prosím o kontrolu

Zpráva

Geneiken · #1 Příspěvek od **Geneiken** » 27 dub 2010 19:13

posledni dobou se to laguje u veci na ktery to ma dostatecne vnitrnosti prosim o kontrolu dekuji

Logfile of random's system information tool 1.06 (written by random/random)
Run by NB at 2010-04-27 20:05:49
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 14 GB (19%) free of 71 GB
Total RAM: 1790 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:31, on 27.4.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Valve\Steam.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\NB\Downloads\RSIT.exe
C:\Program Files\trend micro\NB.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.forex-finance-trading.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.forex-finance-trading.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forex-finance-trading.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RGSC] D:\Valve\SteamApps\common\grand theft auto iv\RGSC\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Registration Assassin.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 6907 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{754A4407-6A9B-4CEE-979E-018E7DBA2EB0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-08 41368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-01-20 200704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-08 148888]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"QuickTime Task"=C:\Program Files\VistaCodecPack\QT\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"RGSC"=D:\Valve\SteamApps\common\grand theft auto iv\RGSC\RGSCLauncher.exe /silent []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"PlayNC Launcher"= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Registration Assassin.LNK - C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ee99209-2345-11de-bd73-d5f28b284985}]
shell\AutoRun\command - uxkktr.cmd
shell\explore\command - uxkktr.cmd
shell\open\command - uxkktr.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47a7f8a-5844-11de-82cb-001d72d03531}]
shell\AutoRun\command - G:\SETUP.EXE
shell\configure\command - G:\SETUP.EXE
shell\install\command - G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebd63699-a12a-11de-9fc5-001d72d03531}]
shell\AutoRun\command - I:\USBAutoRun.exe

======List of files/folders created in the last 1 months======

2010-04-27 20:05:52 ----D---- C:\Program Files\trend micro
2010-04-27 19:17:57 ----D---- C:\Users\NB\AppData\Roaming\ESET
2010-04-27 19:14:42 ----D---- C:\ProgramData\ESET
2010-04-27 19:14:42 ----D---- C:\Program Files\ESET
2010-04-25 20:56:13 ----D---- C:\Program Files\NCSoft
2010-04-25 20:54:24 ----D---- C:\Users\NB\AppData\Roaming\InstallShield
2010-04-22 19:29:59 ----D---- C:\Program Files\WinSCP
2010-04-15 14:41:47 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-15 14:37:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-15 14:37:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-15 14:37:14 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 20:29:03 ----A---- C:\Windows\system32\msonpmon.dll
2010-04-14 20:20:13 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-04-14 20:03:36 ----D---- C:\ProgramData\McAfee Security Scan
2010-04-14 20:03:32 ----D---- C:\Program Files\McAfee Security Scan
2010-04-14 09:53:05 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 09:53:03 ----A---- C:\Windows\system32\cabview.dll
2010-04-13 11:24:45 ----A---- C:\Windows\system32\browserchoice.exe
2010-04-08 14:51:04 ----HD---- C:\ProgramData\CanonBJ
2010-04-01 23:16:42 ----D---- C:\ProgramData\DivX
2010-03-31 12:11:53 ----A---- C:\Windows\system32\occache.dll
2010-03-31 12:11:53 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 12:11:51 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 12:11:51 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 12:11:50 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 12:11:49 ----A---- C:\Windows\system32\ieapfltr.dll
2010-03-31 12:11:48 ----A---- C:\Windows\system32\mshtmled.dll
2010-03-31 12:11:48 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 12:11:47 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 12:11:47 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 12:11:47 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 12:11:46 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 12:11:46 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 12:11:46 ----A---- C:\Windows\system32\ieencode.dll
2010-03-31 12:11:46 ----A---- C:\Windows\system32\ieaksie.dll
2010-03-31 12:11:45 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2010-04-27 20:07:32 ----D---- C:\Windows\Temp
2010-04-27 20:06:20 ----D---- C:\Windows\Prefetch
2010-04-27 20:05:52 ----RD---- C:\Program Files
2010-04-27 19:28:26 ----D---- C:\Program Files\Common Files\Steam
2010-04-27 19:28:24 ----D---- C:\Windows
2010-04-27 19:17:41 ----SHD---- C:\Windows\Installer
2010-04-27 19:17:18 ----D---- C:\Windows\system32\drivers
2010-04-27 19:16:46 ----D---- C:\Windows\system32\catroot
2010-04-27 19:16:45 ----D---- C:\Windows\inf
2010-04-27 19:14:42 ----HD---- C:\ProgramData
2010-04-27 19:12:10 ----SHD---- C:\System Volume Information
2010-04-26 15:05:14 ----D---- C:\Users\NB\AppData\Roaming\GetRightToGo
2010-04-25 22:18:39 ----D---- C:\Program Files\Warcraft III
2010-04-25 21:51:24 ----D---- C:\Users\NB\AppData\Roaming\Skype
2010-04-25 21:26:14 ----D---- C:\Program Files\Garena
2010-04-25 21:16:24 ----D---- C:\Users\NB\AppData\Roaming\skypePM
2010-04-25 20:56:12 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-22 18:32:21 ----D---- C:\Users\NB\AppData\Roaming\gtk-2.0
2010-04-19 22:27:36 ----D---- C:\Program Files\Mozilla Firefox
2010-04-19 07:32:06 ----D---- C:\ProgramData\Microsoft Help
2010-04-19 07:26:16 ----RSD---- C:\Windows\assembly
2010-04-18 11:16:44 ----D---- C:\Users\NB\AppData\Roaming\ICQ
2010-04-18 00:49:00 ----D---- C:\Windows\winsxs
2010-04-17 12:09:44 ----D---- C:\Windows\System32
2010-04-17 12:09:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-16 09:44:09 ----D---- C:\Windows\system32\catroot2
2010-04-16 09:41:26 ----D---- C:\Program Files\Windows Mail
2010-04-14 20:25:46 ----D---- C:\Program Files\Common Files\microsoft shared
2010-04-14 20:25:37 ----D---- C:\Program Files\MSBuild
2010-04-14 20:23:45 ----SD---- C:\ProgramData\Microsoft
2010-04-14 20:03:36 ----D---- C:\ProgramData\McAfee
2010-04-06 23:28:41 ----D---- C:\Users\NB\AppData\Roaming\uTorrent
2010-04-06 19:52:54 ----A---- C:\Windows\system32\mrt.exe
2010-04-01 11:03:53 ----D---- C:\Program Files\Internet Explorer
2010-03-31 15:13:35 ----D---- C:\Program Files\JDownloader
2010-03-30 08:33:39 ----D---- C:\Program Files\Common Files
2010-03-29 18:19:09 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-11-04 214664]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-01-20 31644]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-04-07 3844608]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2008-03-19 22072]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 ay738gim;ay738gim; C:\Windows\system32\drivers\ay738gim.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\NB\AppData\Local\Temp\YAW9077.tmp [2010-04-25 25616]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-08-28 25280]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-11-04 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-11-04 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-11-04 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-11-04 40552]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-04-07 692224]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-04-27 390952]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-18 654848]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-04-06 2743325]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 27 dub 2010 19:25

Zdravím

Doporučuji odinstalovat McAfee Security Scan.

Obrázek

Vložte do PC všechny flash disky, které používáte.

