55:26 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\HP Support Assistant
[2012/04/07 16:26:16 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\hpqLog
[2012/09/21 10:55:26 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\HpUpdate
[2012/09/25 10:25:54 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ICQ
[2012/03/29 23:51:35 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Identities
[2012/04/18 14:04:47 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Leadertech
[2012/03/29 23:53:59 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Macromedia
[2010/11/21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Media Center Programs
[2012/09/18 14:47:06 | 000,000,000 | --SD | M] -- C:\Users\Michal\AppData\Roaming\Microsoft
[2012/04/25 21:28:28 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Mozilla
[2012/05/20 14:42:04 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Shifters Admin Reason
[2012/09/25 11:02:31 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Skype
[2012/09/18 22:48:22 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\SoftGrid Client
[2012/05/31 17:24:23 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TeamViewer
[2012/08/23 15:42:03 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TP
[2012/03/31 14:01:16 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\TS3Client
[2012/09/25 10:26:04 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\uTorrent
[2012/04/27 11:18:50 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Ventrilo
[2012/04/07 16:23:30 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\WinBatch
[2012/03/30 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2012/09/25 10:24:51 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/09/25 13:12:00 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/08/27 09:43:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\HPCeeScheduleForMICHAL-HP$.job
[2012/09/22 14:15:38 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\HPCeeScheduleForMichal.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2012/08/22 22:22:00 | 000,209,269 | ---- | M] () -- C:\torrent.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Steam" = "C:\Program Files (x86)\Steam\steam.exe" -silent -- [2012/08/04 09:05:52 | 001,353,080 | ---- | M] (Valve Corporation)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2012/02/13 10:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd)
"uTorrent" = "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED -- [2012/04/03 16:14:39 | 000,742,264 | ---- | M] (BitTorrent, Inc.)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010/11/21 05:24:51 | 001,475,584 | ---- | M] (Microsoft Corporation)
"ICQ" = "C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4 -- [2012/04/11 12:34:21 | 000,127,040 | ---- | M] (ICQ, LLC.)
"ESL Wire" = "C:\Program Files\EslWire\wire.exe" --tray -- [2012/09/04 14:06:36 | 004,061,696 | ---- | M] (Turtle Entertainment GmbH)
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2012/07/13 13:33:24 | 017,418,928 | R--- | M] (Skype Technologies S.A.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012/04/21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) MD5=4F69AABB5D82AA4EF6DFF7871212ADF6 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012/08/24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2012/08/30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) MD5=2E17E8CD4D77BF831AC5F8C2C49233C7 -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012/09/25 13:41:00 | 000,000,512 | ---- | M] () MD5=C678A46B1BBE23BD349880F894610CCC -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012/05/20 14:54:04 | 000,012,878 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\cstrike_czech\sound\misc\cracker1.wav
[2012/04/03 17:24:48 | 000,000,591 | ---- | M] () -- \Users\Michal\AppData\Roaming\Microsoft\Windows\Recent\FIFA.12.Crack.Only-RELOADED.lnk
[2012/05/21 12:38:41 | 000,000,649 | ---- | M] () -- \Users\Michal\AppData\Roaming\Microsoft\Windows\Recent\WARCRAFT-3-CRACK+SERIAL.lnk
[2012/04/03 17:19:34 | 000,000,750 | ---- | M] () -- \Users\Michal\AppData\Roaming\uTorrent\FIFA 12 - RELOADED CRACK only.torrent
[2012/04/03 17:31:45 | 000,014,231 | ---- | M] () -- \Users\Michal\AppData\Roaming\uTorrent\Fifa 12 Crack.torrent
[2012/04/03 17:24:00 | 000,009,917 | ---- | M] () -- \Users\Michal\AppData\Roaming\uTorrent\FIFA.12.Crack.Only-RELOADED.torrent
[2012/04/18 13:55:20 | 005,074,474 | ---- | M] () -- \Users\Michal\Downloads\CRACK-+CD-key-fifa-10.rar
[2012/04/03 14:11:47 | 006,898,245 | ---- | M] () -- \Users\Michal\Downloads\Crack-pre-FIFA-08.rar
[2012/04/16 17:26:33 | 026,056,253 | ---- | M] () -- \Users\Michal\Downloads\CRACK.rar
[2012/05/11 11:10:46 | 001,889,057 | ---- | M] () -- \Users\Michal\Downloads\FIFA-07-NO-CD-Crack.rar
[2012/04/18 14:10:51 | 003,006,537 | ---- | M] () -- \Users\Michal\Downloads\Fifa_10_Crack_and_Keygen_Razor1911_btarena.rar
[2012/05/21 12:38:23 | 063,523,984 | ---- | M] () -- \Users\Michal\Downloads\WARCRAFT-3-CRACK+SERIAL.zip

