Neznámá infekce, prosím o kontrolu.

Zpráva

Zayl · #1 Příspěvek od **Zayl** » 03 bře 2010 15:57

Dobrý den, jsem si prakticky jistý že je mé PC zavirované, bohužel má snaha (google a kontrola procesu) nepřinesla kýžené ovoce a proto bych rád požádal o profesionální pomoc při boji s neřádem. Přikládám log, děkuji.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Zayl at 2010-03-03 15:48:42
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 14 GB (14%) free of 96 GB
Total RAM: 2813 MB (63% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\SDMsgUpdate (TE).job
C:\Windows\tasks\User_Feed_Synchronization-{5AFFE2BC-8763-471D-9476-460F5AE1B7B9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-08-04 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-08-04 2215960]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-13 6183456]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400]
"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2008-05-24 192512]
"WisKeyState"=C:\Program Files\Launch Manager\WisKeyState.exe [2008-03-08 208896]
"LMgrVolOSD"=C:\Program Files\Launch Manager\OSD.exe [2008-03-04 258048]
"LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2007-12-25 241664]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-27 180224]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-01-18 1286608]
"avast5"=D:\avast\avastUI.exe [2010-02-11 2756488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2010-02-25 319280]
"DisplayFusion"=C:\Program Files\DisplayFusion\DisplayFusion.exe [2009-05-30 768688]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-28 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\AutoRun\command - L:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4190f326-41f0-11de-90ab-001f1616280e}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54ed169f-8698-11de-9146-001f1616280e}]
shell\AutoRun\command - F:\autorun.exe
shell\directx\command - DirectX9\dxsetup.exe
shell\setup\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e9ff7b-3a54-11de-a987-001f1616280e}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e9ff7c-3a54-11de-a987-001f1616280e}]
shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f93b662f-a53e-11de-9358-001f1616280e}]
shell\AutoRun\command - G:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f93b6630-a53e-11de-9358-001f1616280e}]
shell\AutoRun\command - H:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f93b6631-a53e-11de-9358-001f1616280e}]
shell\AutoRun\command - I:\CDCheck.exe

======List of files/folders created in the last 1 months======

2010-03-03 15:48:42 ----D---- C:\Program Files\trend micro
2010-03-03 14:50:30 ----A---- C:\Windows\system32\aswBoot.exe
2010-03-03 14:50:27 ----D---- C:\ProgramData\Alwil Software
2010-03-01 17:47:23 ----A---- C:\Windows\SGDetectionTool.dll
2010-03-01 17:47:23 ----A---- C:\Windows\PCTBDRes.dll
2010-03-01 17:47:23 ----A---- C:\Windows\PCTBDCore.dll
2010-03-01 17:47:23 ----A---- C:\Windows\BDTSupport.dll
2010-03-01 17:45:01 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-01 17:45:00 ----D---- C:\Users\Zayl\AppData\Roaming\PC Tools
2010-03-01 17:45:00 ----D---- C:\ProgramData\PC Tools
2010-03-01 17:45:00 ----D---- C:\Program Files\Spyware Doctor
2010-03-01 16:54:27 ----D---- C:\rsit
2010-03-01 16:19:50 ----AD---- C:\Windows\system32\runouce.exe
2010-03-01 16:18:07 ----A---- C:\Windows\system32\msvcr80.dll
2010-03-01 16:18:06 ----A---- C:\Windows\system32\msvcp80.dll
2010-03-01 16:18:05 ----A---- C:\Windows\system32\eEmpty.exe
2010-03-01 16:18:01 ----D---- C:\Program Files\Common Files\MicroWorld
2010-03-01 16:17:59 ----D---- C:\ProgramData\MicroWorld
2010-02-27 23:15:27 ----D---- C:\ProgramData\InstallShield
2010-02-24 13:51:14 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 13:51:01 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 13:51:01 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 13:51:00 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 13:51:00 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 13:51:00 ----A---- C:\Windows\system32\msdrm.dll
2010-02-20 12:29:56 ----D---- C:\Users\Zayl\AppData\Roaming\Mumble
2010-02-20 11:15:09 ----D---- C:\Program Files\Mumble
2010-02-20 10:12:11 ----D---- C:\ProgramData\FLEXnet
2010-02-20 10:00:27 ----D---- C:\Program Files\Adobe Media Player
2010-02-20 09:56:48 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-20 09:52:10 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-02-19 23:08:35 ----D---- C:\Users\Zayl\AppData\Roaming\Bioshock2
2010-02-19 22:56:31 ----SHD---- C:\ProgramData\SecuROM
2010-02-19 22:52:03 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-02-19 22:52:03 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-02-19 22:52:03 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-02-19 22:52:03 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-02-19 21:39:39 ----D---- C:\Program Files\Heroes of Newerth
2010-02-10 22:24:04 ----D---- C:\Users\Zayl\AppData\Roaming\TS3Client
2010-02-10 22:23:43 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-02-10 19:27:49 ----D---- C:\Program Files\Ventrilo
2010-02-10 19:27:48 ----A---- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-02-10 12:30:08 ----D---- C:\Users\Zayl\AppData\Roaming\EVEMon
2010-02-10 12:30:05 ----D---- C:\Program Files\EVEMon
2010-02-10 12:06:52 ----D---- C:\ProgramData\CCP
2010-02-10 07:24:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 07:24:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 07:24:14 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\avicap32.dll

======List of files/folders modified in the last 1 months======

2010-03-03 15:48:47 ----D---- C:\Windows\Temp
2010-03-03 15:48:42 ----RD---- C:\Program Files
2010-03-03 15:48:35 ----D---- C:\Users\Zayl\AppData\Roaming\uTorrent
2010-03-03 15:48:05 ----D---- C:\Windows\Prefetch
2010-03-03 15:47:21 ----AD---- C:\ProgramData\TEMP
2010-03-03 15:46:44 ----D---- C:\Windows
2010-03-03 15:34:22 ----D---- C:\Windows\System32
2010-03-03 14:51:00 ----D---- C:\Windows\system32\drivers
2010-03-03 14:50:53 ----SHD---- C:\Windows\Installer
2010-03-03 14:50:52 ----D---- C:\Windows\winsxs
2010-03-03 14:50:27 ----HD---- C:\ProgramData
2010-03-03 14:18:34 ----D---- C:\Program Files\Mozilla Firefox
2010-03-03 07:07:09 ----D---- C:\Windows\system32\WDI
2010-03-02 19:32:25 ----D---- C:\Users\Zayl\AppData\Roaming\BSplayer
2010-03-01 17:45:01 ----D---- C:\Program Files\Common Files
2010-03-01 16:39:04 ----DC---- C:\Windows\system32\DRVSTORE
2010-03-01 16:39:04 ----D---- C:\ProgramData\Lavasoft
2010-03-01 16:11:45 ----D---- C:\docasna_slozka
2010-02-27 23:16:44 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-27 23:15:14 ----SD---- C:\Windows\Downloaded Program Files
2010-02-27 23:15:14 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-27 23:11:59 ----RSD---- C:\Windows\assembly
2010-02-26 06:56:38 ----D---- C:\Program Files\uTorrent
2010-02-25 12:15:15 ----D---- C:\Windows\rescache
2010-02-25 06:50:19 ----D---- C:\Windows\system32\cs-CZ
2010-02-25 06:50:17 ----RSD---- C:\Windows\Fonts
2010-02-24 23:14:06 ----D---- C:\Windows\system32\catroot
2010-02-24 13:50:52 ----D---- C:\Windows\system32\catroot2
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-22 21:56:02 ----A---- C:\Windows\NeroDigital.ini
2010-02-20 22:33:36 ----SD---- C:\Users\Zayl\AppData\Roaming\Microsoft
2010-02-20 18:48:54 ----D---- C:\Users\Zayl\AppData\Roaming\Adobe
2010-02-20 10:03:07 ----D---- C:\ProgramData\Adobe
2010-02-20 10:01:56 ----D---- C:\Program Files\Common Files\Adobe
2010-02-20 09:54:52 ----D---- C:\Program Files\Adobe
2010-02-19 22:52:04 ----D---- C:\Windows\system32\directx
2010-02-19 22:38:31 ----D---- C:\Users\Zayl\AppData\Roaming\Winamp
2010-02-19 18:57:45 ----D---- C:\Windows\Debug
2010-02-11 07:21:02 ----D---- C:\Program Files\Windows Mail
2010-02-10 19:31:06 ----D---- C:\Users\Zayl\AppData\Roaming\Ventrilo
2010-02-10 19:27:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-08 14:39:47 ----D---- C:\Users\Zayl\AppData\Roaming\IrfanView