Obrázek

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

Spusťte, poté zvolte jazyk E - Enter
Zvolte možnost 2 - Enter (je možný restart PC)
Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Geneiken · #3 Příspěvek od **Geneiken** » 27 dub 2010 20:35

UsbFIX

############################## | UsbFix V6.109 |

User : NB (Administrators) # NB-PC
Update on 26/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 20:44:29 | 27.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) X2 Dual-Core QL-60
Microsoft® Windows Vista™ Home Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled

C:\ -> Local Fixed Disk # 69,65 Go (13,37 Go free) # NTFS
D:\ -> Local Fixed Disk # 69,64 Go (11,58 Go free) [DATA] # NTFS
E:\ -> CD-ROM Disc
F:\ -> Removable Disk
G:\ -> CD-ROM Disc

################## | Files # Infected Folders |

Deleted ! C:\$Recycle.Bin\S-1-5-21-2152478756-3922319563-605102323-500
Deleted ! C:\$Recycle.Bin\S-1-5-21-750855459-1474462795-2023421524-1000
Deleted ! D:\resycled
Deleted ! D:\$Recycle.Bin\S-1-5-21-2703547521-1868895092-1640031292-1000
Deleted ! D:\$Recycle.Bin\S-1-5-21-334698155-2873715772-1463477525-1000
Deleted ! D:\$Recycle.Bin\S-1-5-21-750855459-1474462795-2023421524-1000

################## | Registry |

################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\{2ee99209-2345-11de-bd73-d5f28b284985}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{c47a7f8a-5844-11de-82cb-001d72d03531}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{ebd63699-a12a-11de-9fc5-001d72d03531}\Shell\AutoRun\Command

################## | Listing of the present files |

[18.09.2006 23:43|--a------|24] C:\autoexec.bat
[18.01.2008 23:45|-rahs----|333203] C:\bootmgr
[18.09.2006 23:43|--a------|10] C:\config.sys
[17.04.2008 02:35|-rahs----|171136] C:\grldr
[?|?|?] C:\hiberfil.sys
[01.08.2009 16:27|-rahs----|0] C:\IO.SYS
[01.08.2009 16:27|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[10.01.2010 22:21|--a------|1005] C:\TeamSpeak 3 Client.lnk
[27.04.2010 20:50|--a------|1939] C:\UsbFix.txt
[09.02.2009 09:05|--a------|520704] D:\World of Warcraft.exe
[18.04.2010 13:04|--a------|455] D:\wowrm.ini

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_NB-PC.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.109 ! |