< *keygen* /s >
[2012/04/18 14:10:51 | 003,006,537 | ---- | M] () -- \Users\Michal\Downloads\Fifa_10_Crack_and_Keygen_Razor1911_btarena.rar

< *loader* /s >
[2009/02/23 22:08:04 | 000,007,380 | ---- | M] () -- \Program Files (x86)\EA Sports\FIFA 10\osdkdata\external\ion_sports07\fw\commonLoader.big
[2009/02/23 22:08:36 | 000,000,288 | ---- | M] () -- \Program Files (x86)\EA Sports\FIFA 10\osdkdata\game\globalClasses\classLoader.big
[2011/06/15 23:58:28 | 000,053,248 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\HP Setup\ContentDownloader.exe
[2011/02/24 04:12:16 | 000,005,974 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\HP Setup\ContentDownloader.exe.config
[2010/10/15 04:58:50 | 000,001,012 | ---- | M] () -- \Program Files (x86)\HP Games\onplay\downloader_bg_400.gif
[2012/04/11 12:34:20 | 000,005,795 | ---- | M] () -- \Program Files (x86)\ICQ7.7\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012/04/11 12:34:20 | 000,004,180 | ---- | M] () -- \Program Files (x86)\ICQ7.7\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012/04/11 12:34:20 | 000,005,520 | ---- | M] () -- \Program Files (x86)\ICQ7.7\imApp\theme\MUICoreLib\xtraLoader.swf
[2012/05/31 17:02:02 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7.7\Xtraz\icq\content\profile_lightboxs\preloader.html
[2011/02/25 20:46:24 | 000,005,987 | ---- | M] () -- \Program Files (x86)\Microsoft\BingBar\scripts\io\downloader.js
[2012/08/28 20:26:19 | 000,002,910 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\lord of the rings online\browser\components\uriloader.xpt
[2011/03/01 20:52:02 | 000,411,888 | ---- | M] () -- \Program Files (x86)\WildTangent Games\App\WTDownloader.exe
[2010/11/03 23:17:00 | 000,002,193 | ---- | M] () -- \Program Files (x86)\WildTangent Games\App\UI\GamePlay_Loader.html
[2011/02/16 21:02:14 | 000,009,072 | ---- | M] () -- \Program Files (x86)\WildTangent Games\App\UI\Scripts\gameplay_loader.js
[2010/11/03 23:17:00 | 000,002,355 | ---- | M] () -- \Program Files (x86)\WildTangent Games\App\UI\Skins\default\gameplay_loader.css
[2012/02/17 20:55:09 | 000,055,296 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2012/06/18 12:39:40 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012/06/18 12:39:40 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012/06/18 12:39:40 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012/06/18 12:39:40 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012/09/25 10:26:34 | 000,000,753 | ---- | M] () -- \Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RI2LKG9\AdLoader[1].htm
[2012/04/26 16:00:02 | 000,009,051 | ---- | M] () -- \Users\Michal\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\loader.gif
[2012/04/26 16:00:02 | 000,016,119 | ---- | M] () -- \Users\Michal\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.jpg
[2012/04/26 16:00:02 | 000,018,434 | ---- | M] () -- \Users\Michal\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.png
[2012/04/26 16:00:02 | 000,009,283 | ---- | M] () -- \Users\Michal\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\ImageInfoLoader.js
[2012/04/26 16:00:02 | 000,001,699 | ---- | M] () -- \Users\Michal\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\NewsLoader.js
[2011/07/16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[3 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2007/04/30 15:43:12 | 000,009,622 | ---- | M] () -- \Windows\System32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
[2011/07/16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[3 \Windows\SysWOW64\*.tmp files -> \Windows\SysWOW64\*.tmp -> ]
[2007/04/30 15:43:12 | 000,009,622 | ---- | M] () -- \Windows\SysWOW64\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/23 13:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2012/02/23 13:44:20 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2012/02/23 13:44:20 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2012/02/23 13:44:20 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2012/02/23 13:44:20 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2012/02/23 13:53:55 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012/02/23 13:53:55 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2012/02/23 13:53:55 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2012/02/23 13:53:55 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2012/02/23 13:53:55 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2012/02/23 13:42:10 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010/11/21 05:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2012/02/23 13:53:51 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012/02/23 13:53:51 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