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2008-01-21 75264]
R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 nsiproxy;NSI proxy service; C:\Windows\system32\drivers\nsiproxy.sys [2008-01-21 16384]
R1 RDPENCDD;RDP Encoder Mirror Driver; C:\Windows\system32\drivers\rdpencdd.sys [2008-01-21 6144]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2008-01-21 66560]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2008-01-21 71680]
R1 Wanarpv6;Remote Access IPv6 ARP Driver; C:\Windows\system32\DRIVERS\wanarp.sys [2008-01-21 62464]
R1 ws2ifsl;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\Windows\system32\drivers\ws2ifsl.sys [2008-01-21 15872]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-08-12 279712]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-08-12 25888]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2008-01-21 47104]
R2 luafv;UAC File Virtualization; C:\Windows\system32\drivers\luafv.sys [2008-01-21 84480]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2006-11-02 878080]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2008-01-21 60416]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2008-01-21 30208]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-03-18 903680]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-14 5172224]
R3 bowser;Bowser; C:\Windows\system32\DRIVERS\bowser.sys [2008-01-21 69632]
R3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2008-08-29 625152]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2008-01-21 53760]
R3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys [2008-01-21 12288]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-13 2152344]
R3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2008-01-21 181304]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\Windows\system32\DRIVERS\monitor.sys [2008-01-21 41984]
R3 mouhid;Ovladač HID myši; C:\Windows\system32\DRIVERS\mouhid.sys [2008-01-21 15872]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2008-01-21 64000]
R3 mrxsmb10;SMB 1.x MiniRedirector; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2009-12-04 212992]
R3 mrxsmb20;SMB 2.0 MiniRedirector; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2008-01-21 78848]
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2008-05-20 148480]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2008-01-21 69120]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 srv2;srv2; C:\Windows\System32\DRIVERS\srv2.sys [2009-09-14 144896]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-12-11 98304]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-17 190512]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunmp.sys [2008-01-21 15360]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2008-01-21 23040]
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\Windows\system32\DRIVERS\umbus.sys [2008-01-21 34816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbehci.sys [2008-01-21 39424]
R3 usbhub;USB2 Enabled Hub; C:\Windows\system32\DRIVERS\usbhub.sys [2008-01-21 194560]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys [2008-01-21 19456]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\drivers\agp440.sys [2008-01-21 56376]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2008-01-21 57400]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 5248]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\system32\drivers\brusbser.sys [2006-11-02 11904]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G60I32.sys [2008-01-21 118784]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2008-01-21 136192]
S3 Filetrace;FileTrace; C:\Windows\system32\drivers\filetrace.sys [2008-01-21 27648]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\drivers\gagp30kx.sys [2008-01-21 61496]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Zayl\AppData\Local\Temp\JNLEF7F.tmp []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2008-01-21 163384]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2008-05-22 34576]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\drivers\nv_agp.sys [2008-01-21 109112]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2008-01-21 31232]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\WNt500x86\Sandra.sys [2009-04-12 26216]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\drivers\sffp_mmc.sys [2008-01-21 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\drivers\sffp_sd.sys [2008-01-21 11776]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2008-01-21 55864]
S3 Tcpip6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-12-08 897624]
S3 tssecsrv;Terminal Services Security Filter Driver; C:\Windows\System32\DRIVERS\tssecsrv.sys [2008-01-21 23552]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\drivers\uagp35.sys [2008-01-21 59448]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\drivers\uliagpkx.sys [2008-01-21 60984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys [2008-01-21 73216]
S3 usbprint;Třída USB Printer; C:\Windows\system32\DRIVERS\usbprint.sys [2008-01-21 18944]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2008-01-21 55296]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2008-01-21 26112]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2008-01-21 56888]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 adp94xx;adp94xx; C:\Windows\system32\drivers\adp94xx.sys [2008-01-21 422968]
S4 adpahci;adpahci; C:\Windows\system32\drivers\adpahci.sys [2008-01-21 300600]
S4 adpu320;adpu320; C:\Windows\system32\drivers\adpu320.sys [2008-01-21 149560]
S4 amdide;amdide; C:\Windows\system32\drivers\amdide.sys [2008-01-21 17976]
S4 AmdK7;AMD K7 Processor Driver; C:\Windows\system32\drivers\amdk7.sys [2008-01-21 41472]
S4 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\drivers\amdk8.sys [2008-01-21 44032]
S4 arc;arc; C:\Windows\system32\drivers\arc.sys [2008-01-21 79416]
S4 arcsas;arcsas; C:\Windows\system32\drivers\arcsas.sys [2008-01-21 79928]
S4 blbdrive;blbdrive; C:\Windows\system32\drivers\blbdrive.sys [2008-01-21 45568]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\system32\drivers\brserid.sys [2006-11-02 71808]
S4 BrSerWdm;Brother WDM Serial driver; C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 62336]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 12160]
S4 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\drivers\bthmodem.sys [2006-11-02 39936]
S4 circlass;Consumer IR Devices; C:\Windows\system32\drivers\circlass.sys [2008-01-21 35328]
S4 Crusoe;Transmeta Crusoe Processor Driver; C:\Windows\system32\drivers\crusoe.sys [2008-01-21 40960]
S4 elxstor;elxstor; C:\Windows\system32\drivers\elxstor.sys [2008-01-21 342584]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\drivers\hidbth.sys [2006-11-02 29184]
S4 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\drivers\hidir.sys [2006-11-02 21504]
S4 HpCISSs;HpCISSs; C:\Windows\system32\drivers\hpcisss.sys [2008-01-21 40504]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-29 308248]
S4 iaStorV;Intel RAID Controller Vista; C:\Windows\system32\drivers\iastorv.sys [2008-01-21 235064]
S4 iirsp;iirsp; C:\Windows\system32\drivers\iirsp.sys [2006-11-02 41576]
S4 intelide;intelide; C:\Windows\system32\drivers\intelide.sys [2008-01-21 17976]
S4 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys [2008-01-21 41472]
S4 IPMIDRV;IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [2008-01-21 64512]
S4 isapnp;PnP ISA/EISA Bus Driver; C:\Windows\system32\drivers\isapnp.sys [2008-01-21 49720]
S4 iteatapi;ITEATAPI_Service_Install; C:\Windows\system32\drivers\iteatapi.sys [2006-11-02 35944]
S4 iteraid;ITERAID_Service_Install; C:\Windows\system32\drivers\iteraid.sys [2006-11-02 35944]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
S4 kbdhid;Keyboard HID Driver; C:\Windows\system32\drivers\kbdhid.sys [2008-01-21 15872]
S4 LSI_FC;LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [2008-01-21 96312]
S4 LSI_SAS;LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [2008-01-21 89656]
S4 LSI_SCSI;LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [2008-01-21 96312]
S4 megasas;megasas; C:\Windows\system32\drivers\megasas.sys [2008-01-21 31288]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 mpio;Microsoft Multi-Path Bus Driver; C:\Windows\system32\drivers\mpio.sys [2008-01-21 105016]
S4 msahci;msahci; C:\Windows\system32\drivers\msahci.sys [2008-01-21 28728]
S4 msdsm;Microsoft Multi-Path Device Specific Module; C:\Windows\system32\drivers\msdsm.sys [2008-01-21 94776]
S4 nfrd960;nfrd960; C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 45160]
S4 ntrigdigi;N-trig HID Tablet Driver; C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608]
S4 nvraid;NVIDIA nForce RAID Driver ; C:\Windows\system32\drivers\nvraid.sys [2008-01-21 102968]
S4 nvstor;nvstor; C:\Windows\system32\drivers\nvstor.sys [2008-01-21 45112]
S4 ohci1394;NEC FireWarden OHCI Compliant IEEE 1394 Host Controller; C:\Windows\system32\drivers\ohci1394.sys [2006-11-02 62080]
S4 ql2300;QLogic Fibre Channel Miniport Driver; C:\Windows\system32\drivers\ql2300.sys [2008-01-21 1122360]
S4 ql40xx;QLogic iSCSI Miniport Driver; C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 106088]
S4 RsFx0101;RsFx0101 Driver; C:\Windows\system32\DRIVERS\RsFx0101.sys [2008-02-08 239128]
S4 sbp2port;SBP-2 Transport/Protocol Bus Driver; C:\Windows\system32\drivers\sbp2port.sys [2006-11-02 76392]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 sermouse;Serial Mouse Driver; C:\Windows\system32\drivers\sermouse.sys [2008-01-21 19968]
S4 sffdisk;SFF Storage Class Driver; C:\Windows\system32\drivers\sffdisk.sys [2008-01-21 13312]
S4 SiSRaid2;SiSRaid2; C:\Windows\system32\drivers\sisraid2.sys [2008-01-21 41016]
S4 SiSRaid4;SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [2008-01-21 74808]
S4 uliahci;uliahci; C:\Windows\system32\drivers\uliahci.sys [2008-01-21 238648]
S4 UlSata;UlSata; C:\Windows\system32\drivers\ulsata.sys [2006-11-02 98408]
S4 ulsata2;ulsata2; C:\Windows\system32\drivers\ulsata2.sys [2008-01-21 115816]
S4 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\drivers\usbcir.sys [2006-11-02 68608]
S4 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys [2008-01-21 23552]
S4 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2008-01-21 41472]
S4 vsmraid;vsmraid; C:\Windows\system32\drivers\vsmraid.sys [2008-01-21 130616]
S4 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\drivers\wacompen.sys [2006-11-02 20608]
S4 Wd;Microsoft Watchdog Timer Driver; C:\Windows\system32\drivers\wd.sys [2008-01-21 22072]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-14 172032]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 avast! Antivirus;avast! Antivirus; D:\avast\AvastSvc.exe [2010-02-11 40384]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 EMDMgmt;@%SystemRoot%\system32\emdmgmt.dll,-1000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET); C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R2 MSSQL$DABAZE;SQL Server (DABAZE); C:\Program Files\Microsoft SQL Server\MSSQL10.DABAZE\MSSQL\Binn\sqlservr.exe [2008-02-08 38510616]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864]
R2 netprofm;@%SystemRoot%\system32\netprof.dll,-246; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-01-18 1141712]
R2 slsvc;@%SystemRoot%\system32\SLsvc.exe,-101; C:\Windows\system32\SLsvc.exe [2008-01-21 2623488]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-02-08 91672]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-04-25 303104]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2008-05-27 439808]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\avast\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\avast\AvastSvc.exe [2010-02-11 40384]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-06-15 9728]
R3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2008-01-21 39424]
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2008-01-15 118784]
R3 WMPNetworkSvc;@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2008-01-21 896512]
S2 ehstart;@%SystemRoot%\ehome\ehstart.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-27 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 DFSR;@dfsrres.dll,-101; C:\Windows\system32\DFSR.exe [2008-01-21 2091520]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2008-01-21 292352]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2006-11-02 131072]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-20 655624]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2008-06-20 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-06-20 881664]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pimsvc;@%SystemRoot%\system32\p2psvc.dll,-8004; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 PNRPAutoReg;@%SystemRoot%\system32\p2psvc.dll,-8002; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 PNRPsvc;@%SystemRoot%\system32\p2psvc.dll,-8000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-05-22 92792]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe [2009-04-22 98488]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 SLUINotify;@%SystemRoot%\system32\SLUINotify.dll,-103; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2006-11-02 12800]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2008-01-21 35840]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2008-01-21 382976]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-02-08 43544]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096]
S4 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-22 75064]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-02-08 246808]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 03 bře 2010 19:16

Dobrý večer

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
- otevře se okno, v něm zaškrtněte Scan All Users , File Scan,
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
CREATERESTOREPOINT

-klikněte na tlačítko Run scan.
-proběhne sken a objeví se dva logy, obsah obou vložte zde

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Zayl · #3 Příspěvek od **Zayl** » 03 bře 2010 20:10

Omlouvam se ze to tak trva, ale prave jsem se vratil z tretiho BSoD a vypada to ze normalni beh windows jiz neni mozny, scany budu muset provest v nouzovem rezimu. Mam maly dotaz k nastaveni OTL, zaskrtnuti scan all users vidim, ale to druhe ne. Myslite tim zaskrtnout vsechna mozna pole v oblasti "File scans"?

#4 Příspěvek od **motji** » 03 bře 2010 20:16

Omlouvám se, tam to nechejte jak to je.

Provedte sken v nouzovém režimu

Zayl · #5 Příspěvek od **Zayl** » 03 bře 2010 20:58

Log OTL.txt

OTL logfile created on: 3.3.2010 20:19:31 - Run 2
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Zayl\Desktop
Windows Vista Home Premium Edition Service Pack 3 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 13,05 Gb Free Space | 13,86% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 25,09 Gb Free Space | 12,86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MILAN-PC
Current User Name: Zayl
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
PRC - [2010.02.19 06:58:43 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.12.15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\Zayl\Desktop\gmer.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:23:52 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe

========== Modules (SafeList) ==========

MOD - [2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
MOD - [2008.01.21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.02.20 09:52:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- D:\avast\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- D:\avast\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- D:\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.08.14 03:15:28 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.04.22 22:45:34 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.11.25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2008.11.25 05:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.06.20 02:14:31 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.22 00:57:50 | 000,092,792 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008.04.29 10:36:46 | 000,877,864 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2008.04.25 13:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.02.28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.02.08 07:33:34 | 000,091,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.02.08 07:33:30 | 038,510,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.DABAZE\MSSQL\Binn\sqlservr.exe -- (MSSQL$DABAZE) SQL Server (DABAZE)
SRV - [2008.02.08 07:33:26 | 000,246,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.02.08 07:33:26 | 000,043,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.15 23:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.11.02 13:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006.10.26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV - [2010.02.11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.02.11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.02.11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.02.11 19:38:45 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.02.11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.02.03 13:36:22 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009.08.14 05:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.08.12 11:20:53 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.08.12 11:20:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.07.27 03:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.05.06 16:42:08 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys.14082952 -- (sptd)
DRV - [2009.04.12 22:51:26 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008.06.13 16:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.05.22 00:57:38 | 000,034,576 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2008.04.28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.04.11 16:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.04.03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008.03.18 23:00:00 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.02.14 13:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.02.08 07:27:36 | 000,239,128 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0101.sys -- (RsFx0101)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:27 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.08.17 14:12:28 | 000,190,512 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006.11.01 14:42:14 | 000,033,280 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2003.04.28 19:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=FUJD
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=FUJD
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=FUJD
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\S-1-5-21-686728410-4016434104-3882101393-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.4.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.19 06:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.19 06:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009.05.05 21:41:21 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Extensions
[2010.03.03 20:16:18 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions
[2009.08.02 10:25:59 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.02.28 19:44:38 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.01.19 09:42:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.19 09:42:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.30 10:24:43 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010.01.30 10:24:49 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\foxmarks@kei.com
[2010.03.03 20:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.23 10:05:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.23 10:05:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.23 10:05:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.23 10:05:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.23 10:05:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.03.01 16:46:42 | 000,001,359 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 cohlive-1.quazal.net
O1 - Hosts: 127.0.0.1 cohlive.quazal.net
O1 - Hosts: 127.0.0.1 nwmaster.bioware.com
O1 - Hosts: 127.0.0.1 nwnauth.kr.infogrames.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] D:\avast\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.)
O4 - HKU\.DEFAULT..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-18..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001..\Run: [uTorrent] C:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zayl\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zayl\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4190f326-41f0-11de-90ab-001f1616280e}\Shell - "" = AutoRun
O33 - MountPoints2\{4190f326-41f0-11de-90ab-001f1616280e}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{54ed169f-8698-11de-9146-001f1616280e}\Shell - "" = AutoRun
O33 - MountPoints2\{54ed169f-8698-11de-9146-001f1616280e}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{54ed169f-8698-11de-9146-001f1616280e}\Shell\directx\command - "" = DirectX9\dxsetup.exe
O33 - MountPoints2\{54ed169f-8698-11de-9146-001f1616280e}\Shell\setup\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{a1e9ff7b-3a54-11de-a987-001f1616280e}\Shell - "" = AutoRun
O33 - MountPoints2\{a1e9ff7b-3a54-11de-a987-001f1616280e}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{a1e9ff7c-3a54-11de-a987-001f1616280e}\Shell - "" = AutoRun
O33 - MountPoints2\{a1e9ff7c-3a54-11de-a987-001f1616280e}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
O33 - MountPoints2\{f93b662f-a53e-11de-9358-001f1616280e}\Shell - "" = AutoRun
O33 - MountPoints2\{f93b662f-a53e-11de-9358-001f1616280e}\Shell\AutoRun\command - "" = G:\CDCheck.exe -- File not found
O33 - MountPoints2\{f93b6630-a53e-11de-9358-001f1616280e}\Shell - "" = AutoRun
O33 - MountPoints2\{f93b6630-a53e-11de-9358-001f1616280e}\Shell\AutoRun\command - "" = H:\CDCheck.exe -- File not found
O33 - MountPoints2\{f93b6631-a53e-11de-9358-001f1616280e}\Shell - "" = AutoRun
O33 - MountPoints2\{f93b6631-a53e-11de-9358-001f1616280e}\Shell\AutoRun\command - "" = I:\CDCheck.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010.03.03 19:22:13 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
[2010.03.03 15:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.03.03 14:51:00 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.03.03 14:50:59 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.03.03 14:50:58 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.03.03 14:50:58 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.03.03 14:50:56 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.03.03 14:50:30 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.03.03 14:50:30 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.03.03 14:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.03.01 17:47:23 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.03.01 17:47:23 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.03.01 17:47:23 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.03.01 17:45:21 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.03.01 17:45:21 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.03.01 17:45:16 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.03.01 17:45:16 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.03.01 17:45:11 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.03.01 17:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\PC Tools
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.03.01 16:54:27 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.01 16:19:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\runouce.exe
[2010.03.01 16:18:07 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010.03.01 16:18:06 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010.03.01 16:18:05 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2010.03.01 16:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010.03.01 16:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010.02.27 23:23:25 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\gothic3
[2010.02.27 23:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010.02.27 23:15:14 | 000,073,728 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\System32\ISUSPM.cpl
[2010.02.27 20:51:50 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\progs
[2010.02.27 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\isos
[2010.02.27 20:45:11 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\skola
[2010.02.27 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\txt
[2010.02.27 20:42:21 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\images
[2010.02.24 13:51:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.02.24 13:51:01 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.02.24 13:51:01 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.02.24 13:51:01 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.02.24 13:51:01 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.02.24 13:51:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.02.24 13:51:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.02.24 13:51:00 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.02.24 13:51:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.02.24 13:51:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.02.20 12:29:56 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\Mumble
[2010.02.20 11:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2010.02.20 10:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.02.20 10:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010.02.20 09:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.02.20 09:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.02.19 23:08:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.02.19 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\Bioshock2
[2010.02.19 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\Bioshock2
[2010.02.19 22:56:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.02.19 22:52:03 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.02.19 22:52:03 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.02.19 22:52:03 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.02.19 22:52:03 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.02.19 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\Heroes of Newerth
[2010.02.19 21:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2010.02.12 18:10:06 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\DAModder
[2010.02.10 22:24:04 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\TS3Client
[2010.02.10 22:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010.02.10 19:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010.02.10 13:10:14 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\EVE
[2010.02.10 13:10:05 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Local\CCP
[2010.02.10 12:30:08 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\EVEMon
[2010.02.10 12:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\EVEMon
[2010.02.10 12:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CCP
[2010.02.10 07:24:21 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.02.10 07:24:21 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.02.10 07:24:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.02.10 07:24:14 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.02.10 07:24:14 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.02.10 07:24:14 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.02.10 07:24:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.02.06 23:31:43 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\trash
[2010.02.03 13:36:22 | 000,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.03 20:10:00 | 004,194,304 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT
[2010.03.03 20:05:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.03 20:04:43 | 259,877,514 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.03.03 19:55:49 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2010.03.03 19:55:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.03 19:55:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.03 19:55:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.03 19:54:46 | 000,524,288 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.03.03 19:54:46 | 000,065,536 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
[2010.03.03 19:19:53 | 000,001,710 | ---- | M] () -- C:\Users\Zayl\Desktop\CCleaner.lnk
[2010.03.03 17:57:36 | 000,012,444 | ---- | M] () -- C:\Users\Zayl\Desktop\Milion a jeden hlas.docx
[2010.03.03 17:34:20 | 000,170,119 | ---- | M] () -- C:\Users\Zayl\Desktop\1267618076435.jpg
[2010.03.03 14:51:01 | 000,000,554 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.03.03 14:50:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.03.02 21:48:10 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5AFFE2BC-8763-471D-9476-460F5AE1B7B9}.job
[2010.03.02 20:26:35 | 001,515,664 | ---- | M] () -- C:\Users\Zayl\Desktop\sapkowski-saga-1-krev-elfu.pdf
[2010.03.02 20:09:32 | 000,252,926 | ---- | M] () -- C:\Users\Zayl\Desktop\1267543246306.jpg
[2010.03.01 17:45:15 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.03.01 16:46:42 | 000,001,359 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.03.01 16:18:06 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010.03.01 16:18:05 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010.03.01 16:18:04 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2010.03.01 14:06:58 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.02.25 22:50:23 | 000,101,232 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010.02.25 06:52:42 | 000,101,232 | ---- | M] () -- C:\Users\Zayl\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.25 06:51:22 | 002,305,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.02.22 21:56:02 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.02.20 12:30:26 | 000,002,378 | ---- | M] () -- C:\Users\Zayl\Documents\MumbleAutomaticCertificateBackup.p12
[2010.02.20 11:15:29 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.02.19 21:39:57 | 000,001,750 | ---- | M] () -- C:\Users\Zayl\Desktop\Heroes of Newerth.lnk
[2010.02.11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.02.11 19:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.02.11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.02.11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.02.11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.02.11 19:38:45 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.02.11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.02.10 19:27:51 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.02.05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.02.05 09:18:02 | 000,100,136 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.02.05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.02.04 10:01:14 | 000,528,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.02.04 10:01:14 | 000,238,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.02.04 10:01:14 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.02.04 10:01:14 | 000,022,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.02.03 13:36:22 | 000,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.03 19:43:59 | 259,877,514 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.03.03 19:25:31 | 000,293,376 | ---- | C] () -- C:\Users\Zayl\Desktop\gmer.exe
[2010.03.03 17:34:19 | 000,170,119 | ---- | C] () -- C:\Users\Zayl\Desktop\1267618076435.jpg
[2010.03.03 14:51:01 | 000,000,554 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.03.02 22:16:02 | 000,012,444 | ---- | C] () -- C:\Users\Zayl\Desktop\Milion a jeden hlas.docx
[2010.03.02 20:26:35 | 001,515,664 | ---- | C] () -- C:\Users\Zayl\Desktop\sapkowski-saga-1-krev-elfu.pdf
[2010.03.02 20:09:31 | 000,252,926 | ---- | C] () -- C:\Users\Zayl\Desktop\1267543246306.jpg
[2010.03.01 17:47:23 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.03.01 17:47:23 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.03.01 17:47:23 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.03.01 17:47:23 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.03.01 17:47:23 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.03.01 17:45:21 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.03.01 17:45:16 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.03.01 17:45:16 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.03.01 17:45:15 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.03.01 17:45:11 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.03.01 16:18:05 | 000,000,522 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest
[2010.02.20 12:30:26 | 000,002,378 | ---- | C] () -- C:\Users\Zayl\Documents\MumbleAutomaticCertificateBackup.p12
[2010.02.20 11:15:29 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.02.19 21:39:57 | 000,001,750 | ---- | C] () -- C:\Users\Zayl\Desktop\Heroes of Newerth.lnk
[2010.02.10 19:27:48 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.01.29 15:30:02 | 000,015,412 | ---- | C] () -- C:\Windows\System32\BReWErS.dll
[2009.12.24 13:18:49 | 000,000,319 | ---- | C] () -- C:\Windows\CoDUO.INI
[2009.12.23 10:00:09 | 000,000,709 | ---- | C] () -- C:\Windows\CoD.INI
[2009.11.27 17:19:12 | 000,000,092 | ---- | C] () -- C:\Users\Zayl\AppData\Local\fusioncache.dat
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.11.03 14:04:22 | 000,353,792 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009.11.03 14:04:22 | 000,107,520 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2009.11.01 14:00:47 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.10.29 16:04:16 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.10.29 16:04:16 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.09.24 13:32:26 | 000,000,635 | ---- | C] () -- C:\Windows\Sta2.INI
[2009.08.30 15:06:21 | 000,144,384 | ---- | C] () -- C:\Windows\System32\miccyhook.dll
[2009.07.25 00:02:10 | 000,138,376 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.19 19:52:27 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.06.19 19:52:27 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.06.19 19:46:58 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.05.17 20:18:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.05.08 19:03:43 | 010,059,776 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009.05.06 13:46:53 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.05.06 13:44:11 | 000,008,192 | ---- | C] () -- C:\Users\Zayl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.06 12:22:15 | 000,000,185 | ---- | C] () -- C:\Users\Zayl\AppData\Local\RAExpertHistory.xml
[2008.10.23 22:28:12 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.10.23 22:27:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.22 00:56:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008.04.25 13:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\NSREG.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009.03.16 13:35:46 | 000,525,128 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.08.16 13:03:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=66A1A71D66C5235A31C16F30147E7AF6 -- C:\Windows\System32\drivers\atapi.sys
[2008.08.16 13:03:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=66A1A71D66C5235A31C16F30147E7AF6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_181d523c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.08.16 13:03:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=66A1A71D66C5235A31C16F30147E7AF6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22245_none_dd9b888d3ac35a04\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Zayl · #6 Příspěvek od **Zayl** » 03 bře 2010 20:59