Extras
OTL Extras logfile created on: 27.4.2010 20:57:28 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\NB\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 13,40 Gb Free Space | 19,25% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 11,58 Gb Free Space | 16,62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NB-PC
Current User Name: NB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-750855459-1474462795-2023421524-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D3A104E-E55B-4DB3-805B-FADFA459CCB6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{192EDD67-E437-4E66-9B00-9DEA5B3D5977}" = rport=137 | protocol=17 | dir=out | app=system |
"{30F82776-5839-4401-B41D-CA7D01060D83}" = rport=139 | protocol=6 | dir=out | app=system |
"{92EB75E9-DA71-42A6-B5EF-223D229F3FDE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BA3F8B3F-FA15-4E58-85DA-87D88720B796}" = lport=139 | protocol=6 | dir=in | app=system |
"{DDBB988E-026E-4463-9253-669B319CA2F2}" = lport=138 | protocol=17 | dir=in | app=system |
"{DF0AB975-BE24-4AB1-A2FD-7CC18DF978A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{E4F74C61-842A-4E61-B0D0-53346F94CDFE}" = rport=138 | protocol=17 | dir=out | app=system |
"{E6BA1CA4-2800-45B8-9484-5633A1827F13}" = rport=445 | protocol=6 | dir=out | app=system |
"{F712B183-609D-4ACC-86FE-7336B087616F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F813A397-F0F8-43BF-9297-2FBF61247D0B}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C0FF0C-98DA-4544-831D-C54729247F52}" = protocol=6 | dir=in | app=d:\wotlk\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{06DB3919-5763-4CD6-A5C1-9D115DA33C5D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0803149F-D686-4B4A-9F71-06D6F9DF705C}" = protocol=17 | dir=in | app=d:\valve\steamapps\resickner\counter-strike\hl.exe |
"{0A82CD0C-C10A-4569-A018-755C4958AE2A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0ACBD785-B962-48F6-88B6-F2726CD60EE0}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{0B8728DB-1923-4B10-A5F1-36D6FAD353E2}" = protocol=17 | dir=in | app=d:\wotlk\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{22F585C6-9C00-474F-A19F-DC2C8F13FE75}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2DB42483-FC4E-430D-9B76-FDB03AF75334}" = protocol=6 | dir=in | app=d:\wotlk\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{30804C62-3BAA-4641-83B6-0FAD2484C572}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{51E1532C-0DBE-48F1-9242-A8721C913889}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{541E567E-8BA3-48F8-88E8-A1BDF2424B13}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{613BCAB6-F6C9-4623-8CD8-CDF75B65F7A1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6B85D6E8-1143-44C3-8E4C-44856F5A92A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{75E618FE-51FF-4D9D-8243-4EEC71036720}" = protocol=17 | dir=in | app=d:\lotr\game.dat |
"{7E7C0C03-4E74-47F3-A58F-E9AF3A130AC8}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{81542E99-153C-48F6-B171-A0C47B9619B4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{81637BB0-E57E-4222-9320-8FD09B88ADF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{859D22F5-5006-455C-A026-AB2C6621BA72}" = protocol=17 | dir=in | app=d:\wotlk\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{8635B8E1-5010-4289-9A29-8ED399AB1884}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{922035A0-B59D-403E-B029-971ECE37D162}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{93E03C75-2953-42C9-BC82-E646FD864ABB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9E89A740-7430-4A7F-98DD-7581DD1990E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A5C6D973-5F1D-41D9-93E6-EC4DB77289EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B781EDD2-25B7-422C-ADA5-722237673ECD}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{BA27A2AB-FAC5-40A4-903C-C9496109B391}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{CAD99C2F-A362-4261-BD7B-61FA6F941329}" = protocol=6 | dir=in | app=d:\valve\steamapps\resickner\counter-strike\hl.exe |
"{CBD7B35F-5E5C-4AAF-A019-0EA397A92259}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D552E8A7-C316-4213-AFE6-58F7FFECC8C9}" = protocol=6 | dir=in | app=d:\lotr\game.dat |
"{DA129CEF-74A1-4575-9A1D-0B55A338298A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E38219A7-7ACC-46F3-9CDF-DE63E0DFCB88}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{EC27AC35-02AC-4A80-9703-CD05D2C70AEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F488063C-0AB3-4774-90B8-2A87FA17C17F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FF76292A-2611-4DDD-B06B-14B2DF00BBB2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0044B08F-2B8D-42FA-89F6-9EFB65EA40A9}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{044421D5-9B8D-4109-AA26-444164700AFB}D:\client emt2\hero( new server ).exe" = protocol=6 | dir=in | app=d:\client emt2\hero( new server ).exe |
"TCP Query User{06CB05FA-F112-4808-8E9A-942CAE930D0B}D:\golden land\goldenland.exe" = protocol=6 | dir=in | app=d:\golden land\goldenland.exe |
"TCP Query User{09C910FC-3704-4627-A0AD-C8C695BBD273}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{0B735C1F-EBAC-47C2-B64B-AC3F2506DB4C}D:\valve\steamapps\resickner\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=d:\valve\steamapps\resickner\half-life 2 deathmatch\hl2.exe |
"TCP Query User{0BB3CEFE-803B-4E1B-931C-86E8325CC6A8}C:\users\nb\downloads\sro_l4_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\nb\downloads\sro_l4_full_client_downloader.exe |
"TCP Query User{0C8C11C9-2C26-479E-8519-365091EAFD31}D:\m2f\m2flauncher.exe" = protocol=6 | dir=in | app=d:\m2f\m2flauncher.exe |
"TCP Query User{0EE27269-88C7-49F1-896C-8A6EDDCBBAF1}D:\valve\steamapps\resickner\insurgency\hl2.exe" = protocol=6 | dir=in | app=d:\valve\steamapps\resickner\insurgency\hl2.exe |
"TCP Query User{11E248F6-EE9B-4774-A8A2-F463C07921DF}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"TCP Query User{18CE28B6-16BA-496E-842D-602C81DA35A3}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{299FE649-77AC-4934-A3B7-CA89214BF03A}D:\valve\steamapps\resickner\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\valve\steamapps\resickner\counter-strike source\hl2.exe |
"TCP Query User{3505AB1C-4E35-4EDB-A007-D64B982478F9}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"TCP Query User{3B4892E3-BED1-41DB-923C-0C2D329A04A0}D:\wotlk\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=6 | dir=in | app=d:\wotlk\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |
"TCP Query User{3DB4E31B-B35E-4FB0-8086-4D192971048D}D:\valve\steamapps\resickner\condition zero deleted scenes\hl.exe" = protocol=6 | dir=in | app=d:\valve\steamapps\resickner\condition zero deleted scenes\hl.exe |
"TCP Query User{3F8379E6-59DB-4B65-AEF5-79F3FFC6E866}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{4249DDF8-232F-4F19-B30F-7D295E8DE583}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{438227DE-E406-4017-B392-286F675A42FF}C:\program files\bitspirit\bitspirit.exe" = protocol=6 | dir=in | app=c:\program files\bitspirit\bitspirit.exe |
"TCP Query User{4CBC3F0C-0939-4A4F-A548-92C4BB3E373F}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{5103028C-B42F-4A68-B9C1-6899D1F16DB8}D:\wotlk\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=6 | dir=in | app=d:\wotlk\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe |
"TCP Query User{5709FDDF-344A-4297-AD8D-0F56252EC3E5}C:\program files\dragon age\bin_ship\dragonage.exe" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\dragonage.exe |
"TCP Query User{5993807A-8D9A-4B24-9265-F546B66FE7AD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5A128582-76D3-4FBD-AEF2-AE33E0606F42}D:\valve\steamapps\resickner\condition zero\hl.exe" = protocol=6 | dir=in | app=d:\valve\steamapps\resickner\condition zero\hl.exe |
"TCP Query User{644A3460-7B5F-4929-BAED-12BE6E88CD0A}C:\users\nb\desktop\shadowsmt2\metin.exe" = protocol=6 | dir=in | app=c:\users\nb\desktop\shadowsmt2\metin.exe |
"TCP Query User{6B2F7FEB-8B64-4565-9FD8-106CC39C8CDA}D:\valve\steamapps\resickner\condition zero\hl.exe" = protocol=6 | dir=in | app=d:\valve\steamapps\resickner\condition zero\hl.exe |
"TCP Query User{77FE1192-3D75-4885-AF98-1DFEFB83C679}D:\metin2.bin" = protocol=6 | dir=in | app=d:\metin2.bin |
"TCP Query User{7A7ACA2B-8492-4C05-AAE3-FBBB7C2FA4A9}C:\program files\valve\steam\steamapps\resickner\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\resickner\counter-strike\hl.exe |
"TCP Query User{7E4E3E62-12FC-45D3-BF21-D0E7C69C0B63}D:\wotlk\launcher.exe" = protocol=6 | dir=in | app=d:\wotlk\launcher.exe |
"TCP Query User{7E6C58A4-11C7-4ACA-8BED-A8AE0FF0AD54}C:\program files\bitspirit\bitspirit.exe" = protocol=6 | dir=in | app=c:\program files\bitspirit\bitspirit.exe |
"TCP Query User{9B433454-856D-4BD4-99D6-318D7994A40F}C:\ut2009\system\ut2004.exe" = protocol=6 | dir=in | app=c:\ut2009\system\ut2004.exe |
"TCP Query User{A1247AE0-1CD2-4D66-A66F-C32EEDC68A92}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{AF5F35F4-65BA-4D95-9DEF-7DEE8A855077}D:\valve\steamapps\resickner\day of defeat\hl.exe" = protocol=6 | dir=in | app=d:\valve\steamapps\resickner\day of defeat\hl.exe |
"TCP Query User{B7F76B7B-757D-44C5-AB6A-D89797BD65E0}D:\bf2\bf2_w32ded.exe" = protocol=6 | dir=in | app=d:\bf2\bf2_w32ded.exe |
"TCP Query User{BB445F8D-C2E5-4BC2-BC93-661318411E2A}C:\users\nb\downloads\sro_l5_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\nb\downloads\sro_l5_full_client_downloader.exe |
"TCP Query User{BEA6268C-3BCC-4F2E-9FD6-CCDAD0F4E854}D:\valve\steamapps\resickner\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=d:\valve\steamapps\resickner\half-life 2 deathmatch\hl2.exe |
"TCP Query User{C0E50583-4114-403B-872A-9D3D9253FB60}D:\valve\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\valve\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{C577375A-4DEF-494E-887D-2297312CBB0C}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{C8C62382-A00B-45BC-A830-D1FAF5A2441A}C:\program files\golden land\goldenland.exe" = protocol=6 | dir=in | app=c:\program files\golden land\goldenland.exe |
"TCP Query User{C919E5A9-F01E-4442-9CAF-CFDDC21AA723}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{C9ADD99F-0869-4E90-8794-CFD55AB75B55}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{CD0E5313-2DDE-49EE-9BF0-56C08ABC279C}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{CD7A6C98-1A7F-42CB-BF2E-8921CFD30C2E}D:\valve\steamapps\resickner\insurgency\hl2.exe" = protocol=6 | dir=in | app=d:\valve\steamapps\resickner\insurgency\hl2.exe |
"TCP Query User{CF8F0362-26B0-4489-959E-17C81385366B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D469AE79-224B-4D4D-8388-6E8C416DA994}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E3139142-D33C-437F-AD25-F641C9B09866}D:\golden land\goldenland.exe" = protocol=6 | dir=in | app=d:\golden land\goldenland.exe |
"TCP Query User{E63261B8-E8E7-458A-925B-B8A51EFEF6DC}C:\users\nb\downloads\wow_fotlk_pegi_en_xvid_f.avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\nb\downloads\wow_fotlk_pegi_en_xvid_f.avi-downloader.exe |