Majki27 · #8 Příspěvek od **Majki27** » 25 zář 2012 13:06

OTL Extras logfile created on: 9/25/2012 1:39:31 PM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Michal\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.49 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 32.75% Memory free
6.97 Gb Paging File | 4.20 Gb Available in Paging File | 60.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.29 Gb Total Space | 313.51 Gb Free Space | 69.32% Space Free | Partition Type: NTFS
Drive D: | 13.37 Gb Total Space | 1.65 Gb Free Space | 12.33% Space Free | Partition Type: NTFS

Computer Name: MICHAL-HP | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4104658914-801406617-3508022457-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B96C608-7C2B-4C60-96EA-0D5C7DF70384}" = rport=445 | protocol=6 | dir=out | app=system |
"{219736A7-0F7B-4D82-A4CB-ADF139EA3C95}" = lport=10243 | protocol=6 | dir=in | app=system |
"{306410F3-1D91-4AD7-904E-556ADAE36B3D}" = lport=137 | protocol=17 | dir=in | app=system |
"{4147C234-A543-447E-96E7-3F79254FFABE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4369AD41-7A3D-459F-8ED4-74AE97B621E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4AF005F5-885A-4751-B581-B3F5DB894A3C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{50953D56-BAFE-45DF-B4CA-4FE9CCC1097B}" = rport=139 | protocol=6 | dir=out | app=system |
"{570307D4-9091-48FE-BAC8-4262127DFE64}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5E36A5DA-27D6-41B3-BB07-3BCD01BA0C4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6FCD29D3-1362-4547-BC65-692320E6D941}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71C2E7DC-69BD-4175-B7BE-410FA874C6AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{72917D37-93BE-4C82-BCDB-697E4FA9AEE9}" = lport=138 | protocol=17 | dir=in | app=system |
"{7881A349-3072-4D75-A9F6-AF129B206667}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C8F040E-729C-4F73-8913-2BB5B2386754}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9EB319F9-92FA-42EE-9E17-E3C3A9ED7156}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2F1E00A-6E43-4598-8743-E4F869D50F8D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6D1DFA6-C018-448B-983B-9864F8D64F30}" = lport=445 | protocol=6 | dir=in | app=system |
"{C94DCC13-71FB-4FE3-9757-67BA1813B0DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB6F2401-3693-44E1-B309-57ADEED138A5}" = rport=137 | protocol=17 | dir=out | app=system |
"{D2EF0636-D099-447E-8E4A-B79E1AA4D4EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC85350F-7F34-4021-B9E0-BB3C4165CD3D}" = rport=138 | protocol=17 | dir=out | app=system |
"{EF9BF7C7-24EA-447C-8D32-009B24384315}" = lport=139 | protocol=6 | dir=in | app=system |
"{FEA7DDB8-C2B9-456C-A70C-5F84B47069C9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092ED21C-BBBD-48F7-AB74-0EBA503486C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\grunhurd@yahoo.com\day of defeat\hl.exe |
"{0C7C262A-9305-4D95-BD33-B203C50AE397}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0F13FF9F-63CA-4EA0-9571-2184FF364348}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{1200FAC0-25DE-40FB-B864-5C35405EE76B}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{1326C070-DE9B-494C-A28A-54EA083E7E8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe |
"{15909D01-6D35-434B-AEEC-6A1ADA68AEFF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1EAEFDD1-BF9E-4A48-A4DD-13E36B086076}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22CBAA61-D71B-41AA-A0E1-6DF8E835EB67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\hl.exe |
"{2506E70C-582D-42B5-82DA-3104B8D1B0D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\hl.exe |
"{259F33EB-02CA-4F6B-AB17-4787138005EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{26201663-2AA9-4A3D-A8AB-224A4082841A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\adgetty\counter-strike\hl.exe |
"{3278DA2B-7158-4A49-91AC-D02E8E47B737}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\hl.exe |
"{3399E1C6-FA4B-48D9-A114-4A3862862391}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\grunhurd@yahoo.com\counter-strike\hl.exe |
"{3430BA37-95EF-4B28-94CC-D68619AFCB3E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{374F0F3E-E9E2-4A27-A269-023A00F9A4E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{388D6E32-A6AC-4F23-957B-C8A8DB059534}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{3F30281E-A72D-4407-82D2-30DD6308C2C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3F457183-AC5A-47B5-9F15-DEEA9EED04BB}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{40B3ECC0-1250-4786-8A1A-BBEF7EB859FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{426EF1F5-8566-4662-B41E-E00200E7AFB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\oxgene@hotmail.com\counter-strike\hl.exe |
"{453E3299-86DA-443D-A37D-44FD3BC0D9FA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{467DC1B9-4E99-4E96-AA6E-0924C13853D6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{474BF647-FC44-4ED4-86E6-A564F71DB8A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5206E776-1F61-4E93-8BE1-85CF18CEFD2E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5227BDDC-079F-46B5-9AF9-A08E17CFD8B6}" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{53E908DD-5974-4CC3-A9A4-BC28DEB6A814}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5DFAB7AF-A957-4FFC-B33D-440733636A0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\hl.exe |