Log Extras.txt

OTL Extras logfile created on: 3.3.2010 19:24:09 - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Zayl\Desktop
Windows Vista Home Premium Edition Service Pack 3 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 13,27 Gb Free Space | 14,09% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 25,09 Gb Free Space | 12,86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MILAN-PC
Current User Name: Zayl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-686728410-4016434104-3882101393-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A07AB2-0C83-4AB2-84BC-F88955C51B05}" = lport=445 | protocol=6 | dir=in | app=system |
"{01B72B85-7898-4701-B8CB-B7C370241959}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{038188CA-11BE-47E0-A329-305266FAACFE}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{171D6E23-B976-4FFE-AFED-D40CA26153FA}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{19C2DF17-CA95-496D-8A14-0E5880947599}" = lport=5358 | protocol=6 | dir=in | app=system |
"{1AEF7642-8A89-4C4A-8E95-7B2F23AEE8A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D1CCEF2-6EC8-4FB5-8945-F2DB8F6A8C76}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{1D2B69F1-E716-457F-B084-1A54B1E730C0}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{223F1FEF-B8D3-457A-B99E-4C9FBD542DA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{22E2EDF3-EA78-4DB7-8809-7351949F1A78}" = lport=5555 | protocol=6 | dir=in | name=torrent |
"{2DF6C654-36A3-45D6-A1E6-8589EB80712D}" = lport=137 | protocol=17 | dir=in | app=system |
"{34A3B9FE-EE33-4B19-8EE3-097F5735A270}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{35B84858-3728-4235-99B9-A0B60056CB2D}" = lport=5555 | protocol=17 | dir=in | name=torrrent |
"{3A8C711A-FC53-497B-9B95-C3B358D452D7}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{3B566435-D6FF-43CF-8BF5-5235A65A971E}" = rport=137 | protocol=17 | dir=out | app=system |
"{3DE283D6-98AA-4379-BEF7-26E94733A1A9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{4CA2B70B-3067-4F8E-84F7-3B4EF5AEF42D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3\rpcagentsrv.exe |
"{594D3C16-ED88-4650-B910-F5A74D2AC620}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3\wnt500x86\rpcsandrasrv.exe |
"{5CAA79D5-34EE-40C2-BBBB-DC423560BFC0}" = rport=5357 | protocol=6 | dir=out | app=system |
"{5E7DC354-3EA4-4F05-B64B-C868D0D27A7C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{6163F213-F345-40AC-A8F8-EBD7C93AE11A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{63158B25-0D83-4A3E-9B85-20114B53A2AC}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{69368B29-022E-4BDA-ABB5-5594A66F5534}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7752D7DB-47E2-4E63-9F2C-EAC9448EC0A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B466AC4-81AA-4710-9BEE-CE2DB4332882}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BA602B3-AD5F-4C9C-A6EE-888AF9E3C382}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CE4E389-FBF4-4D7B-B4F8-1C4D237D3825}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{81C2388D-CC87-424C-8859-BDDFE258838D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84C60B2A-ED54-4B48-A0BB-40C3029CE5A7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{889ECD68-7DB4-43F3-B1EF-61E8FBEBC0D5}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{88F10CBA-9972-4944-9311-FB9B654C1181}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{89EE548E-DA5B-451B-8807-AC319398988C}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{9242A9FE-3C63-4CEE-B3D6-DD4496158843}" = lport=139 | protocol=6 | dir=in | app=system |
"{99D8B24E-E22F-4024-9962-B8C19CC61287}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{A128EF29-7E57-4A2B-9588-B85C761A764D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A21E2569-0B58-46DC-8A6B-1FF2780F46E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A237D817-8616-4049-AA28-1E3CAFBDA88E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A417E042-1D8E-4002-BDA1-6AB67EC8F632}" = rport=5358 | protocol=6 | dir=out | app=system |
"{A6C211B8-7E9B-4F7F-8878-6A550FE68CAB}" = lport=5357 | protocol=6 | dir=in | app=system |
"{AE30B342-F0FF-47EB-B25E-511734B11034}" = lport=138 | protocol=17 | dir=in | app=system |
"{B097E63C-2445-4CB5-9E04-63F1DC1DF8A3}" = rport=445 | protocol=6 | dir=out | app=system |
"{BA801F97-0AAB-449E-A444-757B2D370B18}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{C90BAE29-9099-4352-A230-D4E9A6D001E9}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{CA5FFC93-D89C-4C51-B8DC-4112497F7C4A}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CDD35CFF-4BFF-43E9-A803-F559F85AB225}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{CFD6B870-B2DF-4892-B7A7-1463CF45F021}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D8E6F4E5-437F-4A0E-8097-0945EDF5944C}" = rport=139 | protocol=6 | dir=out | app=system |
"{DDDD906D-551D-415C-B361-774EB7DF0A1A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E493E8FF-EF52-445C-B5A8-C08C90EDEF5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E586A442-18AB-42D9-98FA-F545A55914DE}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{F2D6CE38-3943-4BD6-B8BC-CE06F9030383}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FFEFCE33-CF03-4AF5-A457-B94C65E4A7D7}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F9DB9E-9BC2-4093-93EE-58723C236582}" = protocol=17 | dir=in | app=c:\users\zayl\games\company of heroes\reliccoh.exe |
"{05116AB1-64B0-4184-BFF5-77A55A3FD813}" = protocol=6 | dir=in | app=c:\users\zayl\games\tom clancy's h.a.w.x\hawx.exe |
"{06391D6E-14DE-497A-AFEE-E2A317883BA9}" = protocol=6 | dir=in | app=c:\program files\willing webcam\wwcam.exe |
"{074F9FA4-8F44-47CA-B67F-C8EF226D3DA7}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{0784D880-2C30-49B4-9B08-8A227E344CF2}" = protocol=17 | dir=in | app=d:\mass effect\masseffectlauncher.exe |
"{079EF6DF-830B-4062-9BB1-A7507BD3C67A}" = protocol=17 | dir=in | app=d:\dragon age\tools\rpu.exe |
"{0EDB2D35-1798-46A6-9CF9-EF4EA0FDF527}" = protocol=17 | dir=in | app=d:\hry\civ\colonization.exe |
"{12C35987-786D-431D-856F-F98DE55FD85D}" = protocol=17 | dir=in | app=d:\dragon age\daoriginslauncher.exe |
"{13613245-9609-40B8-AEFC-B1E9421654F3}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{14241095-7FD8-421A-B627-F6A08E681796}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1482163F-27D8-4552-B80A-356D9ED9C900}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{15137EA8-5203-4330-B483-D7D629F7CF62}" = protocol=6 | dir=in | app=d:\mass effect 2\masseffect2launcher.exe |
"{196872B4-7D8B-4031-AB9F-9AB728592D8F}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{1B90EB3B-69A0-4CAB-A7ED-1F63CC684F4E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1BFA3205-CC36-404C-971C-04B42612DF44}" = protocol=17 | dir=in | app=c:\program files\willing webcam\wwcam.exe |
"{1EE48DD2-3B83-4197-9C0C-464DA3B5BF0C}" = protocol=6 | dir=in | app=d:\swfc\swfoc.exe |
"{2263C826-9638-41A8-8FC5-5BFFEECAAA48}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{24A74FF3-1E62-4641-B713-5CC34A2225EA}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{27930F2C-95B6-46F9-BCC2-C1F14B0C92A3}" = protocol=17 | dir=in | app=c:\users\zayl\games\tom clancy's h.a.w.x\hawx_dx10.exe |
"{29586A1C-B58F-4F33-948D-3D2EFD1030E2}" = protocol=6 | dir=in | app=d:\dragon age\daoriginslauncher.exe |
"{29E22495-2E7A-4383-BABA-F3CD95B81FB5}" = protocol=17 | dir=in | app=d:\hry\company of heroes\relicdownloader\relicdownloader.exe |
"{2ADDBAF7-0487-4D9E-8B57-409EC1927D81}" = protocol=6 | dir=in | app=d:\wic\wic.exe |
"{38296380-1F2C-476A-AAC1-0249096892B0}" = protocol=6 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe |
"{3AAECF6F-D996-4745-AE40-C98356DDA583}" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe |
"{3C1573EE-B48E-4B67-B683-F220FA063C09}" = protocol=6 | dir=in | app=d:\dragon age\tools\rpu.exe |
"{3CDC1579-695D-42CB-8FEC-A0C66345BA16}" = protocol=17 | dir=in | app=c:\docasna_slozka\nwn\fdx-nwnl.exe |
"{3D1AC9EE-9520-4CA4-8701-8B1445277E7D}" = protocol=17 | dir=in | app=d:\dragon age\tools\erfeditor.exe |
"{3E98D0B4-B707-4BDC-821F-4C08F9EB4743}" = protocol=17 | dir=in | app=d:\wic\wic_online.exe |
"{3F58BD38-D805-4557-B595-25DD8BC0CD73}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{44262786-21F3-4AEF-87B7-480FD26EB3CE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{45EC73C4-393D-46AC-A6C3-D720534C9E9B}" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daupdatersvc.service.exe |
"{466C1785-6480-4608-A69C-E3C457250F41}" = protocol=6 | dir=in | app=d:\hry\company of heroes\relicdownloader\relicdownloader.exe |
"{4944D280-881B-47E9-A70E-4852327870DB}" = protocol=6 | dir=in | app=d:\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{4CFB7049-AC45-459F-B9B0-CE65E76CE1DC}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4ED06B51-9893-4EEF-B218-CCED5A69A290}" = protocol=17 | dir=in | app=d:\hry\sw\gamedata\sweaw.exe |
"{508E71DC-FD29-4946-B178-272964B7FA6B}" = protocol=17 | dir=in | app=d:\dragon age\tools\lightmapper\eclipseray.exe |
"{50A082AF-C37B-4629-B1B8-AEA34F049FC6}" = protocol=6 | dir=in | app=d:\mass effect\binaries\masseffect.exe |
"{53B57C6B-AB4C-4D43-9E9D-1595FB0C787D}" = protocol=6 | dir=in | app=d:\dragon age\tools\erfeditor.exe |
"{54CFB913-349F-4A86-8312-422D60B6195E}" = protocol=6 | dir=in | app=d:\dragon age\tools\gffeditor.exe |
"{5590DCB4-9B9F-4C97-9FB1-44AFDD214A57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{58576B60-AAAB-4107-AFE9-25A405C17C9F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6D56D186-6E9B-495B-9580-5EE14FDE1254}" = protocol=17 | dir=in | app=d:\mass effect 2\masseffect2launcher.exe |
"{709D0815-B73C-4646-920B-53B04F8BE15E}" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe |
"{74CDB39C-DC9D-4EA4-8714-6B5503EDF297}" = protocol=6 | dir=in | app=d:\hry\civ\colonization.exe |
"{76130C30-BCF2-4380-A998-6A28CAD73383}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7DA8D8BB-464C-4662-81A8-D1246AD5A1D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{81F4DC7C-9945-4FED-BAF5-5B9B650F70AC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8E0847C7-0F1C-4594-9C02-D7482748937A}" = protocol=6 | dir=in | app=c:\users\zayl\games\tom clancy's h.a.w.x\hawx_dx10.exe |
"{8E383311-2566-45F8-8009-4353EBA348F9}" = protocol=6 | dir=in | app=d:\dragon age\tools\lightmapper\eclipseray.exe |
"{8E53F5CA-C0E0-49A4-ACFE-558459393CC9}" = protocol=17 | dir=in | app=d:\dragon age\tools\gffeditor.exe |
"{8EF68D83-9C3E-4F22-BD15-BBE7AC9E8B19}" = protocol=17 | dir=in | app=d:\swfc\swfoc.exe |
"{959FA7E3-14EC-4322-87A6-928836CF969A}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{97007F28-FCAE-4E1C-9B68-4BE240D12172}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{9870AA9D-85AD-48A4-A854-6DAE0FF7FC46}" = protocol=17 | dir=in | app=d:\mass effect\binaries\masseffect.exe |
"{9F527C8C-81A0-4260-B356-1466BEB7CC44}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{A301AB49-A94C-42E1-8A99-3205FBBE8DB8}" = protocol=6 | dir=in | app=d:\bf\bf2.exe |
"{AA57EF69-14BA-4A12-AA63-7E65A5F5318B}" = protocol=6 | dir=in | app=c:\docasna_slozka\nwn\fdx-nwnl.exe |
"{B51620D9-B7EC-468B-B744-753DAE2911DD}" = protocol=6 | dir=in | app=d:\mass effect\masseffectlauncher.exe |
"{BA193BB7-58DD-4E0C-AB9D-0A69C5B39AEB}" = protocol=17 | dir=in | app=d:\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{BBD122F5-7BD5-47F3-9662-56BE3012C91F}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{C7A2C760-30F2-433E-96D7-599D0D272070}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C7F6EEB9-2686-47F1-B972-A12921030994}" = protocol=17 | dir=in | app=d:\wic\wic.exe |
"{CCB41BE3-6E8B-4E17-A8B2-3BF9F2B9B49D}" = protocol=6 | dir=in | app=d:\dragon age\tools\dragonagetoolset.exe |
"{CCDA4DA5-DBFB-4E23-9721-7298D92C5DC8}" = protocol=17 | dir=in | app=c:\users\zayl\games\tom clancy's h.a.w.x\hawx.exe |
"{CE21505B-6028-491C-9772-FEA4C63AEE01}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{CFD29055-48A7-49F8-B847-B782993A8F70}" = protocol=6 | dir=in | app=d:\hry\sw\gamedata\sweaw.exe |
"{D056269E-9994-45F9-BD8F-EC5FEDBBE61A}" = protocol=6 | dir=in | app=c:\users\zayl\games\company of heroes\reliccoh.exe |
"{D7D06B88-E5C3-42B6-A7E6-A8822D133EF1}" = protocol=17 | dir=in | app=d:\wic\wic_ds.exe |
"{D7DE18D8-4B4E-4A4B-95C6-42F3019F5B20}" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daupdatersvc.service.exe |
"{D9DBE063-8DE5-4F2D-9E0D-B08E2AB72505}" = protocol=17 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe |
"{DD900986-AFB4-44A5-B67B-5C263AD00FD3}" = protocol=17 | dir=in | app=d:\dragon age\tools\dragonagetoolset.exe |
"{DDA7C598-9617-400D-A489-6578AA345FE5}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{DEF0B3E3-5258-4824-8056-E51C422C07A0}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E0E3E192-80DD-49DE-B059-17E4C00D79FA}" = protocol=6 | dir=in | app=d:\wic\wic_ds.exe |
"{E4BF7D36-DD18-4EBD-A849-5B7EDC143331}" = protocol=17 | dir=in | app=d:\bf\bf2.exe |
"{EA9FE3E4-BB4B-4EFE-BC81-76EEC603B801}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EB1EA956-5963-4ACB-9906-8D6B17DA6B3E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{EC87DBF5-930C-4452-8C3C-6A8612F70C64}" = protocol=6 | dir=in | app=d:\wic\wic_online.exe |
"{F4450139-E5CE-4016-A15D-1BE79A3313E1}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{F92215DD-8069-44DE-AFE4-3A3941EA96B5}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{FA33FAF8-49DB-4E91-913B-60E0C6374B78}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FA8BF99F-29CB-4366-94B3-AF9035BBDE0D}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3\rpcagentsrv.exe |
"{FB0B4BAD-E02A-43B6-B1EA-5F2A73202D6E}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3\wnt500x86\rpcsandrasrv.exe |
"TCP Query User{00019F18-C2A8-43B9-AA25-4284263F8B76}C:\lulz hawks\hawx_dx10.exe" = protocol=6 | dir=in | app=c:\lulz hawks\hawx_dx10.exe |
"TCP Query User{148F1E92-BC63-4A9A-9333-97FB7B2143DD}D:\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe" = protocol=6 | dir=in | app=d:\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"TCP Query User{202AD03C-0E0C-4FFF-8E1C-2038D90E3A9A}D:\hry\coh\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=d:\hry\coh\relicdownloader\relicdownloader.exe |
"TCP Query User{21C3996D-9FDA-4A92-86E5-85E59E9011BA}D:\garena\garena.exe" = protocol=6 | dir=in | app=d:\garena\garena.exe |
"TCP Query User{37CA2FDC-B54A-4B2B-B28E-AD95307F98BD}D:\hry\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\hry\warcraft iii\war3.exe |
"TCP Query User{3F930EE6-E39A-468C-AD39-94BE49078338}C:\users\zayl\games\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\users\zayl\games\company of heroes\reliccoh.exe |
"TCP Query User{494B7913-7B2C-4EAB-BFE8-B3C77D9DFD5A}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{4BBA2F5C-0A87-461B-81CF-85B2C44117AF}C:\program files\gnaural\gnaural.exe" = protocol=6 | dir=in | app=c:\program files\gnaural\gnaural.exe |
"TCP Query User{4DE55E40-78D4-49F1-A05E-64367E7045D2}C:\users\zayl\games\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\zayl\games\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{535191A2-3EDB-4788-8B59-7ECEC02D1C7C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{5F0D6E0F-2661-488D-8564-042192003EA9}C:\docasna_slozka\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\docasna_slozka\nwn\nwmain.exe |
"TCP Query User{70C68C44-E71B-4C2A-8CD6-6D8EF3F2C32B}D:\call of duty\coduomp.exe" = protocol=6 | dir=in | app=d:\call of duty\coduomp.exe |
"TCP Query User{732E9ECA-3C4F-43D2-B378-D0F3AE0ED110}D:\hry\c3\commandos3.exe" = protocol=6 | dir=in | app=d:\hry\c3\commandos3.exe |
"TCP Query User{770C8C17-AC0F-4310-ACBF-98E7BC6D0BA1}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"TCP Query User{7C849852-E083-406B-BDF3-15E69E120AEE}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{7E3EFBBF-EAC1-4EF5-8484-147CD7490A2A}D:\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe |
"TCP Query User{7F1A4791-85F1-4E75-99AB-288C2F76EABD}D:\hry\coh\reliccoh.exe" = protocol=6 | dir=in | app=d:\hry\coh\reliccoh.exe |
"TCP Query User{89A3956E-0041-4559-AF17-59615EB8CFA4}C:\docasna_slozka\original war\owarfull.dll" = protocol=6 | dir=in | app=c:\docasna_slozka\original war\owarfull.dll |
"TCP Query User{90A52C5F-83EC-4575-A30C-09653563A186}D:\hry\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=d:\hry\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{92660008-E39E-484F-9B16-D18FC9859897}C:\docasna_slozka\nwn\nwserver.exe" = protocol=6 | dir=in | app=c:\docasna_slozka\nwn\nwserver.exe |
"TCP Query User{96F94C82-62A5-4F8C-8152-CDF4B190AB21}C:\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\tom clancy's h.a.w.x\hawx.exe |
"TCP Query User{9C3AC1C2-B86F-4E21-B379-7912229C3520}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9CE38191-47A3-4C4A-8C9D-F48B484ABD77}D:\hry\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\hry\warcraft iii\war3.exe |
"TCP Query User{9DB372A5-D15D-4204-9D96-BD280262C9C0}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{9E2F6B9C-F3FB-4C09-8231-A77862B6DD2F}D:\hry\coh\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=d:\hry\coh\relicdownloader\relicdownloader.exe |
"TCP Query User{9F6E7699-30DE-48FE-9CC5-C3BE29752D45}D:\ghost\ghost\ghost.exe" = protocol=6 | dir=in | app=d:\ghost\ghost\ghost.exe |
"TCP Query User{A000DAD9-7A74-42AB-BA2B-596466CB3206}D:\eve\bin\exefile.exe" = protocol=6 | dir=in | app=d:\eve\bin\exefile.exe |
"TCP Query User{A5ED8482-E68E-44A3-B9FC-68F4171BBD10}C:\lulz hawks\hawx.exe" = protocol=6 | dir=in | app=c:\lulz hawks\hawx.exe |
"TCP Query User{B48AEA9A-C33F-4986-8EE1-D6DE6366BDF5}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{B7BBF58B-B512-464F-AA28-E0ED809FF2C4}C:\program files\webteh\bsplayer\bsplayer.exe" = protocol=6 | dir=in | app=c:\program files\webteh\bsplayer\bsplayer.exe |
"TCP Query User{BCA4666F-3562-45DD-A085-A84DD9E6FE34}D:\ul\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\ul\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"TCP Query User{BF3BD7DF-86B0-4086-9269-AF3734E52E9B}C:\docasna_slozka\nwn\fdx-nwnl.exe" = protocol=6 | dir=in | app=c:\docasna_slozka\nwn\fdx-nwnl.exe |
"TCP Query User{C024578E-2FEC-46A4-9412-2370F52B5306}D:\hry\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=d:\hry\company of heroes\reliccoh.exe |
"TCP Query User{C353020E-A4B6-424D-B8B5-270FE18D6DC0}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe |
"TCP Query User{C57AB5F2-1C05-456F-9246-A35931E0D622}D:\hry\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=d:\hry\company of heroes\reliccoh.exe |
"TCP Query User{D279491D-D037-420C-A176-A80E0603AA71}C:\windows\system32\regsvr32.exe" = protocol=6 | dir=in | app=c:\windows\system32\regsvr32.exe |
"TCP Query User{D6C47233-E647-491D-B474-27119F7DAE87}C:\docasna_slozka\nwn\nwserver.exe" = protocol=6 | dir=in | app=c:\docasna_slozka\nwn\nwserver.exe |
"TCP Query User{DA8AE668-1F04-403C-AF03-FAF5B82B6F1F}C:\docasna_slozka\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\docasna_slozka\nwn\nwmain.exe |
"TCP Query User{E1D651B5-2592-4614-8BD0-3C64A4499319}D:\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe" = protocol=6 | dir=in | app=d:\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"TCP Query User{E7D2B874-234F-434F-A3D5-B8DD3B79BBEA}D:\hry\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=d:\hry\company of heroes\bugreport\bugreport.exe |
"TCP Query User{E9F7F321-DF36-439E-A7A8-A81879462112}D:\stardock games\sins of a solar empire\sins of a solar empire.exe" = protocol=6 | dir=in | app=d:\stardock games\sins of a solar empire\sins of a solar empire.exe |
"TCP Query User{EB8D9E60-BE2E-4E20-A141-EE8ACB2033D9}D:\hry\coh\reliccoh.exe" = protocol=6 | dir=in | app=d:\hry\coh\reliccoh.exe |
"TCP Query User{EE71627C-BC95-46F4-A1FA-E32208EDFD69}D:\men of war\mow.exe" = protocol=6 | dir=in | app=d:\men of war\mow.exe |
"TCP Query User{F087DF72-8EF3-4755-9DA8-78D5155A0AB5}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{F81DC33C-83AA-4133-887D-851870CEC235}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{09A0B36A-5B0D-4769-9A20-1422D1B80A80}C:\docasna_slozka\original war\owarfull.dll" = protocol=17 | dir=in | app=c:\docasna_slozka\original war\owarfull.dll |
"UDP Query User{0C9E9F60-9A83-4DE4-AE75-1CF23F5CE0E4}C:\program files\gnaural\gnaural.exe" = protocol=17 | dir=in | app=c:\program files\gnaural\gnaural.exe |
"UDP Query User{0DBBD808-E5E1-442D-8F70-9D18A9ABC80E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{25BAE37E-609C-4EAF-82DC-71F76BD23514}D:\hry\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=d:\hry\company of heroes\bugreport\bugreport.exe |
"UDP Query User{35AE2941-090A-4AE0-8492-722D496E32F3}D:\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe" = protocol=17 | dir=in | app=d:\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"UDP Query User{38857185-D701-49F0-A3AF-B3DA09BB10B9}C:\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\tom clancy's h.a.w.x\hawx.exe |
"UDP Query User{471C2D28-D54E-4F6C-AC8A-24EA0F69F831}D:\hry\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=d:\hry\company of heroes\reliccoh.exe |
"UDP Query User{48718589-51C6-4744-8C81-F1FE8CF1FB66}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{4C4D83CE-6796-4A4C-9C20-67C4F28D445B}D:\hry\coh\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=d:\hry\coh\relicdownloader\relicdownloader.exe |
"UDP Query User{52421A57-0357-4B1E-872E-DB6AB6295F47}C:\lulz hawks\hawx.exe" = protocol=17 | dir=in | app=c:\lulz hawks\hawx.exe |
"UDP Query User{5EE6D1DC-6B64-43EA-A235-0E2B63E4AD9B}D:\call of duty\coduomp.exe" = protocol=17 | dir=in | app=d:\call of duty\coduomp.exe |
"UDP Query User{61B74E9E-A065-44B7-803D-DA287993F332}C:\docasna_slozka\nwn\fdx-nwnl.exe" = protocol=17 | dir=in | app=c:\docasna_slozka\nwn\fdx-nwnl.exe |
"UDP Query User{6A2571A5-9749-4F7F-A49C-B849AE0F6870}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{6EFB033D-D147-4DAA-992C-CE477356FAB1}D:\eve\bin\exefile.exe" = protocol=17 | dir=in | app=d:\eve\bin\exefile.exe |
"UDP Query User{6F9301B3-9954-483E-BFA2-277F4CFB4D6D}D:\men of war\mow.exe" = protocol=17 | dir=in | app=d:\men of war\mow.exe |
"UDP Query User{70902ACA-C385-47B4-90CF-CFB4C3CB06C4}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{74D4D0BC-EB29-4E96-BDBB-E33346028D6B}C:\users\zayl\games\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\zayl\games\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{79CA6B16-10F8-4800-9A54-BCBBCF1CC2EE}D:\hry\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\hry\warcraft iii\war3.exe |
"UDP Query User{7CFB6296-2289-4F9D-B1A4-8BC948ADCDFF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8772EC7E-6D2E-47D1-BFC5-7D1A3D241E39}C:\docasna_slozka\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\docasna_slozka\nwn\nwmain.exe |
"UDP Query User{8FC6E8DD-1DEE-4AC9-8987-3BFAD4E328C9}C:\docasna_slozka\nwn\nwserver.exe" = protocol=17 | dir=in | app=c:\docasna_slozka\nwn\nwserver.exe |
"UDP Query User{91D6E9A3-A05C-4FC9-A028-441D49244CF7}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{9299EA4E-3A2D-40E8-AC1D-C3AFBD52C8D5}D:\hry\c3\commandos3.exe" = protocol=17 | dir=in | app=d:\hry\c3\commandos3.exe |
"UDP Query User{9642C569-1A40-492F-B1E6-A66FA9E9450C}C:\lulz hawks\hawx_dx10.exe" = protocol=17 | dir=in | app=c:\lulz hawks\hawx_dx10.exe |
"UDP Query User{9984345C-9EF0-4F58-A9B6-CA3631044FB5}D:\hry\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=d:\hry\company of heroes\reliccoh.exe |
"UDP Query User{9DBDD78A-48FB-403E-8D5B-76F82D9FEFAA}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{9DDC5C08-BEC2-4376-B3B3-06A56EA34E65}D:\hry\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\hry\warcraft iii\war3.exe |
"UDP Query User{A049B1A6-A00D-4FFB-A5FC-6A7CEC639F23}C:\program files\webteh\bsplayer\bsplayer.exe" = protocol=17 | dir=in | app=c:\program files\webteh\bsplayer\bsplayer.exe |
"UDP Query User{A3515883-CF84-48AC-A3DA-7F056069FFB9}D:\hry\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=d:\hry\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{A957D19E-3C41-4907-BAE6-5EB5FDA332FE}C:\windows\system32\regsvr32.exe" = protocol=17 | dir=in | app=c:\windows\system32\regsvr32.exe |
"UDP Query User{A9D6D0BF-00DC-42D5-99F4-17B2F64C6696}D:\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe |
"UDP Query User{B4215B9F-5CCF-49CB-83F6-62184DEED277}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{B50AAF4E-447B-4B29-91F0-883D58F08AC3}D:\garena\garena.exe" = protocol=17 | dir=in | app=d:\garena\garena.exe |
"UDP Query User{B82D8D75-69E2-49D0-8C58-81E672DAF320}D:\hry\coh\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=d:\hry\coh\relicdownloader\relicdownloader.exe |
"UDP Query User{C8BC892E-4827-4A38-82F9-B468A9367E71}D:\ghost\ghost\ghost.exe" = protocol=17 | dir=in | app=d:\ghost\ghost\ghost.exe |
"UDP Query User{C9726126-2A66-4904-86D6-76E21029FF54}C:\docasna_slozka\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\docasna_slozka\nwn\nwmain.exe |
"UDP Query User{D344C40C-41FF-4CF0-A12A-CE5C9F386FA0}D:\hry\coh\reliccoh.exe" = protocol=17 | dir=in | app=d:\hry\coh\reliccoh.exe |
"UDP Query User{D3D4F3CB-7525-4E12-AC84-2EA1ACC0BFAE}D:\stardock games\sins of a solar empire\sins of a solar empire.exe" = protocol=17 | dir=in | app=d:\stardock games\sins of a solar empire\sins of a solar empire.exe |
"UDP Query User{D80D71B3-0F89-4B56-A0A8-7C4DF046BE03}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe |
"UDP Query User{D9C2EC9C-C2D3-4039-A0B3-D949F9E4F9A0}D:\ul\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\ul\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"UDP Query User{E31C368E-4CC5-4762-A2E6-92F928DD872E}D:\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe" = protocol=17 | dir=in | app=d:\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"UDP Query User{EC2F80F9-5168-4D0D-BC8F-CA1F327CE801}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{EEFF19ED-C448-432E-A8D8-F625CC614CEB}C:\docasna_slozka\nwn\nwserver.exe" = protocol=17 | dir=in | app=c:\docasna_slozka\nwn\nwserver.exe |
"UDP Query User{F6F505C6-044A-4B7F-B8CC-17B8E4B5DD33}C:\users\zayl\games\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\users\zayl\games\company of heroes\reliccoh.exe |
"UDP Query User{FC21F26F-8411-473A-953A-3F2B8BC1FC0C}D:\hry\coh\reliccoh.exe" = protocol=17 | dir=in | app=d:\hry\coh\reliccoh.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{00E75F61-A126-4CE1-90B8-42295052F1AC}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{0117713F-9BB5-E61B-686F-D63C156E63F6}" = Catalyst Control Center Core Implementation
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{041FE46C-4EEA-06AE-4562-00A899F5A0FB}" = CCC Help English
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.1" = Update 1.11.3.1 for "Men of War"
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{14BF164E-80A4-422E-BE43-39FB759666C2}_is1" = Avi to Mpeg 2.1
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}" = Gothic III Release Update
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1925E9-054A-4539-BA37-07551023C434}" = Microsoft SQL Server 2008 RsFx Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{223CE6B1-21C8-4BC5-8C64-5C28CF9D8F11}" = Microsoft Sync Services for ADO.NET v2.0 CTP1 Refresh (x86)
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{373C3C97-2FA9-4E18-85A2-255060C21029}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F7D7ED5-979A-4F96-AE25-DDA54B3E2D2B}" = Microsoft SQL Server 2008 Setup Support Files
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5934808D-F536-2B3F-A488-F53372854C69}" = ccc-core-static
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{610E64BA-F306-6C12-F882-F76CD244A3C2}" = Catalyst Control Center Graphics Light
"{61879398-F35C-4628-AC95-2B84B859FE93}" = nrg2iso
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68BC06A7-FC85-D463-48BE-3EBFD9747C7E}" = Catalyst Control Center HydraVision Full
"{71771315-9294-4969-A483-BB93CFE530C2}" = Microsoft SQL Server 2008 Tools
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82711153-8EA8-419F-B65F-9319E196BEBC}" = Microsoft SQL Server 2008 Browser
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DE98D27-6F65-90E4-0F46-A0FCAEEB8D5B}" = Catalyst Control Center Graphics Previews Common
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92DBA268-CB64-400C-A58C-67777E9F56AD}" = Microsoft SQL Server VSS Writer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B784E2-F4D7-38A5-E9DD-6CC093B07C58}" = Catalyst Control Center Graphics Full New
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1D14FC8-FF6E-4700-A501-BCAFD22B7D15}" = ActiveState ActivePython 2.6.4.8 (32-bit)
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A7E110EF-3B05-4CCD-3CB7-3D373325D43A}" = Catalyst Control Center InstallProxy
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B076073A-5527-4F4F-B46B-B10692277DA2}" = DisplayFusion
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM)
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer
"{BCDD3356-B5B2-9D0F-3776-8D5E28893F82}" = ccc-utility
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies(TM) Stunts & Effects
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEFE8540-CF57-485B-9994-BE9E02D29193}" = Microsoft Sync Framework Runtime v1.0 CTP1 Refresh (x86)
"{CF06DB43-2F14-EA98-AB1B-124FD65A8AEE}" = Catalyst Control Center InstallProxy
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.4
"{D2D15362-27A7-9D88-35B2-C04697E4CD94}" = Catalyst Control Center Graphics Previews Vista
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D85EE6FC-1263-3A84-CEB7-A53E97B6A835}" = ATI Catalyst Install Manager
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DDD9BB0C-C116-91D3-A45B-FA3291781BB0}" = Catalyst Control Center Graphics Full Existing
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0B8CEFA-EA9A-46DB-B2BA-800B2A198B2A}" = Microsoft SQL Server 2008 (DABAZE)
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"µTorrent CZ_is1" = µTorrent CZ 1.8.2 (build 15196)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"avast5" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BrainWave Generator" = BrainWave Generator
"Browser Defender_is1" = Browser Defender 2.0.6.11
"BS_Player Toolbar" = BS_Player Toolbar
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Comical_is1" = Comical 0.8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eurobattle.net1.24b" = Eurobattle.net
"Eurobattle.net2.0" = Eurobattle.net
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.14
"Fallout2" = Fallout2
"GameParkClient_is1" = GamePark
"Garena" = Garena
"GTK2-Runtime" = GTK2-Runtime
"Hamachi" = Hamachi 1.0.2.5
"hon" = Heroes of Newerth
"Impulse" = Impulse
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Standard)
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Express" = Microsoft SQL Server 2008 Express Edition
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Miranda IM" = Miranda IM 0.8.15
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mumble" = Mumble and Murmur
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Original War" = Original War
"PowerISO" = PowerISO
"PSPad editor_is1" = PSPad editor
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empirev1.15" = Sins of a Solar Empire
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"Warcraft III" = Warcraft III
"Willing Webcam" = Willing Webcam
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1 beta4
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"Fallout 3 - Complete DLC Pack" = Fallout 3 - Complete DLC Pack
"SmartDraw 2010" = SmartDraw 2010
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25.2.2010 6:59:53 | Computer Name = Milan-PC | Source = WinMgmt | ID = 10
Description =