"TCP Query User{EA5E3D0F-BFB5-4721-8C38-9D351E4CF472}D:\metin\metin2.bin" = protocol=6 | dir=in | app=d:\metin\metin2.bin |
"TCP Query User{EE123682-EA51-493A-9FF1-F386F9D16E64}D:\valve\steamapps\resickner\counter-strike\hl.exe" = protocol=6 | dir=in | app=d:\valve\steamapps\resickner\counter-strike\hl.exe |
"TCP Query User{F10DC5B4-6E0D-45AF-BE8F-7F972815D98A}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{F762DE81-28AF-44EC-9EDC-97B723675929}C:\program files\miranda im kp v5.0.8.5\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im kp v5.0.8.5\miranda32.exe |
"TCP Query User{F8391A12-1016-4561-A644-3274888D44D4}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{00A495B4-17CB-4D19-B40C-A901FC5A67FE}D:\valve\steamapps\resickner\insurgency\hl2.exe" = protocol=17 | dir=in | app=d:\valve\steamapps\resickner\insurgency\hl2.exe |
"UDP Query User{068859B2-300F-4624-9FCF-39E1736F8BAF}D:\metin2.bin" = protocol=17 | dir=in | app=d:\metin2.bin |
"UDP Query User{0B21CFF2-53B7-497B-9C99-EA5FC5B35C16}D:\valve\steamapps\resickner\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=d:\valve\steamapps\resickner\half-life 2 deathmatch\hl2.exe |
"UDP Query User{0DC08A95-73B9-4141-9DE8-F5DF6E0748A6}C:\program files\dragon age\bin_ship\dragonage.exe" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\dragonage.exe |
"UDP Query User{1275CE0C-EE8E-4C32-A913-470A34D632E0}D:\metin\metin2.bin" = protocol=17 | dir=in | app=d:\metin\metin2.bin |
"UDP Query User{148F609C-128A-4F87-B119-E382EEE4925E}C:\users\nb\desktop\shadowsmt2\metin.exe" = protocol=17 | dir=in | app=c:\users\nb\desktop\shadowsmt2\metin.exe |
"UDP Query User{22B25A8C-0531-4696-935F-ADDF0EB898FD}D:\valve\steamapps\resickner\condition zero deleted scenes\hl.exe" = protocol=17 | dir=in | app=d:\valve\steamapps\resickner\condition zero deleted scenes\hl.exe |
"UDP Query User{24CE2E08-51ED-4E8A-B95B-8E5468ADD745}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{26EEB4F0-6563-4EA8-85DA-90888FDB6A18}C:\program files\golden land\goldenland.exe" = protocol=17 | dir=in | app=c:\program files\golden land\goldenland.exe |
"UDP Query User{276CCD8A-A92B-4FFC-AF7E-5FAE12139191}C:\users\nb\downloads\sro_l4_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\nb\downloads\sro_l4_full_client_downloader.exe |
"UDP Query User{279B105E-CF86-4C3E-A40E-BFA317A0847C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2FD41EE2-385A-41BC-9813-64B4233C305F}D:\valve\steamapps\resickner\insurgency\hl2.exe" = protocol=17 | dir=in | app=d:\valve\steamapps\resickner\insurgency\hl2.exe |
"UDP Query User{3EC7F1A2-48AF-47D4-B244-3B8AD7335AD6}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{42592C5D-E465-448D-BD37-0A1E025931D2}D:\valve\steamapps\resickner\counter-strike\hl.exe" = protocol=17 | dir=in | app=d:\valve\steamapps\resickner\counter-strike\hl.exe |
"UDP Query User{4308CED9-B72D-48CD-9A65-120B3B18B217}C:\program files\miranda im kp v5.0.8.5\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im kp v5.0.8.5\miranda32.exe |
"UDP Query User{45DBD42C-AF9D-484B-AA90-CFC5163C8110}D:\m2f\m2flauncher.exe" = protocol=17 | dir=in | app=d:\m2f\m2flauncher.exe |
"UDP Query User{4AE8C09C-B827-4569-8AD6-E09A98694CFB}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{4EC13BD0-22B1-412C-92A7-8794347D9A3C}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{5711113A-58F0-4661-A883-834C4E7E2B2B}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"UDP Query User{5E5A2C10-9ADC-4900-826E-CFEB42777ED6}C:\program files\bitspirit\bitspirit.exe" = protocol=17 | dir=in | app=c:\program files\bitspirit\bitspirit.exe |
"UDP Query User{5FCDDD22-B045-408C-8893-4A8EC54376E9}D:\client emt2\hero( new server ).exe" = protocol=17 | dir=in | app=d:\client emt2\hero( new server ).exe |
"UDP Query User{659F8F89-74D1-49DE-AAC7-ABA17DD72F32}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{6913A2A0-C46E-4B77-8544-9E8972E2A36E}D:\wotlk\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=17 | dir=in | app=d:\wotlk\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |
"UDP Query User{695180CC-C907-4377-9BB6-627AB0CA64BE}D:\golden land\goldenland.exe" = protocol=17 | dir=in | app=d:\golden land\goldenland.exe |
"UDP Query User{6FDC1B78-410F-4601-BA32-5499CA4D0A39}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{78E49664-55D7-48B0-8454-5666C1011CE3}C:\users\nb\downloads\sro_l5_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\nb\downloads\sro_l5_full_client_downloader.exe |
"UDP Query User{7C635289-872F-4DA1-BE78-7B3497516606}C:\ut2009\system\ut2004.exe" = protocol=17 | dir=in | app=c:\ut2009\system\ut2004.exe |
"UDP Query User{7E9A5D7B-25F7-45B3-8B3B-8D15018974D3}D:\golden land\goldenland.exe" = protocol=17 | dir=in | app=d:\golden land\goldenland.exe |
"UDP Query User{8223349D-D820-4B3B-BF89-490669BCCB34}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
"UDP Query User{90106C20-3174-40DA-9538-708365F7A963}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{952CFDD7-D34A-4E09-80AD-407CF7F4DA9E}D:\valve\steamapps\resickner\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=d:\valve\steamapps\resickner\half-life 2 deathmatch\hl2.exe |
"UDP Query User{99703F77-919C-4655-8048-8F16EAF43080}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9A48BE13-46EA-4CE5-BF1E-B4271B6B1123}D:\wotlk\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=17 | dir=in | app=d:\wotlk\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe |
"UDP Query User{A00DB979-DD78-4EF7-A46E-87B3742B8012}D:\valve\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\valve\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{A291E240-BD00-4075-98BA-4D0C195A92A3}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
"UDP Query User{A8C0D03C-3810-40BF-8366-40A2E08BDF3F}D:\valve\steamapps\resickner\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\valve\steamapps\resickner\counter-strike source\hl2.exe |
"UDP Query User{B41BD1BB-D5DB-4FE0-BAE1-531CC0660999}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{B8230EBD-7417-49F8-B6A5-DCFB2C96AD87}D:\bf2\bf2_w32ded.exe" = protocol=17 | dir=in | app=d:\bf2\bf2_w32ded.exe |
"UDP Query User{CB89E9B1-91C9-49A5-B459-8ADF5F021464}D:\valve\steamapps\resickner\condition zero\hl.exe" = protocol=17 | dir=in | app=d:\valve\steamapps\resickner\condition zero\hl.exe |
"UDP Query User{CC104E22-0972-4FD9-8735-0BADE49311CD}C:\users\nb\downloads\wow_fotlk_pegi_en_xvid_f.avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\nb\downloads\wow_fotlk_pegi_en_xvid_f.avi-downloader.exe |
"UDP Query User{D1488413-449E-45A9-B32A-F455B96AF46D}C:\program files\bitspirit\bitspirit.exe" = protocol=17 | dir=in | app=c:\program files\bitspirit\bitspirit.exe |
"UDP Query User{D16365F7-9BDA-47C5-97D9-66FF1DEC0CC7}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{D55C3C98-D21B-4619-9EA8-B7DFE0C07524}C:\program files\valve\steam\steamapps\resickner\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\resickner\counter-strike\hl.exe |
"UDP Query User{DAA6E689-BADC-4D48-913D-1EF0F9BBE361}D:\valve\steamapps\resickner\day of defeat\hl.exe" = protocol=17 | dir=in | app=d:\valve\steamapps\resickner\day of defeat\hl.exe |
"UDP Query User{DD289E35-0724-4026-B8C1-C7615A471E37}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{E477342B-7563-4CF4-8B9B-0CC91D7AD97A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EEF85DF3-327F-4742-A0C1-18A2542213AB}D:\wotlk\launcher.exe" = protocol=17 | dir=in | app=d:\wotlk\launcher.exe |
"UDP Query User{F4A2AA27-C07F-4DBC-928E-4009C1122A76}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{FA4C809E-4BD1-4A4F-87BD-379B6C65AA38}D:\valve\steamapps\resickner\condition zero\hl.exe" = protocol=17 | dir=in | app=d:\valve\steamapps\resickner\condition zero\hl.exe |
"UDP Query User{FF4070F4-155C-443E-8938-215075F0FA26}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{27C9470C-2077-F4AD-8921-9504D1B9BC83}" = Catalyst Control Center Graphics Light
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3066F7B1-5918-4E18-292B-1153283E2CC3}" = ATI Catalyst Install Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5C7D2-30E4-5522-52BC-89677DFD8E32}" = Catalyst Control Center InstallProxy
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{79866648-18CB-4C93-F124-31AFE54F9A9D}" = Catalyst Control Center Core Implementation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6}" = Catalyst Control Center - Branding
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROR_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROR_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROR_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90C26DA5-6780-0E5F-BC97-CAA7B5727E86}" = Catalyst Control Center Graphics Full Existing
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Prameny
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C08A4D67-6837-5097-CC0C-B5DFD60630B9}" = ccc-core-static
"{C22F45F8-3BDF-4D0A-99FC-C901E4303E41}" = ESET Smart Security
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C34686CD-A03B-1B48-8085-341CD632C0BC}" = Catalyst Control Center Graphics Full New
"{CD4D90B4-CC18-C176-B261-8BA8D5F644AB}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E2827339-D4B6-4EAD-B39C-E59CB800771C}" = File List Generator
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6DB139F-DE64-4F3A-AFBD-5ABF7E434F12}" = AMD USB Audio Driver Filter
"{E7E36B90-24D7-E382-CEFB-6F293A2302F6}" = CCC Help English
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F3E29994-EE0A-C417-7FDE-902B1D722460}" = Catalyst Control Center Localization Czech
"{F420F5B3-677A-779E-AEEC-81A00ED373FE}" = ccc-utility
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"µTorrent CZ_is1" = µTorrent CZ 1.8.2 (build 14458)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"ALZip_is1" = ALZip
"BitSpirit_is1" = BitSpirit v3.3.2.352 Stable
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Garena" = Garena 2010
"GoldWave v5.55" = GoldWave v5.55
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"hon" = Heroes of Newerth
"JDownloader" = JDownloader
"Metin2 Factory" = Metin2 Factory
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.13
"Miranda IM KenDASS Pack_is1" = Miranda IM KenDASS Pack v5.0.8.5
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MP3 Remix for Windows Media Player" = MP3 Remix for Windows Media Player
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"PowerISO" = PowerISO
"PROR" = Zkušební verze produktu Microsoft Office Professional 2007
"Scorpions WinCheater 2.07 mini-verze (s databází 81)_is1" = Scorpions WinCheater
"Steam App 17700" = Insurgency
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 380" = Half-Life 2: Episode One
"TeamViewer 5" = TeamViewer 5
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-750855459-1474462795-2023421524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"NCsoft-AionEU" = Aion
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29.3.2010 11:24:04 | Computer Name = NB-PC | Source = VSS | ID = 8194
Description =