"{605842D1-0D7F-45C1-A70C-C5A909DBAEA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\oxgene@hotmail.com\counter-strike\hl.exe |
"{65B08E12-538F-4F80-B6FE-76D22CC451EF}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{662DBC1E-FCB3-40D2-BCC0-54C5C7B0B817}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{68814C47-F37B-4F37-AB29-D1C9DA5AE1EF}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{6919B962-EFD3-4F5C-8B69-D51F2A4AA7E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\adgetty\counter-strike\hl.exe |
"{7DBB912F-9EC5-446C-8BAA-FCCFFD56C4D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\oxgene@hotmail.com\counter-strike\hl.exe |
"{86365D9C-063B-4F01-AE6C-EFD9EDF6398C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8A435494-FB5D-4143-B806-CFC24DB2768F}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{91699CD6-7DE9-475E-BBD4-A8BD3022DD5E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{97445D9B-8443-4D6D-8235-001E19F891F9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A86792B-6A58-450F-A733-22D01C4F729B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9ACFC801-57C7-4B67-944D-41E446F45B10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CC793F2-B137-4494-9DB1-6B0190903A57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe |
"{9DB65ED0-0841-4F73-B18A-7227425B4E74}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A53BB41B-097C-4D97-88B7-F0882C6529EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7222A59-2356-421F-9795-3C32E1787CFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\minikellysek\counter-strike\hl.exe |
"{A83A527C-714F-4372-86B4-22A2D78BF64F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADE2F6DD-A881-4CFB-9A2E-9E94D07A4977}" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{AE4D0E70-FC5C-4D6C-99EA-E17BB4508032}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B78CDE83-6138-485D-BD17-FF6163C45F47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDF570E5-67AA-4EEC-8075-55D8ADEA0803}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\oxgene@hotmail.com\counter-strike\hl.exe |
"{CD83724F-E0D1-46C9-98A7-E7FDC41C4860}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CE86D116-25FD-452B-A3B6-63C54EA407B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\grunhurd@yahoo.com\counter-strike\hl.exe |
"{D1CBC948-B72B-46CC-80EC-314CB7D51ED2}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{D7D2FC25-4DD6-481E-83E6-F0CD001AFCA4}" = protocol=6 | dir=out | app=system |
"{DC55DA97-6F16-4196-B288-14CD3BCC8E69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\minikellysek\counter-strike\hl.exe |
"{DD2E7424-B5BD-44CF-929B-C2415AEF3E56}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E19EFAF0-9277-42F9-A6BC-8BBB0731DB96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB6E99DA-7FE7-4BD3-BE9C-2F5EA861397D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{EB9B0BA5-43AC-4825-B2E3-FCB2F4F652FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\grunhurd@yahoo.com\day of defeat\hl.exe |
"{EBD0E072-3715-494B-A516-1115E8088997}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{F1B8438E-3936-45B8-ABC7-6A753781F775}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FCFE3F0E-CDB1-46BD-BEE5-D3AFDCE56844}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFA8ACD1-1389-4FB1-846F-56941C6BA654}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"TCP Query User{3068095E-945C-48C3-826E-7C9FE1038326}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{42445712-B207-4CAC-A16B-B1701B08CD3B}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{70FA163C-C35D-4F04-98C0-1CFEAA67CC1B}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{BB153D96-E94A-430A-8809-F80A9F5903F1}C:\program files (x86)\steam\steamapps\grunhurd@yahoo.com\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\grunhurd@yahoo.com\counter-strike source\hl2.exe |
"TCP Query User{E4A06ACE-D602-450D-B4D2-863D5EC84A13}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{F5B1D01E-DFEA-43F6-BB0B-2AA28F9DB9C0}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{2E2697CA-1D94-4970-ADE1-9D160A1489AB}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{54D49404-4934-44F5-926B-1B367421EE6E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{7FDF7C95-5DE5-4CE4-8E57-37D34002EFEA}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{B1EBAB6F-4F7E-4287-8091-DA6E9BB0970D}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{C6EEBB61-8619-4E19-AAA6-36E492E0A6B0}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{ED40618D-A92D-4171-930E-5AEA8C9EC2EF}C:\program files (x86)\steam\steamapps\grunhurd@yahoo.com\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\grunhurd@yahoo.com\counter-strike source\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C30C12-525A-8804-C623-8FC6DD4FF32F}" = CCC Help Chinese Traditional
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{089063BB-5B9D-D4AB-22D2-59F6EF4DE09E}" = CCC Help Polish
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B6F7BE6-A4A2-02C6-2467-C58954985AB3}" = CCC Help Korean