Error - 25.2.2010 10:21:30 | Computer Name = Milan-PC | Source = WinMgmt | ID = 10
Description =

Error - 26.2.2010 1:57:17 | Computer Name = Milan-PC | Source = WinMgmt | ID = 10
Description =

Error - 26.2.2010 8:45:16 | Computer Name = Milan-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.2.2010 5:00:43 | Computer Name = Milan-PC | Source = WinMgmt | ID = 10
Description =

Error - 28.2.2010 4:21:46 | Computer Name = Milan-PC | Source = WinMgmt | ID = 10
Description =

Error - 28.2.2010 14:44:38 | Computer Name = Milan-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 28.2.2010 16:17:46 | Computer Name = Milan-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 28.2.2010 16:17:46 | Computer Name = Milan-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1.3.2010 1:19:53 | Computer Name = Milan-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 20.11.2009 14:44:25 | Computer Name = Milan-PC | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Proces: DefaultDomain Název objektu: Media Center
Guide

Error - 20.11.2009 14:49:25 | Computer Name = Milan-PC | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Proces: DefaultDomain Název objektu: Media Center
Guide

[ System Events ]
Error - 3.3.2010 9:03:23 | Computer Name = Milan-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 3.3.2010 9:14:17 | Computer Name = Milan-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 3.3.2010 9:14:17 | Computer Name = Milan-PC | Source = HTTP | ID = 15016
Description =

Error - 3.3.2010 9:14:58 | Computer Name = Milan-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3.3.2010 9:16:36 | Computer Name = Milan-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 3.3.2010 10:46:54 | Computer Name = Milan-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 3.3.2010 10:47:00 | Computer Name = Milan-PC | Source = HTTP | ID = 15016
Description =

Error - 3.3.2010 10:47:04 | Computer Name = Milan-PC | Source = Print | ID = 19
Description = Nasdílení tiskárny Send To OneNote 2007 s názvem sdíleného prostředku
Send To OneNote 2007 se pomocí služby zařazování tisku nezdařilo. Chyba 2114. Danou
tiskárnu nemohou používat další uživatelé v síti.

Error - 3.3.2010 10:48:31 | Computer Name = Milan-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3.3.2010 10:49:53 | Computer Name = Milan-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

< End of report >

Zayl · #7 Příspěvek od **Zayl** » 03 bře 2010 21:01

Gmer log 1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-03 20:09:19
Windows 6.0.6001 Service Pack 3
Running: gmer.exe; Driver: C:\Users\Zayl\AppData\Local\Temp\awlcypow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Gmer log 2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-03 20:59:29
Windows 6.0.6001 Service Pack 3
Running: gmer.exe; Driver: C:\Users\Zayl\AppData\Local\Temp\awlcypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8977DCDC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8977DECE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8977D982]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8977E0D6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 43C 81F07B00 8 Bytes [DC, DC, 77, 89, CE, DE, 77, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81F07F18 4 Bytes [82, D9, 77, 89]
.text ntkrnlpa.exe!KeSetTimerEx + 918 81F07FDC 4 Bytes [D6, E0, 77, 89]
.text bridge.sys 89BE0462 519 Bytes [8B, FF, 55, 8B, EC, 81, EC, ...]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x37 0x21 0xCD 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0x9E 0xB1 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAF 0x7E 0x28 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0xB9 0x14 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x4B 0x32 0xB9 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x99 0x24 0x12 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x95 0x17 0xCB 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFE 0xCD 0xF8 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x37 0x21 0xCD 0x64 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0x9E 0xB1 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAF 0x7E 0x28 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0xB9 0x14 0xD5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x4B 0x32 0xB9 0xF8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x99 0x24 0x12 0x0B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x95 0x17 0xCB 0x6A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFE 0xCD 0xF8 0xA8 ...

---- EOF - GMER 1.0.15 ----

#8 Příspěvek od **motji** » 03 bře 2010 21:05

Dejte mi chvilku na ty logy

#9 Příspěvek od **motji** » 03 bře 2010 21:33

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=FUJD
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKU\.DEFAULT..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O33 - MountPoints2\{4190f326-41f0-11de-90ab-001f1616280e}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{54ed169f-8698-11de-9146-001f1616280e}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{54ed169f-8698-11de-9146-001f1616280e}\Shell\setup\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{a1e9ff7b-3a54-11de-a987-001f1616280e}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{a1e9ff7c-3a54-11de-a987-001f1616280e}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
O33 - MountPoints2\{f93b6630-a53e-11de-9358-001f1616280e}\Shell\AutoRun\command - "" = H:\CDCheck.exe -- File not found
O33 - MountPoints2\{f93b6631-a53e-11de-9358-001f1616280e}\Shell\AutoRun\command - "" = I:\CDCheck.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AutoRun.exe -- File not found
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

:files
c:\windows\Tasks\SDMsgUpdate (TE).job
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

:COMMANDS
[resethosts]
[Reboot]

-klikněte na tlačítko Run fix.
-Následně se pc restartuje.
- Log vložte zde

Otestujte na http://www.virustotal.com
C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

Zazálohujte si důležitá data, pro jistotu

Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Zayl · #10 Příspěvek od **Zayl** » 03 bře 2010 22:23

Omlouvám se za spoždění ale rozhodnul se stávkovat i můj provider

Zde vkládám log z combofixu

ComboFix 10-03-03.03 - Zayl 03.03.2010 21:57:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.3.1250.420.1029.18.2813.1769 [GMT 1:00]
Spuštěný z: c:\users\Zayl\Desktop\Potvora.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2715309581-2664886393-2996193234-500
c:\windows\system32\BReWErS.dll
c:\windows\system32\drivers\FSC__PI__AMILO Pa 3515 __ _P1 __Ver 1.00PARTTBL_FSC - 6040000_V1.13 __ATI Radeon HD 3200 Graphics .MRK