Error - 6.4.2010 14:39:37 | Computer Name = NB-PC | Source = Application Hang | ID = 1002
Description = Program gimp-2.6.exe verze 0.0.0.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 146c Čas zahájení: 01cad5b85dddedc6 Čas ukončení: 7

Error - 7.4.2010 12:55:28 | Computer Name = NB-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace ICQ.exe, verze 6.5.0.2024, časové razítko 0x4b010ef1,
chybující modul unknown, verze 0.0.0.0, časové razítko 0x00000000, kód výjimky
0xc0000005, posun chyby 0x056502aa, ID procesu 0xa5c, čas spuštění aplikace 0x01cad66ebdc05e80.

Error - 14.4.2010 14:17:09 | Computer Name = NB-PC | Source = VSS | ID = 8194
Description =

Error - 16.4.2010 15:42:33 | Computer Name = NB-PC | Source = VSS | ID = 8194
Description =

Error - 23.4.2010 13:18:03 | Computer Name = NB-PC | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 1.9.0.3725 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 540 Čas zahájení: 01cae302d6a47e7e Čas ukončení: 16

Error - 25.4.2010 4:58:00 | Computer Name = NB-PC | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 1.9.0.3725 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: bcc Čas zahájení: 01cae4541990ab55 Čas ukončení: 16

Error - 25.4.2010 4:58:29 | Computer Name = NB-PC | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 1.9.0.3725 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 354 Čas zahájení: 01cae455692c8075 Čas ukončení: 16

Error - 25.4.2010 14:55:38 | Computer Name = NB-PC | Source = VSS | ID = 8194
Description =

Error - 26.4.2010 12:25:23 | Computer Name = NB-PC | Source = Application Hang | ID = 1002
Description = Program aion.bin verze 1510.1119.106.2241 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: cd0 Čas zahájení: 01cae55cd2012062 Čas ukončení: 18

[ System Events ]
Error - 26.4.2010 8:53:25 | Computer Name = NB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27.4.2010 5:17:40 | Computer Name = NB-PC | Source = HTTP | ID = 15016
Description =

Error - 27.4.2010 5:19:10 | Computer Name = NB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27.4.2010 13:15:12 | Computer Name = NB-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 27.4.2010 13:27:18 | Computer Name = NB-PC | Source = HTTP | ID = 15016
Description =

Error - 27.4.2010 13:28:51 | Computer Name = NB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27.4.2010 13:28:51 | Computer Name = NB-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 27.4.2010 13:28:51 | Computer Name = NB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27.4.2010 14:44:04 | Computer Name = NB-PC | Source = HTTP | ID = 15016
Description =

Error - 27.4.2010 14:45:36 | Computer Name = NB-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Geneiken · #4 Příspěvek od **Geneiken** » 27 dub 2010 20:37

OTL

OTL logfile created on: 27.4.2010 20:57:28 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\NB\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 13,40 Gb Free Space | 19,25% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 11,58 Gb Free Space | 16,62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NB-PC
Current User Name: NB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.27 20:56:06 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\NB\Downloads\OTL.exe
PRC - [2010.04.04 20:39:38 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.01.12 16:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 23:33:26 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
PRC - [2008.01.18 23:33:06 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2008.01.18 23:33:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

========== Modules (SafeList) ==========

MOD - [2010.04.27 20:56:06 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\NB\Downloads\OTL.exe
MOD - [2008.01.18 23:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.04.27 15:05:31 | 000,390,952 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.02.18 21:57:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.01.12 16:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.07.26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.04.06 17:35:00 | 002,743,325 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.02.06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008.06.20 03:14:31 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 23:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.18 23:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2010.04.25 21:23:37 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\NB\AppData\Local\Temp\YAW9077.tmp -- (GarenaPEngine)
DRV - [2009.11.04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009.11.04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009.11.04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009.11.04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009.11.04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009.08.28 12:14:49 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.06.13 19:59:09 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.04.07 11:41:59 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2009.04.07 11:41:55 | 003,844,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.02.06 14:24:26 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009.02.06 14:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.02.06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009.02.06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.02.06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009.01.13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.03.28 04:44:56 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.03.19 18:28:52 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.01.18 21:53:24 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007.01.20 09:11:07 | 000,031,644 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006.11.02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 09:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.forex-finance-trading.com/
IE - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.forex-finance-trading.com/
IE - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BS_Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:1.5.48.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... ource=3&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.conduit.com/ResultsExt.as ... ource=2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 20:39:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 14:18:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.27 19:14:44 | 000,000,000 | ---D | M]

[2009.04.08 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\mozilla\Extensions
[2010.04.26 20:28:50 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\mozilla\Firefox\Profiles\nzjsjywj.default\extensions
[2009.06.25 06:51:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\NB\AppData\Roaming\mozilla\Firefox\Profiles\nzjsjywj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.06 21:20:12 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\NB\AppData\Roaming\mozilla\Firefox\Profiles\nzjsjywj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.06.03 14:32:02 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Users\NB\AppData\Roaming\mozilla\Firefox\Profiles\nzjsjywj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010.02.21 01:56:06 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\mozilla\Firefox\Profiles\nzjsjywj.default\extensions\personas@christopher.beard
[2009.05.28 21:00:52 | 000,000,681 | ---- | M] () -- C:\Users\NB\AppData\Roaming\Mozilla\FireFox\Profiles\nzjsjywj.default\searchplugins\ask.xml
[2009.02.26 14:22:28 | 000,000,880 | ---- | M] () -- C:\Users\NB\AppData\Roaming\Mozilla\FireFox\Profiles\nzjsjywj.default\searchplugins\conduit.xml
[2009.10.06 21:20:07 | 000,003,915 | ---- | M] () -- C:\Users\NB\AppData\Roaming\Mozilla\FireFox\Profiles\nzjsjywj.default\searchplugins\sweetim.xml
[2010.04.27 20:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\VistaCodecPack\QT\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000..\Run: [RGSC] D:\Valve\SteamApps\common\grand theft auto iv\RGSC\RGSCLauncher.exe File not found
O4 - Startup: C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O7 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
O7 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\NB\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\NB\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.04.27 20:50:31 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.27 20:50:31 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.04.07 10:53:36 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.wmv3 - C:\Windows\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010.04.27 20:50:31 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010.04.27 20:39:18 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010.04.27 20:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.27 19:17:57 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\ESET
[2010.04.27 19:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010.04.27 19:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.04.25 20:57:01 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Local\assembly
[2010.04.25 20:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\NCSoft
[2010.04.25 20:54:24 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\InstallShield
[2010.04.22 19:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2010.04.15 14:37:18 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 14:37:17 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 14:37:14 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.15 14:37:08 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.14 20:29:03 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010.04.14 20:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010.04.13 11:24:45 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.08 14:51:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010.04.01 23:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.03.31 12:11:49 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.03.31 12:11:47 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 12:11:47 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 12:11:47 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 12:11:46 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 12:11:46 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.03.31 12:11:46 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.03.31 12:11:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.03.31 12:11:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 12:11:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 12:11:44 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.29 23:01:00 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.27 21:00:05 | 007,602,176 | -HS- | M] () -- C:\Users\NB\NTUSER.DAT
[2010.04.27 20:50:32 | 000,001,356 | ---- | M] () -- C:\UsbFix_Upload_Me_NB-PC.zip
[2010.04.27 20:44:20 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.27 20:44:20 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.27 20:44:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.27 20:43:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.27 20:43:54 | 1877,393,408 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.27 20:42:50 | 000,065,536 | -HS- | M] () -- C:\Users\NB\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.27 20:42:49 | 000,524,288 | -HS- | M] () -- C:\Users\NB\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.27 20:42:48 | 003,798,524 | -H-- | M] () -- C:\Users\NB\AppData\Local\IconCache.db
[2010.04.27 19:34:01 | 000,171,825 | ---- | M] () -- C:\Users\NB\Desktop\huaha.jpg
[2010.04.27 18:06:26 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{754A4407-6A9B-4CEE-979E-018E7DBA2EB0}.job
[2010.04.27 17:42:03 | 000,000,020 | ---- | M] () -- C:\Users\NB\Documents\aionmemo_f5cbd0b5.dat
[2010.04.26 21:51:03 | 000,000,541 | ---- | M] () -- C:\Users\NB\Desktop\SunAion_Hellion.lnk
[2010.04.25 14:29:17 | 000,000,600 | ---- | M] () -- C:\Users\NB\AppData\Roaming\winscp.rnd
[2010.04.22 19:30:01 | 000,001,586 | ---- | M] () -- C:\Users\NB\Desktop\WinSCP.lnk
[2010.04.22 18:32:21 | 000,018,397 | ---- | M] () -- C:\Users\NB\.recently-used.xbel
[2010.04.17 21:42:32 | 000,000,776 | ---- | M] () -- C:\Users\NB\Desktop\Garena.lnk
[2010.04.17 12:09:44 | 001,393,930 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.17 12:09:44 | 000,598,838 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.04.17 12:09:44 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.17 12:09:44 | 000,115,014 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.04.17 12:09:44 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.17 11:57:51 | 000,001,356 | ---- | M] () -- C:\Users\NB\AppData\Local\d3d9caps.dat
[2010.04.01 23:03:33 | 000,039,936 | ---- | M] () -- C:\Users\NB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.31 15:26:23 | 183,514,934 | ---- | M] () -- C:\Users\NB\Desktop\How I Met Your Mother S04E19 - Murtaugh.avi
[2010.03.30 08:37:43 | 000,104,608 | ---- | M] () -- C:\Users\NB\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.03.30 08:33:51 | 001,733,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.27 20:50:32 | 000,001,356 | ---- | C] () -- C:\UsbFix_Upload_Me_NB-PC.zip
[2010.04.27 19:34:00 | 000,171,825 | ---- | C] () -- C:\Users\NB\Desktop\huaha.jpg
[2010.04.26 21:51:05 | 000,000,541 | ---- | C] () -- C:\Users\NB\Desktop\SunAion_Hellion.lnk
[2010.04.26 18:35:17 | 000,000,020 | ---- | C] () -- C:\Users\NB\Documents\aionmemo_f5cbd0b5.dat
[2010.04.22 19:30:06 | 000,000,600 | ---- | C] () -- C:\Users\NB\AppData\Roaming\winscp.rnd
[2010.04.22 19:30:01 | 000,001,586 | ---- | C] () -- C:\Users\NB\Desktop\WinSCP.lnk
[2010.04.22 18:32:21 | 000,018,397 | ---- | C] () -- C:\Users\NB\.recently-used.xbel
[2010.04.17 21:42:32 | 000,000,776 | ---- | C] () -- C:\Users\NB\Desktop\Garena.lnk
[2010.03.31 15:14:07 | 183,514,934 | ---- | C] () -- C:\Users\NB\Desktop\How I Met Your Mother S04E19 - Murtaugh.avi
[2010.03.29 23:00:59 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.06.13 19:59:09 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.24 22:13:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.03.06 01:36:20 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