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4337BD05-C42B-5F45-F228-EA5DC10BEB01}" = CCC Help Turkish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4984BBF2-8A6B-0F27-300B-69C6C9125CC8}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFB7F0F-C6EB-B189-9B57-B599372F8A3A}" = CCC Help Italian
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59CE4831-355D-4110-9021-562D97913272}" = CCC Help German
"{5A438E06-0BB3-4C5F-0085-B14F1F4077E6}" = FIFA 07
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689E5983-F9EA-61AE-632B-F26AC91B0E62}" = Catalyst Control Center Graphics Previews Common
"{68EBE0E8-C24F-DB74-0081-E976C7F9003D}" = CCC Help Finnish
"{6917E984-25D9-9D4E-7474-53262BEAE9F6}" = CCC Help Spanish
"{6ACE862C-EDDD-9A7E-FBF6-D06050F53D52}" = CCC Help Swedish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71213B00-C3D5-C885-5302-9C6CC7DCE137}" = CCC Help Russian
"{717D3880-41BC-4CE8-3FA6-95DABE215DB1}" = CCC Help Danish
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EEA0F2F-BC5C-3EB0-883D-B6F35730A5B5}" = CCC Help English
"{90140011-0066-0405-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - čeština
"{905E1976-AF8F-0351-EB63-5C76DC83165F}" = CCC Help Dutch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{941DC878-781C-E5EF-C246-E44F969FB318}" = CCC Help Japanese
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95CC6FC9-9E4B-17CF-EACA-031F07F48BA4}" = Catalyst Control Center InstallProxy
"{9651CB1C-7EB7-2372-F345-45727C1AB823}" = CCC Help Chinese Standard
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BEB67F-B288-44F5-8B2A-23F5A52FA1AE}_is1" = Universal AntiCheat 3 v1.064
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BE22D4-0F66-455E-9783-1D7113CC6F00}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7730A8E-CA1C-5238-02D6-45198D343202}" = CCC Help Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2E84E76-6D0C-51E2-B0B1-7567B10AEC96}" = Catalyst Control Center Localization All
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BA945D93-DBEB-0BC6-B6AD-26330D2E9879}" = AMD VISION Engine Control Center
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6189FB-94E0-CD39-7B41-92213433CD26}" = CCC Help French
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7422030-A87C-2A0C-7268-463512250CA4}" = CCC Help Portuguese
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}" = Adobe Flash Player 10 ActiveX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E637DA92-2EAE-1B6F-9D65-A86F0780118E}" = CCC Help Hungarian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED15F807-4242-3091-B32E-A349C37141C0}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7BFA5CC-8072-ACFD-D12F-69F4F2AAACB1}" = CCC Help Norwegian
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.07.01.8015
"1ClickDownload" = 1ClickDownloader
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast" = avast! Internet Security
"BitLord" = BitLord 1.1
"CSPL CS 1.6 GUI_is1" = CSPL CS 1.6 GUI v1.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"EasyBits Magic Desktop" = Magic Desktop
"Free Easy Burner_is1" = Free Easy Burner V 5.1
"Google Chrome" = Google Chrome
"Guard.Mail.ru" = Guard.ICQ
"ICQToolbar" = ICQ Toolbar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 12.0 (x86 cs)" = Mozilla Firefox 12.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klikni a spusť 2010
"PDF Complete" = PDF Complete Special Edition
"Steam App 10" = Counter-Strike
"Steam App 212500" = The Lord of the Rings Online™
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"TeamViewer 7" = TeamViewer 7
"Usbfix" = UsbFix By El Desaparecido
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-067130e5-c46d-4b38-a204-98a63d0ea401" = Slingo Supreme
"WTA-173042cc-7a1a-4a0c-8c4a-12d29f1cac48" = Chronicles of Albian
"WTA-1c6bc09e-0dc6-4701-ad63-a09406d72c8f" = Polar Golfer
"WTA-25d455bb-4f3a-4a27-8572-fb44893be362" = Final Drive: Nitro
"WTA-2af33d6a-ba96-4157-a170-2f53a708322e" = Plants vs. Zombies - Game of the Year
"WTA-3289b347-c7ea-4964-a3ca-c3eae4dc3f20" = Virtual Villagers 5 - New Believers
"WTA-3ee14a36-d6be-4ec8-a936-6b8b0a3e50dd" = Farm Frenzy
"WTA-53464706-8c7b-4dff-b24c-0cbf654a9148" = Cake Mania
"WTA-5cfb202e-5c39-48b8-8f8a-faf70f8b9cbf" = Bejeweled 3
"WTA-624571b5-017a-42aa-9709-7102f605105f" = Mystery of Mortlake Mansion
"WTA-682319b8-da5d-4803-835e-0781a83e34c3" = Cradle of Rome 2
"WTA-763dbc0e-4de8-4a35-b959-75c17075600d" = Vacation Quest - The Hawaiian Islands
"WTA-89dc8119-c4fd-412d-a90c-a49d00cdf697" = Polar Bowler
"WTA-8a6ee3ef-b583-4b15-b412-84435d7705f0" = Governor of Poker 2 Premium Edition
"WTA-8d1cd224-f375-4519-86c9-316ad5b95804" = Blasterball 3
"WTA-9775d50a-9c0d-48fb-ac9c-4da14899e837" = FATE
"WTA-a3b2af4f-b238-4e20-a27c-248fda9dc409" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-a48ca406-3b8b-420a-9934-7802f468f320" = Bounce Symphony
"WTA-aa2ca86f-1842-4316-b654-5ab65da37a5d" = Penguins!
"WTA-aa730e93-9e7c-4455-9c52-245bebfed17f" = Zuma Deluxe
"WTA-ad55a81f-33ad-42f1-a3f4-9fa5d8a7b7e6" = Mah Jong Medley
"WTA-aeb7051f-817c-4d92-a51c-b0be193d6fa4" = Chuzzle Deluxe
"WTA-ca8a31a9-801d-4ff5-9dc0-8af75a39f2a4" = Agatha Christie - Peril at End House
"WTA-cdad2d76-2719-4e7d-b59e-22f2d01d181e" = Blackhawk Striker 2
"WTA-dd263f97-d75f-43b6-8cf5-c7d25962ab53" = Poker Superstars III
"WTA-e5bf44d1-d50e-4bf9-8a19-9b74bea60699" = Namco All-Stars: PAC-MAN