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 21:07 . 2010-03-03 21:08 -------- d-----w- c:\users\Zayl\AppData\Local\temp
2010-03-03 21:07 . 2010-03-03 21:07 -------- d-----w- c:\users\Milan\AppData\Local\temp
2010-03-03 21:07 . 2010-03-03 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-03 20:40 . 2010-03-03 20:40 -------- d-----w- C:\_OTL
2010-03-03 14:48 . 2010-03-03 14:48 -------- d-----w- c:\program files\trend micro
2010-03-03 13:51 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-03 13:50 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-03 13:50 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-03 13:50 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-03 13:50 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-03-03 13:50 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-03 13:50 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-03 13:50 . 2010-03-03 13:50 -------- d-----w- c:\programdata\Alwil Software
2010-03-01 16:47 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-01 16:47 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-01 16:47 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-03-01 16:47 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-01 16:47 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-01 16:47 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-03-01 16:45 . 2010-02-05 08:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-03-01 16:45 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-01 16:45 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-01 16:45 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-01 16:45 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-01 16:45 . 2010-03-01 16:47 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-01 16:45 . 2010-03-03 20:53 -------- d-----w- c:\program files\Spyware Doctor
2010-03-01 16:45 . 2010-03-01 16:45 -------- d-----w- c:\users\Zayl\AppData\Roaming\PC Tools
2010-03-01 16:45 . 2010-03-01 16:45 -------- d-----w- c:\programdata\PC Tools
2010-03-01 15:54 . 2010-03-01 15:54 -------- d-----w- C:\rsit
2010-03-01 15:19 . 2010-03-01 15:19 -------- d---a-w- c:\windows\system32\runouce.exe
2010-03-01 15:18 . 2010-03-01 15:18 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-03-01 15:18 . 2010-03-01 15:18 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-03-01 15:18 . 2010-03-01 15:18 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-03-01 15:18 . 2010-03-01 15:18 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-03-01 15:17 . 2010-03-01 15:18 -------- d-----w- c:\programdata\MicroWorld
2010-02-27 22:15 . 2010-02-27 22:15 -------- d-----w- c:\programdata\InstallShield
2010-02-24 12:51 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 12:51 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 12:51 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 12:51 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 12:51 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 12:51 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 12:51 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 12:51 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 12:51 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 12:51 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-20 11:29 . 2010-03-01 20:15 -------- d-----w- c:\users\Zayl\AppData\Roaming\Mumble
2010-02-20 10:15 . 2010-02-20 10:15 -------- d-----w- c:\program files\Mumble
2010-02-20 09:12 . 2010-02-20 09:12 -------- d-----w- c:\programdata\FLEXnet
2010-02-20 09:00 . 2010-02-20 09:00 -------- d-----w- c:\program files\Adobe Media Player
2010-02-20 08:56 . 2010-02-20 08:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-20 08:52 . 2010-02-20 08:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-02-19 22:08 . 2010-02-20 11:16 -------- d-----w- c:\users\Zayl\AppData\Roaming\Bioshock2
2010-02-19 21:56 . 2010-02-19 21:56 -------- d-sh--w- c:\programdata\SecuROM
2010-02-19 21:52 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-19 21:52 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-19 21:52 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-19 21:52 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-19 20:39 . 2010-02-26 12:50 -------- d-----w- c:\program files\Heroes of Newerth
2010-02-13 14:28 . 2010-02-13 14:28 -------- d-----w- c:\users\Milan\AppData\Local\World in Conflict
2010-02-10 21:24 . 2010-02-11 18:01 -------- d-----w- c:\users\Zayl\AppData\Roaming\TS3Client
2010-02-10 21:23 . 2010-02-10 21:23 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-02-10 18:27 . 2010-02-10 18:27 -------- d-----w- c:\program files\Ventrilo
2010-02-10 12:10 . 2010-02-10 12:10 -------- d-----w- c:\users\Zayl\AppData\Local\CCP
2010-02-10 11:30 . 2010-02-21 22:04 -------- d-----w- c:\users\Zayl\AppData\Roaming\EVEMon
2010-02-10 11:30 . 2010-02-10 11:30 -------- d-----w- c:\program files\EVEMon
2010-02-10 11:06 . 2010-02-10 11:06 -------- d-----w- c:\programdata\CCP
2010-02-03 12:36 . 2010-02-03 12:36 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 20:51 . 2009-05-06 11:45 -------- d-----w- c:\users\Zayl\AppData\Roaming\uTorrent
2010-03-03 20:40 . 2009-05-08 19:45 -------- d-----w- c:\program files\BS_Player
2010-03-03 20:40 . 2008-10-23 21:28 -------- d-----w- c:\program files\Launch Manager
2010-03-02 18:32 . 2009-05-08 19:45 -------- d-----w- c:\users\Zayl\AppData\Roaming\BSplayer
2010-03-01 15:39 . 2009-10-08 11:57 -------- d-----w- c:\programdata\Lavasoft
2010-02-27 22:16 . 2008-10-23 21:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 22:15 . 2008-10-23 21:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-26 05:56 . 2009-05-06 11:45 -------- d-----w- c:\program files\uTorrent
2010-02-25 21:50 . 2009-05-08 18:34 101232 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-25 21:50 . 2009-05-05 12:11 8224 ----a-w- c:\users\Milan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 05:52 . 2009-05-05 20:33 101232 ----a-w- c:\users\Zayl\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 22:13 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 09:01 . 2009-05-05 11:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-19 21:38 . 2009-05-05 20:48 -------- d-----w- c:\users\Zayl\AppData\Roaming\Winamp
2010-02-11 06:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 18:31 . 2009-05-31 10:40 -------- d-----w- c:\users\Zayl\AppData\Roaming\Ventrilo
2010-02-10 18:27 . 2009-05-31 10:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-08 13:39 . 2010-01-21 12:25 -------- d-----w- c:\users\Zayl\AppData\Roaming\IrfanView
2010-02-03 15:13 . 2009-07-04 11:17 -------- d-----w- c:\users\Zayl\AppData\Roaming\Hamachi
2010-01-29 17:08 . 2010-01-29 17:08 -------- d-----w- c:\users\Zayl\AppData\Roaming\Notepad++
2010-01-29 17:08 . 2010-01-29 17:08 -------- d-----w- c:\program files\Notepad++
2010-01-26 16:12 . 2009-07-06 07:42 -------- d-----w- c:\program files\Common Files\BioWare
2010-01-25 09:56 . 2009-05-15 17:18 -------- d-----w- c:\programdata\Media Center Programs
2010-01-24 19:20 . 2009-10-31 21:26 -------- d-----w- c:\program files\WC3Banlist
2010-01-24 19:10 . 2009-07-22 09:39 -------- d-----w- c:\users\Zayl\AppData\Roaming\HLSW
2010-01-24 19:04 . 2009-10-24 20:18 -------- d-----w- c:\program files\Gnaural
2010-01-24 19:04 . 2009-05-05 11:57 -------- d-----w- c:\program files\Fujitsu Siemens Computers
2010-01-21 19:15 . 2010-01-21 16:59 -------- d-----w- c:\program files\SmartDraw 2010
2010-01-21 19:12 . 2010-01-21 19:12 -------- d-----w- c:\program files\FreeMind
2010-01-21 17:00 . 2010-01-21 17:00 -------- d-----w- c:\users\Zayl\AppData\Roaming\SmartDraw
2010-01-21 16:12 . 2010-01-30 09:24 52224 ----a-w- c:\users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
2010-01-21 16:12 . 2010-01-30 09:24 101376 ----a-w- c:\users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
2010-01-21 12:25 . 2010-01-21 12:25 -------- d-----w- c:\program files\IrfanView
2010-01-20 15:21 . 2009-05-08 09:16 -------- d-----w- c:\programdata\Microsoft Help
2010-01-18 09:54 . 2010-01-18 09:54 -------- d-----w- c:\program files\NirSoft
2010-01-13 17:03 . 2010-01-13 15:59 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-01-13 17:00 . 2009-05-08 09:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-13 16:27 . 2010-01-13 16:27 112640 ----a-w- c:\programdata\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2010-01-13 16:27 . 2010-01-13 16:01 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-01-13 16:02 . 2010-01-13 16:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-01-13 16:02 . 2010-01-13 16:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-13 16:01 . 2010-01-13 16:01 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2010-01-13 15:58 . 2010-01-13 15:58 -------- d-----w- c:\program files\Microsoft SDKs
2010-01-12 17:07 . 2008-04-14 13:47 720720 ----a-w- c:\windows\system32\perfh005.dat
2010-01-12 17:07 . 2008-04-14 13:47 161766 ----a-w- c:\windows\system32\perfc005.dat
2010-01-12 17:06 . 2010-01-12 17:06 -------- d-----w- c:\program files\Avi to Mpeg
2010-01-07 12:57 . 2010-01-07 12:57 -------- d-----w- c:\program files\Black Isle
2010-01-06 20:12 . 2009-08-20 15:52 -------- d-----w- c:\program files\DOSBox-0.72
2010-01-06 19:50 . 2010-01-06 19:50 -------- d-----w- c:\program files\DOSBox-0.73
2009-12-30 15:46 . 2009-07-24 23:02 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-30 15:46 . 2009-07-22 11:20 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-28 12:35 . 2010-02-10 06:24 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 06:24 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 06:24 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 06:24 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 06:24 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 06:24 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 06:24 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 06:24 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 06:24 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 06:24 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-18 13:05 . 2010-01-21 21:44 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-21 21:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-21 21:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 07:10 . 2009-12-18 07:10 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-11 12:07 . 2010-02-10 06:24 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 06:24 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-10 13:44 . 2009-12-10 13:44 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-10 13:44 . 2009-12-10 13:44 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-08 20:52 . 2010-02-10 06:24 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 06:24 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 06:24 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 16:12 . 2010-02-10 06:24 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 06:24 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-02-25 319280]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2009-05-30 768688]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-05-23 192512]
"WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-04 258048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"avast5"="d:\avast\avastUI.exe" [2010-02-11 2756488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-28 19:41 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-686728410-4016434104-3882101393-1001]
"EnableNotificationsRef"=dword:00000001

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [1.3.2010 17:45 207280]
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [3.3.2010 14:50 162512]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [14.8.2009 3:15 172032]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [3.3.2010 14:51 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [3.3.2010 14:50 51792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1.3.2010 17:47 112592]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [25.11.2008 5:31 29263712]
R2 MSSQL$DABAZE;SQL Server (DABAZE);c:\program files\Microsoft SQL Server\MSSQL10.DABAZE\MSSQL\Binn\sqlservr.exe [8.2.2008 7:33 38510616]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [23.10.2008 22:26 84240]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age\bin_ship\daupdatersvc.service.exe [6.11.2009 23:16 25832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [22.5.2008 0:57 34576]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe [8.5.2009 19:03 98488]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1.3.2010 17:45 365280]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [23.10.2008 22:28 118784]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [8.2.2008 7:33 43544]
S4 RsFx0101;RsFx0101 Driver;c:\windows\System32\drivers\RsFx0101.sys [8.2.2008 7:27 239128]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - PCTSDInjDriver32
.
Obsah adresáře 'Naplánované úlohy'

2010-03-02 c:\windows\Tasks\User_Feed_Synchronization-{5AFFE2BC-8763-471D-9476-460F5AE1B7B9}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
Toolbar-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 22:08
Windows 6.0.6001 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Zayl\AppData\Local\Temp\JNLEF7F.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-686728410-4016434104-3882101393-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9e,eb,5e,50,e9,46,55,16,05,7b,15,e4,db,5e,a1,f2,f1,3e,8c,6b,1b,7b,c3,
90,60,f4,d4,30,fc,48,b0,63,95,5a,d1,8a,7f,ea,19,8b,d1,a3,48,a0,ba,be,67,ad,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-686728410-4016434104-3882101393-1001\Software\SecuROM\License information*]
"datasecu"=hex:e3,e5,83,8c,ff,47,dc,42,41,f7,af,b1,49,85,56,7c,7d,34,a4,f8,1b,
fb,d2,f6,a3,c6,1d,87,fc,bd,53,ea,4c,bc,8a,c4,0a,37,81,65,1c,01,05,b5,c8,68,\
"rkeysecu"=hex:40,bf,ae,4c,21,c4,e9,00,18,e2,c1,1f,03,94,95,22
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-03-03 22:11:34
ComboFix-quarantined-files.txt 2010-03-03 21:11

Před spuštěním: Volných bajtů: 13 853 085 696
Po spuštění: Volných bajtů: 13 859 164 160

- - End Of File - - 82EC0B6BC10E7BF9ED16121021A8A72D

Vámi doporuceny fix skrz OTL jsem provedl, zadny log na me po restartu nevyskocil (mozna zavineno tim ze se okamzite po fixu PC nahle restartovalo a po znovunabehnuti uz byl log pryc)
Mam tedy provest novy sken s OTL?

Edit: abych nezapomel zmineny file jsem otestoval pres internet a vysledek byl 0.

#11 Příspěvek od **motji** » 03 bře 2010 22:32

Ano, Otl spustte se skriptem

Garenu používáte?

Jak to ted vypadá s počítačem?

Zayl · #12 Příspěvek od **Zayl** » 03 bře 2010 22:39

Spuštěno, výsledek scanu dodám co nejdříve.

Garenu aktuálně nepoužívám, ale dříve jsem ji užíval jako způsob propojení s ostatními hráči, měla by tedy být neškodná.

Stav systému se zlepšil minimálně natolik že na mě nevyskakuje oblíbené BSoD

, zdá se že je vše opět rychlejší, raději ale budu ještě chvíli sledovat systémové prostředky.

Edit: Jen ať se chápeme a neztrácíme čas, scan v OTL mám spustit se scriptem z Vašeho prvního doporučení, nebo s tím druhým?