========== LOP Check ==========

[2009.04.19 10:48:45 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\BitSpirit
[2009.06.04 07:20:15 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\BSplayer
[2009.06.03 14:32:01 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\BSplayer Pro
[2010.02.14 12:09:46 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\COWON
[2009.06.13 20:08:38 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\DAEMON Tools Lite
[2010.03.08 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Desktopicon
[2010.04.27 19:17:57 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\ESET
[2010.04.26 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\GetRightToGo
[2010.02.14 14:51:32 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\GHISLER
[2010.04.22 18:32:21 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\gtk-2.0
[2010.02.14 15:01:19 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\HLSW
[2010.04.18 11:16:44 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\ICQ
[2009.08.07 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Miranda
[2010.01.26 08:45:27 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\OpenOffice.org
[2009.09.05 11:47:21 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\TeamViewer
[2010.01.10 22:23:58 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\TS3Client
[2010.03.23 18:26:17 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Ubisoft
[2010.04.06 23:28:41 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\uTorrent
[2010.04.27 20:43:02 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.04.27 18:06:26 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{754A4407-6A9B-4CEE-979E-018E7DBA2EB0}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.18 23:33:10 | 000,125,952 | ---- | M] (Microsoft Corporation)
"RGSC" = D:\Valve\SteamApps\common\grand theft auto iv\RGSC\RGSCLauncher.exe /silent -- File not found
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe -- [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation)
"PlayNC Launcher" =
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.02.19 23:02:38 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Adobe
[2009.10.19 19:23:40 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Apple Computer
[2009.04.07 12:04:18 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\ATI
[2009.04.19 10:48:45 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\BitSpirit
[2009.06.04 07:20:15 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\BSplayer
[2009.06.03 14:32:01 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\BSplayer Pro
[2010.02.14 12:09:46 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\COWON
[2009.06.13 20:08:38 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\DAEMON Tools Lite
[2010.03.08 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Desktopicon
[2010.02.08 14:37:39 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\DivX
[2010.04.27 19:17:57 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\ESET
[2010.01.17 13:54:55 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\ESTsoft
[2010.04.26 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\GetRightToGo
[2010.02.14 14:51:32 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\GHISLER
[2010.04.22 18:32:21 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\gtk-2.0
[2009.08.28 13:10:53 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Hamachi
[2010.02.14 15:01:19 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\HLSW
[2010.04.18 11:16:44 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\ICQ
[2009.04.07 09:31:58 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Identities
[2010.04.25 20:54:24 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\InstallShield
[2009.04.07 12:38:47 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Media Center Programs
[2010.02.08 16:04:45 | 000,000,000 | --SD | M] -- C:\Users\NB\AppData\Roaming\Microsoft
[2009.08.07 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Miranda
[2009.04.08 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Mozilla
[2010.01.26 08:45:27 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\OpenOffice.org
[2009.09.19 12:33:53 | 000,000,000 | RH-D | M] -- C:\Users\NB\AppData\Roaming\SecuROM
[2010.04.25 21:51:24 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Skype
[2010.04.25 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\skypePM
[2009.09.09 20:16:14 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\teamspeak2
[2009.09.05 11:47:21 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\TeamViewer
[2010.01.10 22:23:58 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\TS3Client
[2010.03.23 18:26:17 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Ubisoft
[2010.04.06 23:28:41 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\uTorrent
[2009.08.28 20:42:06 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Ventrilo
[2010.03.26 23:45:58 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\vlc
[2009.04.07 15:40:13 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2003.04.09 11:28:44 | 000,233,472 | R--- | M] () -- C:\Users\NB\AppData\Roaming\MafiaSetup.exe
[2007.08.18 09:54:02 | 000,020,480 | ---- | M] () -- C:\Users\NB\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2007.08.18 09:53:50 | 000,016,384 | ---- | M] () -- C:\Users\NB\AppData\Roaming\BSplayer\AC3 Filter\dialog_patch.exe
[2008.04.13 17:26:54 | 000,036,396 | ---- | M] () -- C:\Users\NB\AppData\Roaming\BSplayer\AC3 Filter\uninstall.exe
[2008.04.01 11:51:06 | 000,691,717 | ---- | M] () -- C:\Users\NB\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2008.03.29 17:42:00 | 000,103,424 | ---- | M] () -- C:\Users\NB\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2008.03.29 17:42:02 | 000,335,872 | ---- | M] () -- C:\Users\NB\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2008.03.29 17:41:54 | 000,135,168 | ---- | M] () -- C:\Users\NB\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2008.06.10 09:11:02 | 000,041,412 | ---- | M] () -- C:\Users\NB\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2009.04.07 11:43:12 | 000,010,134 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{73B5C7D2-30E4-5522-52BC-89677DFD8E32}\ARPPRODUCTICON.exe
[2009.04.07 11:46:29 | 000,010,134 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{A02153E8-8DF8-42E6-B7BF-D88EEA33565F}\ARPPRODUCTICON.exe
[2008.12.02 08:40:14 | 000,028,672 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Windows\Templates\I\UninstallMSI.exe
[2008.12.01 13:29:00 | 000,014,336 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Windows\Templates\I\UninstallMSI32.exe
[2008.12.01 13:29:00 | 000,016,896 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Windows\Templates\I\UninstallMSI64.exe
[2009.03.20 07:09:32 | 001,360,008 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Windows\Templates\I\USBAutoRun.exe

< MD5 for: AGP440.SYS >
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.19 07:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.01.19 06:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.18 23:34:02 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\System32\cryptsvc.dll
[2008.01.18 23:34:02 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.08.27 05:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.08.27 04:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2008.01.18 23:42:36 | 000,177,208 | ---- | M] (Microsoft Corporation) MD5=A00B0EDD048786E30EBB2DA65D9A8F74 -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: LSASS.EXE >
[2009.06.15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\System32\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.18 23:33:16 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.18 23:33:16 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.18 23:33:16 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.18 23:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008.01.18 23:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.18 23:43:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.18 23:43:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