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4104658914-801406617-3508022457-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Shifters Anti-Cheat" = Shifters Anti-Cheat

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/22/2012 2:27:50 PM | Computer Name = Michal-HP | Source = Application Hang | ID = 1002
Description = Program hl.exe verze 1.1.1.1 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: e50 Čas
spuštění: 01cd808431b9a296 Čas ukončení: 539 Cesta k aplikaci: c:\program files (x86)\steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\hl.exe

ID
hlášení:

Error - 8/23/2012 11:56:33 AM | Computer Name = Michal-HP | Source = Application Error | ID = 1000
Description = Název chybující aplikace: hl.exe, verze: 1.1.1.1, časové razítko:
0x48feaf5a Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.17725, časové razítko:
0x4ec49b8f Kód výjimky: 0xc0000005 Posun chyby: 0x0002e823 ID chybujícího procesu:
0x1718 Čas spuštění chybující aplikace: 0x01cd8147c7921b6d Cesta k chybující aplikaci:
c:\program files (x86)\steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\hl.exe
Cesta
k chybujícímu modulu: C:\Windows\SysWOW64\ntdll.dll ID zprávy: 1bf23038-ed3b-11e1-b662-e840f20c9e39

Error - 8/23/2012 2:57:07 PM | Computer Name = Michal-HP | Source = Application Error | ID = 1000
Description = Název chybující aplikace: hl.exe, verze: 1.1.1.1, časové razítko:
0x48feaf5a Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.17725, časové razítko:
0x4ec49b8f Kód výjimky: 0xc0000005 Posun chyby: 0x0002e823 ID chybujícího procesu:
0x11f0 Čas spuštění chybující aplikace: 0x01cd8161102db7a2 Cesta k chybující aplikaci:
c:\program files (x86)\steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\hl.exe
Cesta
k chybujícímu modulu: C:\Windows\SysWOW64\ntdll.dll ID zprávy: 55a95630-ed54-11e1-b662-e840f20c9e39

Error - 8/27/2012 1:47:13 PM | Computer Name = Michal-HP | Source = Application Hang | ID = 1002
Description = Program hl.exe verze 1.1.1.1 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: f5c Čas
spuštění: 01cd8474313c4929 Čas ukončení: 545 Cesta k aplikaci: c:\program files (x86)\steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\hl.exe