#13 Příspěvek od **motji** » 03 bře 2010 22:43

S tím druhým skriptem

Zayl · #14 Příspěvek od **Zayl** » 03 bře 2010 22:45

Tak jsem to tedy trefil

, Scan spusteny s druhym scriptem vyplivnul:

Log OTL

OTL logfile created on: 3.3.2010 22:36:00 - Run 3
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Zayl\Desktop
Windows Vista Home Premium Edition Service Pack 3 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 12,95 Gb Free Space | 13,76% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 25,09 Gb Free Space | 12,86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MILAN-PC
Current User Name: Zayl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
PRC - [2010.02.19 06:58:43 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.02.11 19:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- D:\avast\AvastUI.exe
PRC - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\avast\AvastSvc.exe
PRC - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.08.14 03:15:56 | 000,356,352 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.14 03:15:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.30 20:15:46 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009.07.30 20:15:44 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009.07.27 03:37:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009.05.30 11:09:41 | 000,768,688 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2008.11.25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.13 12:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.29 10:36:46 | 000,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008.04.25 13:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.03.08 00:58:00 | 000,208,896 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisKeyState.exe
PRC - [2008.03.04 01:30:20 | 000,258,048 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2008.02.08 07:33:34 | 000,091,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.02.08 07:33:30 | 038,510,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.DABAZE\MSSQL\Binn\sqlservr.exe
PRC - [2008.01.21 03:24:37 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 03:23:52 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:23:32 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007.08.17 13:40:30 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2004.06.16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

========== Modules (SafeList) ==========

MOD - [2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
MOD - [2009.05.20 20:33:04 | 000,047,792 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusionHookx86.dll
MOD - [2008.01.21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.02.20 09:52:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- D:\avast\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- D:\avast\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.08.14 03:15:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.04.22 22:45:34 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.11.25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2008.11.25 05:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.06.20 02:14:31 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.22 00:57:50 | 000,092,792 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008.04.29 10:36:46 | 000,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2008.04.25 13:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.02.28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.02.08 07:33:34 | 000,091,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.02.08 07:33:30 | 038,510,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.DABAZE\MSSQL\Binn\sqlservr.exe -- (MSSQL$DABAZE) SQL Server (DABAZE)
SRV - [2008.02.08 07:33:26 | 000,246,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.02.08 07:33:26 | 000,043,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.15 23:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.11.02 13:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006.10.26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV - [2010.02.11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.02.11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.02.11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.02.11 19:38:45 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.02.11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.02.03 13:36:22 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009.08.14 05:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.08.12 11:20:53 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.08.12 11:20:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.07.27 03:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.05.06 16:42:08 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys.14082952 -- (sptd)
DRV - [2009.04.12 22:51:26 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008.06.13 16:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.05.22 00:57:38 | 000,034,576 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2008.04.28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.04.11 16:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.04.03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008.03.18 23:00:00 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.02.14 13:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.02.08 07:27:36 | 000,239,128 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0101.sys -- (RsFx0101)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:27 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.08.17 14:12:28 | 000,190,512 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006.11.01 14:42:14 | 000,033,280 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2003.04.28 19:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\S-1-5-21-686728410-4016434104-3882101393-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.4.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.19 06:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.19 06:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009.05.05 21:41:21 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Extensions
[2010.03.03 20:16:18 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions
[2009.08.02 10:25:59 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.02.28 19:44:38 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.01.19 09:42:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.19 09:42:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.30 10:24:43 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010.01.30 10:24:49 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\foxmarks@kei.com
[2010.03.03 20:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.23 10:05:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.23 10:05:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.23 10:05:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.23 10:05:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.23 10:05:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.03.03 21:49:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] D:\avast\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.)
O4 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001..\Run: [uTorrent] C:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zayl\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zayl\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.03 22:11:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.03.03 22:11:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.03.03 22:11:36 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Local\temp
[2010.03.03 21:56:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.03.03 21:56:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.03.03 21:56:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.03.03 21:56:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.03.03 21:56:01 | 000,000,000 | ---D | C] -- C:\Potvora
[2010.03.03 21:55:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.03.03 21:55:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.03.03 21:40:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.03.03 19:22:13 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
[2010.03.03 15:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.03.03 14:51:00 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.03.03 14:50:59 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.03.03 14:50:58 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.03.03 14:50:58 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.03.03 14:50:56 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.03.03 14:50:30 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.03.03 14:50:30 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.03.03 14:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.03.01 17:47:23 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.03.01 17:47:23 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.03.01 17:47:23 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.03.01 17:45:21 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.03.01 17:45:21 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.03.01 17:45:16 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.03.01 17:45:16 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.03.01 17:45:11 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.03.01 17:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\PC Tools
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.03.01 16:54:27 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.01 16:19:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\runouce.exe
[2010.03.01 16:18:07 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010.03.01 16:18:06 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010.03.01 16:18:05 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2010.03.01 16:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010.03.01 16:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010.02.27 23:23:25 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\gothic3
[2010.02.27 23:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010.02.27 23:15:14 | 000,073,728 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\System32\ISUSPM.cpl
[2010.02.27 20:51:50 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\progs
[2010.02.27 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\isos
[2010.02.27 20:45:11 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\skola
[2010.02.27 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\txt
[2010.02.27 20:42:21 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\images
[2010.02.24 13:51:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.02.24 13:51:01 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.02.24 13:51:01 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.02.24 13:51:01 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.02.24 13:51:01 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.02.24 13:51:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.02.24 13:51:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.02.24 13:51:00 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.02.24 13:51:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.02.24 13:51:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.02.20 12:29:56 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\Mumble
[2010.02.20 11:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2010.02.20 10:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.02.20 10:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010.02.20 09:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.02.20 09:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.02.19 23:08:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.02.19 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\Bioshock2
[2010.02.19 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\Bioshock2
[2010.02.19 22:56:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.02.19 22:52:03 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.02.19 22:52:03 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.02.19 22:52:03 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.02.19 22:52:03 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.02.19 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\Heroes of Newerth
[2010.02.19 21:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2010.02.12 18:10:06 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\DAModder
[2010.02.10 22:24:04 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\TS3Client
[2010.02.10 22:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010.02.10 19:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010.02.10 13:10:14 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\EVE
[2010.02.10 13:10:05 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Local\CCP
[2010.02.10 12:30:08 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\EVEMon
[2010.02.10 12:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\EVEMon
[2010.02.10 12:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CCP
[2010.02.10 07:24:21 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.02.10 07:24:21 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.02.10 07:24:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.02.10 07:24:14 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.02.10 07:24:14 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.02.10 07:24:14 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.02.10 07:24:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.02.06 23:31:43 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\trash
[2010.02.03 13:36:22 | 000,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.03 22:35:26 | 004,194,304 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT
[2010.03.03 22:29:07 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5AFFE2BC-8763-471D-9476-460F5AE1B7B9}.job
[2010.03.03 22:08:11 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.03.03 21:51:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.03 21:51:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.03 21:51:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.03 21:50:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.03 21:50:10 | 000,524,288 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.03.03 21:50:10 | 000,065,536 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.03.03 21:49:54 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.03.03 21:47:46 | 004,118,254 | R--- | M] () -- C:\Users\Zayl\Desktop\Potvora.exe
[2010.03.03 20:04:43 | 259,877,514 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
[2010.03.03 19:19:53 | 000,001,710 | ---- | M] () -- C:\Users\Zayl\Desktop\CCleaner.lnk
[2010.03.03 17:57:36 | 000,012,444 | ---- | M] () -- C:\Users\Zayl\Desktop\Milion a jeden hlas.docx
[2010.03.03 17:34:20 | 000,170,119 | ---- | M] () -- C:\Users\Zayl\Desktop\1267618076435.jpg
[2010.03.03 14:51:01 | 000,000,554 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.03.03 14:50:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.03.02 20:26:35 | 001,515,664 | ---- | M] () -- C:\Users\Zayl\Desktop\sapkowski-saga-1-krev-elfu.pdf
[2010.03.02 20:09:32 | 000,252,926 | ---- | M] () -- C:\Users\Zayl\Desktop\1267543246306.jpg
[2010.03.01 17:45:15 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.03.01 16:18:06 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010.03.01 16:18:05 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010.03.01 16:18:04 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2010.02.25 22:50:23 | 000,101,232 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010.02.25 06:52:42 | 000,101,232 | ---- | M] () -- C:\Users\Zayl\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.25 06:51:22 | 002,305,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.02.22 21:56:02 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.02.20 12:30:26 | 000,002,378 | ---- | M] () -- C:\Users\Zayl\Documents\MumbleAutomaticCertificateBackup.p12
[2010.02.20 11:15:29 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.02.19 21:39:57 | 000,001,750 | ---- | M] () -- C:\Users\Zayl\Desktop\Heroes of Newerth.lnk
[2010.02.11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.02.11 19:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.02.11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.02.11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.02.11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.02.11 19:38:45 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.02.11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.02.10 19:27:51 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.02.05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.02.05 09:18:02 | 000,100,136 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.02.05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.02.04 10:01:14 | 000,528,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.02.04 10:01:14 | 000,238,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.02.04 10:01:14 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.02.04 10:01:14 | 000,022,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.02.03 13:36:22 | 000,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.03 21:56:10 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.03.03 21:56:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.03.03 21:56:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.03.03 21:56:10 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.03.03 21:56:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.03.03 21:46:45 | 004,118,254 | R--- | C] () -- C:\Users\Zayl\Desktop\Potvora.exe
[2010.03.03 19:43:59 | 259,877,514 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.03.03 19:25:31 | 000,293,376 | ---- | C] () -- C:\Users\Zayl\Desktop\gmer.exe
[2010.03.03 17:34:19 | 000,170,119 | ---- | C] () -- C:\Users\Zayl\Desktop\1267618076435.jpg
[2010.03.03 14:51:01 | 000,000,554 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.03.02 22:16:02 | 000,012,444 | ---- | C] () -- C:\Users\Zayl\Desktop\Milion a jeden hlas.docx
[2010.03.02 20:26:35 | 001,515,664 | ---- | C] () -- C:\Users\Zayl\Desktop\sapkowski-saga-1-krev-elfu.pdf
[2010.03.02 20:09:31 | 000,252,926 | ---- | C] () -- C:\Users\Zayl\Desktop\1267543246306.jpg
[2010.03.01 17:47:23 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.03.01 17:47:23 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.03.01 17:47:23 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.03.01 17:47:23 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.03.01 17:47:23 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.03.01 17:45:21 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.03.01 17:45:16 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.03.01 17:45:16 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.03.01 17:45:15 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.03.01 17:45:11 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.03.01 16:18:05 | 000,000,522 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest
[2010.02.20 12:30:26 | 000,002,378 | ---- | C] () -- C:\Users\Zayl\Documents\MumbleAutomaticCertificateBackup.p12
[2010.02.20 11:15:29 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.02.19 21:39:57 | 000,001,750 | ---- | C] () -- C:\Users\Zayl\Desktop\Heroes of Newerth.lnk
[2010.02.10 19:27:48 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.12.24 13:18:49 | 000,000,319 | ---- | C] () -- C:\Windows\CoDUO.INI
[2009.12.23 10:00:09 | 000,000,709 | ---- | C] () -- C:\Windows\CoD.INI
[2009.11.27 17:19:12 | 000,000,092 | ---- | C] () -- C:\Users\Zayl\AppData\Local\fusioncache.dat
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.11.03 14:04:22 | 000,353,792 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009.11.03 14:04:22 | 000,107,520 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2009.11.01 14:00:47 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.10.29 16:04:16 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.10.29 16:04:16 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.09.24 13:32:26 | 000,000,635 | ---- | C] () -- C:\Windows\Sta2.INI
[2009.08.30 15:06:21 | 000,144,384 | ---- | C] () -- C:\Windows\System32\miccyhook.dll
[2009.07.25 00:02:10 | 000,138,376 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.19 19:52:27 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.06.19 19:52:27 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.06.19 19:46:58 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.05.17 20:18:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.05.08 19:03:43 | 010,059,776 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009.05.06 13:46:53 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.05.06 13:44:11 | 000,008,192 | ---- | C] () -- C:\Users\Zayl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.06 12:22:15 | 000,000,185 | ---- | C] () -- C:\Users\Zayl\AppData\Local\RAExpertHistory.xml
[2008.10.23 22:28:12 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.10.23 22:27:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.22 00:56:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008.04.25 13:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\NSREG.DLL

========== Custom Scans ==========

< :OTL >

< PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) >

< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=FUJD >
Invalid Switch: redirectdomain ... &bmod=FUJD

< IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll (Conduit Ltd.) >

< O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe () >

< O4 - HKU\.DEFAULT..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found >

< O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found >

< O33 - MountPoints2\{4190f326-41f0-11de-90ab-001f1616280e}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found >

< O33 - MountPoints2\{54ed169f-8698-11de-9146-001f1616280e}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found >

< O33 - MountPoints2\{54ed169f-8698-11de-9146-001f1616280e}\Shell\setup\command - "" = F:\setup.exe -- File not found >

< O33 - MountPoints2\{a1e9ff7b-3a54-11de-a987-001f1616280e}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found >

< O33 - MountPoints2\{a1e9ff7c-3a54-11de-a987-001f1616280e}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found >

< O33 - MountPoints2\{f93b6630-a53e-11de-9358-001f1616280e}\Shell\AutoRun\command - "" = H:\CDCheck.exe -- File not found >

< O33 - MountPoints2\{f93b6631-a53e-11de-9358-001f1616280e}\Shell\AutoRun\command - "" = I:\CDCheck.exe -- File not found >

< O33 - MountPoints2\L\Shell - "" = AutoRun >

< O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AutoRun.exe -- File not found >

< @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DFC5A2B2 >

< @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF >

< @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 >

< >

< :files >

< c:\windows\Tasks\SDMsgUpdate (TE).job >

< C:\WINDOWS\system32\*.tmp.dll /s >

< C:\WINDOWS\system32\SET*.tmp /s >

< C:\WINDOWS\*.tmp /s >

< >

< :reg >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] >

< >

< :COMMANDS >

< [resethosts] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

#15 Příspěvek od **motji** » 03 bře 2010 22:48

Zítra Vám napíšu ještě jeden skript, zatím zjistěte, jak to vypadá s počítačem

VIRY.CZ

Neznámá infekce, prosím o kontrolu.

Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.

Re: Neznámá infekce, prosím o kontrolu.