Geneiken · #5 Příspěvek od **Geneiken** » 27 dub 2010 20:37

ZBYTEK :

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.01.18 23:33:32 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\System32\smss.exe
[2008.01.18 23:33:32 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009.04.11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.12.08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\System32\drivers\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009.12.08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 --
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2008.01.14 05:16:42 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\SoftwareDistribution\Download\c6d3c2ffe03b8796482aee1c5fc8dc7f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2009.12.08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2008.01.14 05:17:57 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\SoftwareDistribution\Download\c6d3c2ffe03b8796482aee1c5fc8dc7f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.12.08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2009.12.08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006.11.02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008.01.18 23:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008.01.18 23:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008.01.18 23:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.18 23:38:04 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.18 23:36:12 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.06.13 19:59:09 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.18 23:38:04 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.18 23:36:12 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D06A4C76
< End of report >

Geneiken · #6 Příspěvek od **Geneiken** » 28 dub 2010 09:25

Omlouvam se ze sem to sem dal tak pozde ale nejakou tu chvili to trvalo

#7 Příspěvek od **Caroprd111** » 28 dub 2010 12:32

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
DRV - [2010.04.25 21:23:37 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\NB\AppData\Local\Temp\YAW9077.tmp -- (GarenaPEngine)
IE - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
O3 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-750855459-1474462795-2023421524-1000..\Run: [RGSC] D:\Valve\SteamApps\common\grand theft auto iv\RGSC\RGSCLauncher.exe File not found
O4 - Startup: C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D06A4C76
"TCP Query User{3F8379E6-59DB-4B65-AEF5-79F3FFC6E866}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{C919E5A9-F01E-4442-9CAF-CFDDC21AA723}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{3EC7F1A2-48AF-47D4-B244-3B8AD7335AD6}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{F4A2AA27-C07F-4DBC-928E-4009C1122A76}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |

:Files
C:\program files\garena

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Garena" =-

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Doporučuji odinstalovat:
BitSpirit
µTorrent

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Obrázek

Soubor C:\UsbFix_Upload_Me_NB-PC.zip prosím uložte na http://chiquitine.changelog.fr/Sample/Upload.php

Děkuji.

Geneiken · #8 Příspěvek od **Geneiken** » 28 dub 2010 16:12

tady je ten usbfix http://czshare.com/1285417/8XGY/UsbFix_ ... _NB_PC.zip upnul jsem to jinde na te vasi strance mi to neslo. a tady je log:

All processes killed
========== OTL ==========
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
C:\Users\NB\AppData\Local\Temp\YAW9077.tmp moved successfully.
Registry value HKEY_USERS\S-1-5-21-750855459-1474462795-2023421524-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-750855459-1474462795-2023421524-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "Ask" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "Ask" removed from browser.search.order.1
Registry value HKEY_USERS\S-1-5-21-750855459-1474462795-2023421524-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-750855459-1474462795-2023421524-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-21-750855459-1474462795-2023421524-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry value HKEY_USERS\S-1-5-21-750855459-1474462795-2023421524-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.
C:\Users\NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin.LNK moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
ADS C:\ProgramData\TEMP:D06A4C76 deleted successfully.
========== FILES ==========
C:\program files\Garena\web\cache\RUpoker\img folder moved successfully.
C:\program files\Garena\web\cache\RUpoker\css folder moved successfully.
C:\program files\Garena\web\cache\RUpoker folder moved successfully.
C:\program files\Garena\web\cache\ROM\images folder moved successfully.
C:\program files\Garena\web\cache\ROM\css folder moved successfully.
C:\program files\Garena\web\cache\ROM\config\images folder moved successfully.
C:\program files\Garena\web\cache\ROM\config\css folder moved successfully.
C:\program files\Garena\web\cache\ROM\config folder moved successfully.
C:\program files\Garena\web\cache\ROM folder moved successfully.
C:\program files\Garena\web\cache\Freesky\img folder moved successfully.
C:\program files\Garena\web\cache\Freesky\css folder moved successfully.
C:\program files\Garena\web\cache\Freesky folder moved successfully.
C:\program files\Garena\web\cache folder moved successfully.
C:\program files\Garena\web folder moved successfully.
C:\program files\Garena\user\19955782 folder moved successfully.
C:\program files\Garena\user folder moved successfully.
C:\program files\Garena\sound folder moved successfully.
C:\program files\Garena\SkinBlack folder moved successfully.
C:\program files\Garena\Skin\SkinSwitcher folder moved successfully.
C:\program files\Garena\Skin\Flags folder moved successfully.
C:\program files\Garena\Skin folder moved successfully.
C:\program files\Garena\shop\items folder moved successfully.
C:\program files\Garena\shop folder moved successfully.
C:\program files\Garena\plugins\UI\AdPlugin folder moved successfully.
C:\program files\Garena\plugins\UI folder moved successfully.
C:\program files\Garena\plugins\Game folder moved successfully.
C:\program files\Garena\plugins folder moved successfully.
C:\program files\Garena\lib\common folder moved successfully.
C:\program files\Garena\lib folder moved successfully.
C:\program files\Garena\Languages folder moved successfully.
C:\program files\Garena\GarenaTV folder moved successfully.
C:\program files\Garena\files folder moved successfully.
C:\program files\Garena\dlls folder moved successfully.
C:\program files\Garena\deps folder moved successfully.
C:\program files\Garena\config folder moved successfully.
C:\program files\Garena\Cache folder moved successfully.
C:\program files\Garena\Avatar folder moved successfully.
C:\program files\Garena folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Garena not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NB
->Temp folder emptied: 119951729 bytes
->Temporary Internet Files folder emptied: 130230713 bytes
->Java cache emptied: 37613416 bytes
->FireFox cache emptied: 88447527 bytes
->Google Chrome cache emptied: 5961144 bytes
->Flash cache emptied: 17275 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46930826 bytes
RecycleBin emptied: 172894 bytes

Total Files Cleaned = 409,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: NB
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.3.0 log created on 04282010_170349

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#9 Příspěvek od **Caroprd111** » 28 dub 2010 16:16

Jak to vypadá s PC

Geneiken · #10 Příspěvek od **Geneiken** » 28 dub 2010 17:10

zadna vyrazna zmena, porad to same nezvlada to napriklad cs:s - counter strike:source ktery by mel zvladat v pohode

#11 Příspěvek od **Caroprd111** » 28 dub 2010 17:22

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

Geneiken · #12 Příspěvek od **Geneiken** » 28 dub 2010 18:48

tak bohuzel ale postupoval jsem presne podle vasich instrukci a cekal neco malo prez hodinu kdy se obevilo okno s napisem
" Pracuji na logu" ktere tak bylo doted. nevim proc to trva tak dlouho ale musel sem restartovat pc.

#13 Příspěvek od **Caroprd111** » 28 dub 2010 18:51

Podívejte se, jestli se v PC nenachází log ComboFix.txt

Geneiken · #14 Příspěvek od **Geneiken** » 28 dub 2010 19:01

Neco sem nasel, omlouvam se tedy ale nevsiml sem si toho

ComboFix 10-04-27.04 - NB 28.04.2010 18:58:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.1790.1171 [GMT 2:00]
Spuštěný z: C:\Users\NB\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\NB\AppData\Roaming\avdrn.dat
C:\Users\NB\AppData\Roaming\Desktopicon