ID
hlášení:

Error - 8/27/2012 2:40:39 PM | Computer Name = Michal-HP | Source = Application Error | ID = 1000
Description = Název chybující aplikace: HPAuto.exe, verze: 1.0.12935.3667, časové
razítko: 0x4d5cc461 Název chybujícího modulu: HPAuto.exe, verze: 1.0.12935.3667,
časové razítko: 0x4d5cc461 Kód výjimky: 0xc0000005 Posun chyby: 0x0000000000007be2
ID
chybujícího procesu: 0xf5c Čas spuštění chybující aplikace: 0x01cd84836aac61bf Cesta
k chybující aplikaci: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Cesta
k chybujícímu modulu: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe ID zprávy:
b21c1421-f076-11e1-9967-e840f20c9e39

Error - 8/28/2012 1:25:36 AM | Computer Name = Michal-HP | Source = Application Error | ID = 1000
Description = Název chybující aplikace: HPAuto.exe, verze: 1.0.12935.3667, časové
razítko: 0x4d5cc461 Název chybujícího modulu: HPAuto.exe, verze: 1.0.12935.3667,
časové razítko: 0x4d5cc461 Kód výjimky: 0xc0000005 Posun chyby: 0x0000000000007be2
ID
chybujícího procesu: 0xf0c Čas spuštění chybující aplikace: 0x01cd84dd84483053 Cesta
k chybující aplikaci: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Cesta
k chybujícímu modulu: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe ID zprávy:
cb70d608-f0d0-11e1-9b8f-e840f20c9e39

Error - 8/28/2012 3:58:44 PM | Computer Name = Michal-HP | Source = Application Hang | ID = 1002
Description = Program hl.exe verze 1.1.1.1 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: 1260 Čas
spuštění: 01cd85540b2b5666 Čas ukončení: 491 Cesta k aplikaci: c:\program files (x86)\steam\steamapps\thedoc_moericke@hotmail.com\counter-strike\hl.exe

ID
hlášení:

Error - 8/29/2012 5:46:23 AM | Computer Name = Michal-HP | Source = Application Error | ID = 1000
Description = Název chybující aplikace: HPAuto.exe, verze: 1.0.12935.3667, časové
razítko: 0x4d5cc461 Název chybujícího modulu: HPAuto.exe, verze: 1.0.12935.3667,
časové razítko: 0x4d5cc461 Kód výjimky: 0xc0000005 Posun chyby: 0x0000000000007be2
ID
chybujícího procesu: 0xe30 Čas spuštění chybující aplikace: 0x01cd85cb1e2174b0 Cesta
k chybující aplikaci: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Cesta
k chybujícímu modulu: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe ID zprávy:
64209634-f1be-11e1-9a20-e840f20c9e39

Error - 8/29/2012 11:38:28 AM | Computer Name = Michal-HP | Source = Application Error | ID = 1000
Description = Název chybující aplikace: HPAuto.exe, verze: 1.0.12935.3667, časové
razítko: 0x4d5cc461 Název chybujícího modulu: HPAuto.exe, verze: 1.0.12935.3667,
časové razítko: 0x4d5cc461 Kód výjimky: 0xc0000005 Posun chyby: 0x0000000000007be2
ID
chybujícího procesu: 0xdc4 Čas spuštění chybující aplikace: 0x01cd85fc5139d0ff Cesta
k chybující aplikaci: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Cesta
k chybujícímu modulu: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe ID zprávy:
93771f84-f1ef-11e1-9be0-e840f20c9e39

Error - 8/30/2012 3:04:21 AM | Computer Name = Michal-HP | Source = Application Error | ID = 1000
Description = Název chybující aplikace: HPAuto.exe, verze: 1.0.12935.3667, časové
razítko: 0x4d5cc461 Název chybujícího modulu: HPAuto.exe, verze: 1.0.12935.3667,
časové razítko: 0x4d5cc461 Kód výjimky: 0xc0000005 Posun chyby: 0x0000000000007be2
ID
chybujícího procesu: 0xc4c Čas spuštění chybující aplikace: 0x01cd867da73767ad Cesta
k chybující aplikaci: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Cesta
k chybujícímu modulu: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe ID zprávy:
ec1997b4-f270-11e1-870a-e840f20c9e39

Error - 8/30/2012 8:59:51 AM | Computer Name = Michal-HP | Source = Application Error | ID = 1000
Description = Název chybující aplikace: HPAuto.exe, verze: 1.0.12935.3667, časové
razítko: 0x4d5cc461 Název chybujícího modulu: HPAuto.exe, verze: 1.0.12935.3667,
časové razítko: 0x4d5cc461 Kód výjimky: 0xc0000005 Posun chyby: 0x0000000000007be2
ID
chybujícího procesu: 0xc50 Čas spuštění chybující aplikace: 0x01cd86af4f671b90 Cesta
k chybující aplikaci: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Cesta
k chybujícímu modulu: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe ID zprávy:
959da0c6-f2a2-11e1-b366-e840f20c9e39

[ Hewlett-Packard Events ]
Error - 5/5/2012 4:05:57 AM | Computer Name = Michal-HP | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 9/25/2012 5:50:52 AM | Computer Name = Michal-HP | Source = Service Control Manager | ID = 7031
Description = Služba Windows Live ID Sign-in Assistant byla nečekaně ukončena. Stalo
se to 2 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat
službu.

Error - 9/25/2012 5:50:52 AM | Computer Name = Michal-HP | Source = Service Control Manager | ID = 7031
Description = Služba HP Support Assistant Service byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat
službu.

Error - 9/25/2012 5:51:00 AM | Computer Name = Michal-HP | Source = PNRPSvc | ID = 102
Description =

Error - 9/25/2012 5:51:01 AM | Computer Name = Michal-HP | Source = PNRPSvc | ID = 102
Description =

Error - 9/25/2012 5:51:00 AM | Computer Name = Michal-HP | Source = Service Control Manager | ID = 7023
Description = Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena
s následující chybou: %%-2140993535

Error - 9/25/2012 5:51:00 AM | Computer Name = Michal-HP | Source = Service Control Manager | ID = 7001
Description = Služba Seskupování v sítích peer-to-peer závisí na službě Protokol
PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující
chyby: %%-2140993535

Error - 9/25/2012 5:51:01 AM | Computer Name = Michal-HP | Source = Service Control Manager | ID = 7023
Description = Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena
s následující chybou: %%-2140993535

Error - 9/25/2012 5:51:01 AM | Computer Name = Michal-HP | Source = Service Control Manager | ID = 7001
Description = Služba Seskupování v sítích peer-to-peer závisí na službě Protokol
PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující
chyby: %%-2140993535

Error - 9/25/2012 5:51:22 AM | Computer Name = Michal-HP | Source = Service Control Manager | ID = 7032
Description = Správce služeb se pokusil o opravnou akci (Restartovat službu) po
nečekaném ukončení služby Služba Windows Media Player Network Sharing, ale tato
akce selhala kvůli následující chybě: %%1056

Error - 9/25/2012 5:51:22 AM | Computer Name = Michal-HP | Source = Service Control Manager | ID = 7032
Description = Správce služeb se pokusil o opravnou akci (Restartovat službu) po
nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující
chybě: %%1056

< End of report >

#9 Příspěvek od **vyosek** » 25 zář 2012 21:14

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - [2011/08/17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{E54EED88-732F-4E07-88B3-7CF68B43C242}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\SearchScopes\{E54EED88-732F-4E07-88B3-7CF68B43C242}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
[2012/08/24 18:21:42 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\15hlbxs9.default\extensions\plugin@yontoo.com
CHR - Extension: Yontoo = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-4104658914-801406617-3508022457-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O13 - gopher Prefix: missing
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[25 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\*.tmp -> ]
[3 C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp -> ]
[3 C:\Windows\SysWOW64\*.tmp files -> C:\Windows\SysWOW64\*.tmp -> ]
[1 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\*.tmp files -> C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\*.tmp -> ]
[3 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp files -> C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

:services
Guard.Mail.ru

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
""=-
"PDF Complete"=-
"Guard.Mail.ru.gui"=-
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=-
"DAEMON Tools Lite"=-
"uTorrent"=-
"ICQ"=-
"Skype"=-

:files
C:\$RECYCLE.BIN
D:\$RECYCLE.BIN
C:\Program Files (x86)\ICQ6Toolbar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\Users\Michal\AppData\Roaming\uTorrent\*crack*.*
c:\Users\Michal\Downloads\*crack*.*
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.
- Utilitu spustte a prikazte ji, at skenuje - klik na Scan
- Kliknutim na Save log ulozte log aswMBR na plochu
- Obsah logu aswMBR mi sem vlozte
Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

VIRY.CZ

Vir na flash disku.

Vir na flash disku.

Re: Vir na flash disku.

Re: Vir na flash disku.

Re: Vir na flash disku.

Re: Vir na flash disku.

Re: Vir na flash disku.

Re: Vir na flash disku.

Re: Vir na flash disku.

Re: Vir na flash disku.