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-28 do 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-28 17:11:34 . 2010-04-28 17:11:52 -------- d-----w- C:\Users\NB\AppData\Local\temp
2010-04-28 17:11:34 . 2010-04-28 17:11:34 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-04-28 16:58:38 . 2010-04-28 16:58:38 -------- d-----w- C:\Users\NB\AppData\Local\ESET
2010-04-28 15:03:49 . 2010-04-28 15:03:49 -------- d-----w- C:\_OTL
2010-04-27 18:50:32 . 2010-04-27 18:50:32 1356 ----a-w- C:\UsbFix_Upload_Me_NB-PC.zip
2010-04-27 18:39:18 . 2010-04-27 18:50:33 -------- d-----w- C:\UsbFix
2010-04-27 18:05:52 . 2010-04-27 18:07:31 -------- d-----w- C:\Program Files\trend micro
2010-04-27 17:14:42 . 2010-04-27 17:14:42 -------- d-----w- C:\Program Files\ESET
2010-04-25 18:57:01 . 2010-04-25 18:57:01 -------- d-----w- C:\Users\NB\AppData\Local\assembly
2010-04-25 18:56:13 . 2010-04-26 12:58:32 -------- d-----w- C:\Program Files\NCSoft
2010-04-25 18:54:24 . 2010-04-25 18:54:24 -------- d-----w- C:\Users\NB\AppData\Roaming\InstallShield
2010-04-22 17:29:59 . 2010-04-22 17:30:01 -------- d-----w- C:\Program Files\WinSCP
2010-04-15 12:41:47 . 2010-02-18 14:49:38 898952 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2010-04-15 12:41:47 . 2010-02-18 14:11:41 190464 ----a-w- C:\Windows\system32\iphlpsvc.dll
2010-04-15 12:41:47 . 2010-02-18 11:52:00 25088 ----a-w- C:\Windows\system32\drivers\tunnel.sys
2010-04-15 12:37:24 . 2010-02-23 11:32:36 212992 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2010-04-15 12:37:24 . 2010-02-23 11:32:33 78848 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys
2010-04-15 12:37:24 . 2010-02-23 11:32:31 105984 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2010-04-15 12:37:18 . 2010-02-18 14:49:31 3598216 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2010-04-15 12:37:17 . 2010-02-18 14:49:31 3545992 ----a-w- C:\Windows\system32\ntoskrnl.exe
2010-04-15 12:37:14 . 2010-03-04 18:54:51 430080 ----a-w- C:\Windows\system32\vbscript.dll
2010-04-14 18:29:04 . 2006-10-26 17:56:12 33104 ----a-w- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-14 18:29:03 . 2008-11-10 09:41:34 32656 ----a-w- C:\Windows\system32\msonpmon.dll
2010-04-14 18:20:13 . 2010-04-14 18:20:15 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8
2010-04-14 07:53:05 . 2009-12-23 12:43:08 171520 ----a-w- C:\Windows\system32\wintrust.dll
2010-04-14 07:53:03 . 2010-01-15 00:04:50 98304 ----a-w- C:\Windows\system32\cabview.dll
2010-04-13 09:24:45 . 2010-02-12 10:48:12 293376 ----a-w- C:\Windows\system32\browserchoice.exe
2010-04-08 12:51:04 . 2010-04-08 12:51:04 -------- d--h--w- C:\ProgramData\CanonBJ
2010-04-08 12:50:59 . 2006-11-02 09:46:03 70144 ----a-w- C:\Windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
2010-04-01 21:16:42 . 2010-04-01 21:16:44 -------- d-----w- C:\ProgramData\DivX
2010-03-29 21:01:00 . 2004-12-29 00:43:08 4682 ----a-w- C:\Windows\system32\npptNT2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 16:53:14 . 2009-04-07 14:22:29 -------- d-----w- C:\Users\NB\AppData\Roaming\ICQ
2010-04-28 15:00:47 . 2009-04-19 08:48:37 -------- d-----w- C:\Program Files\BitSpirit
2010-04-28 15:00:30 . 2009-04-19 08:31:23 -------- d-----w- C:\Users\NB\AppData\Roaming\uTorrent
2010-04-28 06:36:28 . 2009-04-07 13:19:35 -------- d-----w- C:\Program Files\Common Files\Steam
2010-04-26 13:05:14 . 2009-12-04 14:18:13 -------- d-----w- C:\Users\NB\AppData\Roaming\GetRightToGo
2010-04-25 20:18:39 . 2009-04-08 16:31:00 -------- d-----w- C:\Program Files\Warcraft III
2010-04-25 19:51:24 . 2009-05-02 17:51:58 -------- d-----w- C:\Users\NB\AppData\Roaming\Skype
2010-04-25 19:16:24 . 2009-05-02 17:52:54 -------- d-----w- C:\Users\NB\AppData\Roaming\skypePM
2010-04-25 18:56:12 . 2009-04-07 14:22:38 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-04-22 16:32:21 . 2009-10-23 14:02:32 -------- d-----w- C:\Users\NB\AppData\Roaming\gtk-2.0
2010-04-19 05:32:06 . 2009-05-11 12:27:25 -------- d-----w- C:\ProgramData\Microsoft Help
2010-04-17 10:09:44 . 2007-01-08 21:09:29 598838 ----a-w- C:\Windows\system32\perfh005.dat
2010-04-17 10:09:44 . 2007-01-08 21:09:29 115014 ----a-w- C:\Windows\system32\perfc005.dat
2010-04-17 09:57:51 . 2009-04-07 07:31:51 1356 ----a-w- C:\Users\NB\AppData\Local\d3d9caps.dat
2010-04-16 07:41:26 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2010-04-14 18:25:37 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\MSBuild
2010-04-14 18:03:36 . 2010-02-14 10:20:09 -------- d-----w- C:\ProgramData\McAfee
2010-03-31 13:13:35 . 2009-11-19 13:54:20 -------- d-----w- C:\Program Files\JDownloader
2010-03-30 06:37:43 . 2009-04-07 07:32:17 104608 ----a-w- C:\Users\NB\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-26 21:45:58 . 2010-03-08 16:25:51 -------- d-----w- C:\Users\NB\AppData\Roaming\vlc
2010-03-23 16:26:17 . 2010-03-23 16:26:17 -------- d-----w- C:\Users\NB\AppData\Roaming\Ubisoft
2010-03-23 16:26:17 . 2010-01-11 19:13:56 -------- d-----w- C:\ProgramData\Ubisoft
2010-03-09 16:28:40 . 2010-03-31 10:11:51 833024 ----a-w- C:\Windows\system32\wininet.dll
2010-03-09 16:25:21 . 2010-03-31 10:11:46 78336 ----a-w- C:\Windows\system32\ieencode.dll
2010-03-09 14:01:47 . 2010-03-31 10:11:46 26624 ----a-w- C:\Windows\system32\ieUnatt.exe
2010-03-08 16:23:51 . 2010-03-08 16:23:51 -------- d-----w- C:\Program Files\VideoLAN
2010-03-02 08:25:48 . 2010-03-02 08:25:40 -------- d-----w- C:\Program Files\CCleaner
2010-03-02 08:13:51 . 2010-03-02 08:13:50 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2010-03-02 08:11:46 . 2009-06-13 18:06:37 -------- d-----w- C:\Program Files\DAEMON Tools Toolbar
2010-02-24 08:16:06 . 2009-10-02 17:50:25 181632 ------w- C:\Windows\system32\MpSigStub.exe
2010-02-20 23:39:35 . 2010-03-12 06:50:29 24064 ----a-w- C:\Windows\system32\nshhttp.dll
2010-02-20 23:37:20 . 2010-03-12 06:50:24 31232 ----a-w- C:\Windows\system32\httpapi.dll
2010-02-20 21:18:40 . 2010-03-12 06:50:24 411136 ----a-w- C:\Windows\system32\drivers\http.sys
2010-02-15 21:37:59 . 2010-01-26 06:46:32 1 ----a-w- C:\Users\NB\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-13 21:55:22 . 2009-05-13 21:55:22 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55:22 . 2009-05-13 21:55:22 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 21:33:10 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 21:33:40 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 21:38:40 1008184]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 10:17:18 61440]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 07:09:41 200704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-08-08 13:14:31 148888]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-01 23:46:00 215552]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [2009-09-04 23:54:42 417792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-09-21 14:36:12 305440]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 09:44:34 31072]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2009-02-06 12:23:12 2021400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2009-06-13 17:59:09 721904]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 05:43:14 25832]
R3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des [2009-04-06 15:35:00 2743325]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 12:23:18 106208]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 12:23:36 727720]
S2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 12:24:26 38240]
S2 TeamViewer5;TeamViewer 5;C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 14:57:44 185640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 02:44:56 210432]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2008-03-19 16:28:52 22072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'

2010-04-27 C:\Windows\Tasks\User_Feed_Synchronization-{754A4407-6A9B-4CEE-979E-018E7DBA2EB0}.job
- C:\Windows\system32\msfeedssync.exe [2009-04-07 08:09:34 . 2008-01-18 21:33:18]

#15 Příspěvek od **Caroprd111** » 28 dub 2010 19:03

Nemáte se za co omlouvat.

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
Log vložte sem.

VIRY.CZ

prosím o kontrolu

prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu