Ahoj všichni, dneska jsem ve správci úloh narazil na proces PERVIOUS.exe , no nevím co to je, ale nikdy to tam nebylo a trochu jsem se toho lekl, tak chci vědět, jestli je vše v pořádku nebo ne.
R S I T log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Cvach at 2011-04-13 16:23:33
Microsoft Windows 7 Professional
System drive C: has 75 GB (58%) free of 130 GB
Total RAM: 4094 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:23:36, on 13.4.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Windows\vsnpstd3.exe
D:\Hry\Steam\Steam.exe
D:\Programy\Daemon Tools\DAEMON Tools Lite\DTLite.exe
D:\Programy\ICQ 7\ICQ7.2\ICQ.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Programy\Alwil Software\Avast5\AvastUI.exe
C:\Users\Cvach\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
D:\Programy\Hamachi\hamachi.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Windows\tsnpstd3.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Cvach.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Java] C:\Users\Cvach\AppData\Roaming\pervious.exe
O4 - HKCU\..\Run: [Steam] "D:\Hry\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "D:\Programy\ICQ 7\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [avast! Antivirus] D:\Programy\Alwil Software\Avast5\AvastUI.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Java] C:\Users\Cvach\AppData\Roaming\pervious.exe
O4 - HKLM\..\Policies\Explorer\Run: [Java] C:\Users\Cvach\AppData\Roaming\pervious.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: GameRanger.lnk = Cvach\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
O4 - Startup: hamachi.lnk = D:\Programy\Hamachi\hamachi.exe
O4 - Startup: Rainmeter.lnk = D:\Programy\Rainmeter\Rainmeter.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ 7\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ 7\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Programy\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Programy\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - D:\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\Programy\XAMPP\FileZillaFTP\FileZillaServer.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: mysql - Unknown owner - D:\Programy\XAMPP\mysql\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @D:\Programy\TumeUp Utilites\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\Programy\TumeUp Utilites\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Programy\TumeUp Utilites\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11961 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"D:\Programy\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
"D:\Programy\Alwil Software\Avast5\AvastSvc.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
C:\Windows\SysWOW64\svchost.exe -k Akamai
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
D:\Programy\XAMPP\mysql\bin\mysqld.exe --defaults-file=D:\Programy\XAMPP\mysql\bin\my.ini mysql
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"D:\Programy\TumeUp Utilites\TuneUpUtilitiesService64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2552
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"D:\Programy\TumeUp Utilites\TuneUpUtilitiesApp64.exe" /TUStart /pid:2468
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Cvach\AppData\Roaming\pervious.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"D:\Programy\COMODO\COMODO Internet Security\cfp.exe" -h
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\Windows\vsnpstd3.exe"
C:\Windows\system32\svchost.exe -k WindowsMobile
"D:\Hry\Steam\Steam.exe" -silent
"D:\Programy\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun
"D:\Programy\ICQ 7\ICQ7.2\ICQ.exe" silent loginmode=4
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"D:\Programy\Alwil Software\Avast5\AvastUI.exe"
"D:\Programy\TortoiseSVN\bin\TSVNCache.exe"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"C:\Users\Cvach\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe" /autostart
"D:\Programy\Hamachi\hamachi.exe"
"D:\Programy\Rainmeter\Rainmeter.exe"
"C:\Program Files (x86)\Xfire\Xfire.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"C:\Windows\tsnpstd3.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
taskmgr.exe /2
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files (x86)\Xfire\Xfire.exe" C:\Program Files (x86)\Xfire\Xfire.exe/uac 4576
"C:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 184
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
taskeng.exe {FB0C23A1-959A-4E1A-ABD1-ABEAAF9FFE6C}
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=6020.cb54e80.1329295648 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 6020 plugin \\.\pipe\gecko-crash-server-pipe.6020
"D:\Programy\RSIT\RSITx64.exe"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-30 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-08 9642528]
"COMODO Internet Security"=D:\Programy\COMODO\COMODO Internet Security\cfp.exe [2011-04-10 8866120]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 120328]
"snpstd3"=C:\Windows\vsnpstd3.exe [2006-09-18 843776]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Java"=C:\Users\Cvach\AppData\Roaming\pervious.exe [2011-04-13 1245184]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Hry\Steam\Steam.exe [2010-11-17 1242448]
"DAEMON Tools Lite"=D:\Programy\Daemon Tools\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ICQ"=D:\Programy\ICQ 7\ICQ7.2\ICQ.exe [2011-01-05 133432]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-01-26 15026056]
"avast! Antivirus"=D:\Programy\Alwil Software\Avast5\AvastUI.exe [2011-02-23 3451496]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-03-17 2988488]
"Java"=C:\Users\Cvach\AppData\Roaming\pervious.exe [2011-04-13 1245184]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-08-04 346320]
"tsnpstd3"=C:\Windows\tsnpstd3.exe [2007-06-15 368640]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Java"=C:\Users\Cvach\AppData\Roaming\pervious.exe [2011-04-13 1245184]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Java"=C:\Users\Cvach\AppData\Roaming\pervious.exe [2011-04-13 1245184]
C:\Users\Cvach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CurseClientStartup.ccip
GameRanger.lnk - C:\Users\Cvach\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
hamachi.lnk - D:\Programy\Hamachi\hamachi.exe
Rainmeter.lnk - D:\Programy\Rainmeter\Rainmeter.exe
Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2011-04-13 16:23:33 ----D---- C:\rsit
2011-04-13 16:15:01 ----A---- C:\Windows\ntbtlog.txt
2011-04-13 16:00:36 ----A---- C:\Users\Cvach\AppData\Roaming\pervious.exe
2011-04-12 19:55:11 ----D---- C:\Users\Cvach\AppData\Roaming\SUPERAntiSpyware.com
2011-04-12 19:55:11 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-04-12 19:55:06 ----D---- C:\ProgramData\!SASCORE
2011-04-12 19:55:05 ----D---- C:\Program Files\SUPERAntiSpyware
2011-04-06 21:36:43 ----D---- C:\ProgramData\boost_interprocess
2011-03-29 21:19:56 ----D---- C:\Users\Cvach\AppData\Roaming\Rainmeter
2011-03-28 19:13:43 ----D---- C:\Users\Cvach\AppData\Roaming\HEXelon
2011-03-19 12:55:13 ----A---- C:\Windows\avp.ini
2011-03-19 01:30:24 ----D---- C:\Users\Cvach\AppData\Roaming\PunkBuster
2011-03-14 20:27:49 ----A---- C:\Windows\system32\drivers\aswSnx.sys
======List of files/folders modified in the last 1 months======
2011-04-13 16:23:34 ----D---- C:\Windows\temp
2011-04-13 16:23:34 ----D---- C:\Program Files\trend micro
2011-04-13 16:20:34 ----D---- C:\Users\Cvach\AppData\Roaming\Skype
2011-04-13 16:17:41 ----D---- C:\Users\Cvach\AppData\Roaming\ICQ
2011-04-13 16:17:32 ----D---- C:\Users\Cvach\AppData\Roaming\Hamachi
2011-04-13 16:16:33 ----D---- C:\ProgramData\NVIDIA
2011-04-13 16:15:01 ----D---- C:\Windows
2011-04-13 16:14:19 ----D---- C:\Windows\system32\config
2011-04-13 16:06:26 ----D---- C:\Users\Cvach\AppData\Roaming\skypePM
2011-04-12 19:55:11 ----D---- C:\ProgramData
2011-04-12 19:55:05 ----RD---- C:\Program Files
2011-04-12 19:50:14 ----D---- C:\Windows\system32\Tasks
2011-04-12 15:28:19 ----SHD---- C:\System Volume Information
2011-04-11 16:09:47 ----D---- C:\Windows\system32\catroot2
2011-04-10 18:29:20 ----D---- C:\ProgramData\Comodo
2011-04-10 17:27:32 ----A---- C:\Windows\SYSWOW64\guard32.dll
2011-04-10 17:27:32 ----A---- C:\Windows\system32\guard64.dll
2011-04-10 17:27:00 ----SHD---- C:\Windows\Installer
2011-04-09 18:54:02 ----D---- C:\Windows\System32
2011-04-09 18:54:02 ----D---- C:\Windows\inf
2011-04-09 18:54:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-09 14:42:47 ----D---- C:\ProgramData\Xfire
2011-04-09 14:42:47 ----D---- C:\Program Files (x86)\Xfire
2011-04-08 23:50:24 ----D---- C:\Users\Cvach\AppData\Roaming\Audacity
2011-04-08 16:21:39 ----D---- C:\Users\Cvach\AppData\Roaming\Xfire
2011-04-03 19:43:16 ----D---- C:\Windows\Minidump
2011-04-01 15:40:04 ----RSD---- C:\Windows\Fonts
2011-03-30 19:11:25 ----RSD---- C:\Windows\assembly
2011-03-30 19:11:25 ----D---- C:\Windows\Microsoft.NET
2011-03-30 16:46:18 ----D---- C:\Program Files (x86)\Windows Live
2011-03-30 16:46:01 ----D---- C:\Windows\SysWOW64
2011-03-28 19:15:11 ----D---- C:\Windows\system32\drivers
2011-03-26 16:43:48 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-03-24 23:58:05 ----D---- C:\Windows\system32\catroot
2011-03-21 15:26:50 ----D---- C:\Windows\Prefetch
2011-03-20 20:02:31 ----D---- C:\Windows\system32\wdi
2011-03-19 01:30:54 ----D---- C:\ProgramData\Ubisoft
2011-03-19 01:30:28 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-03-19 01:30:27 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2011-03-19 01:19:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-01-12 106360]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-12 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-02-23 31064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-02-23 505176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-02-23 280408]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-02-23 53592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-04-10 250008]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-04-10 39888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-04-10 89840]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys [2011-01-26 30312]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-12-31 360712]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-02-23 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 64344]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-11-14 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-11-14 43680]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-01-29 33344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-08 2223392]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\D:\Programy\TumeUp Utilites\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2008-01-25 22024]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2008-01-25 57352]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\Windows\System32\drivers\sfdrv01a.sys [2006-07-05 77688]
S0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\Windows\System32\drivers\sfsync02.sys [2006-07-10 22936]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2009-07-14 60288]
S3 Avc;Zařízení AVC; C:\Windows\system32\DRIVERS\avc.sys [2009-07-14 48768]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2009-07-14 61440]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2007-05-02 10503168]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 40448]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2008-01-25 32776]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2008-01-25 34312]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2008-01-25 15752]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 avast! Antivirus;avast! Antivirus; D:\Programy\Alwil Software\Avast5\AvastSvc.exe [2011-02-23 42184]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 cmdAgent;COMODO Internet Security Helper Service; D:\Programy\COMODO\COMODO Internet Security\cmdagent.exe [2011-04-10 2466032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 mysql;mysql; D:\Programy\XAMPP\mysql\bin\mysqld.exe [2010-12-03 8133120]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-08 990312]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-03-19 75136]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-08 369256]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; D:\Programy\TumeUp Utilites\TuneUpUtilitiesService64.exe [2009-11-17 1353544]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-23 403240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; D:\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FileZilla Server;FileZilla Server FTP server; D:\Programy\XAMPP\FileZillaFTP\FileZillaServer.exe [2010-10-17 742912]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-10-29 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TuneUp.Defrag;@D:\Programy\TumeUp Utilites\TuneUpDefragService.exe,-1; D:\Programy\TumeUp Utilites\TuneUpDefragService.exe [2010-10-24 607048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-08 1255736]
S4 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S4 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-29 935208]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Podezření - proces pervious.exe - LOG
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Podezření - proces pervious.exe - LOG
Zdravim a pekny den preji 
Me se taky moc nelibi
Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
Me se taky moc nelibi
Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
- C:\Users\Cvach\AppData\Roaming\pervious.exe
- Kliknete na Prochazet
- Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
- Kliknete na Send File
- Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
- Vysledek analyzy sem vlozte (jako odkaz)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Podezření - proces pervious.exe - LOG
VT vypada cisty, ovsem me se vubec chlapec nelibi, bych ho radeji i smazal... Stahnete OTL (viz muj podpis) a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
netsvcs drivers32 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s c:\windows\*.* /U %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s /md5start adp3132.sys AGP440.sys ahcix86.sys ahcix86s.sys atapi.sys autochk.exe cdrom.sys cngaudit.dll cryptsvc.dll eNetHook.dll eventlog.dll explorer.exe hal.dll Changer.sys iaStor.sys iastorv.sys IdeChnDr.sys isapnp.sys JakNDis.sys KR10N.sys logevent.dll lsass.exe mv61xx.sys ndis.sys netlogon.dll ntelogon.dll nvata.sys nvatabus.sys nvgts.sys nvraid.sys nvrd32.sys nvstor.sys nvstor32.sys scecli.dll sceclt.dll smss.exe svchost.exe symmpi.sys tcpip.sys userinit.exe vaxscsi.sys viamraid.sys viasraid.sys ViPrt.sys winlogon.exe ws2_32.dll /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 CREATERESTOREPOINT- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Podezření - proces pervious.exe - LOG
OTL.txt
OTL logfile created on: 13.4.2011 20:04:56 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Programy\OTL
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 126,85 Gb Total Space | 72,97 Gb Free Space | 57,52% Space Free | Partition Type: NTFS
Drive D: | 804,56 Gb Total Space | 118,93 Gb Free Space | 14,78% Space Free | Partition Type: NTFS
Computer Name: CVACH-PC | User Name: Cvach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.04.13 20:02:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Programy\OTL\OTL.exe
PRC - [2011.04.13 16:00:55 | 001,245,184 | ---- | M] (negerkind) -- C:\Users\Cvach\AppData\Roaming\pervious.exe
PRC - [2011.04.07 16:20:39 | 001,257,184 | ---- | M] (GameRanger Technologies) -- C:\Users\Cvach\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
PRC - [2011.03.26 16:43:47 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.03.23 14:58:27 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011.03.19 01:30:27 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.02.26 03:19:28 | 003,502,992 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2011.02.23 17:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- D:\Programy\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.02.23 17:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- D:\Programy\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.01.29 23:55:05 | 000,625,952 | ---- | M] (LogMeIn Inc.) -- D:\Programy\Hamachi\hamachi.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- D:\Programy\ICQ 7\ICQ7.2\ICQ.exe
PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- D:\Programy\XAMPP\mysql\bin\mysqld.exe
PRC - [2010.11.17 12:21:59 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Hry\Steam\Steam.exe
PRC - [2010.10.08 01:03:46 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Programy\Daemon Tools\DAEMON Tools Lite\DTLite.exe
PRC - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.08.04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2007.06.15 16:00:08 | 000,368,640 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2006.09.18 15:12:12 | 000,843,776 | ---- | M] () -- C:\Windows\vsnpstd3.exe
========== Modules (SafeList) ==========
MOD - [2011.04.13 20:02:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Programy\OTL\OTL.exe
MOD - [2011.04.10 17:27:32 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2011.02.23 17:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- D:\Programy\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.06.29 19:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009.11.17 10:31:46 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.04.10 17:27:03 | 002,466,032 | ---- | M] (COMODO) [Auto | Running] -- D:\Programy\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011.03.30 22:05:16 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011.03.23 14:58:27 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.19 01:30:27 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.02.23 17:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programy\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- D:\Programy\XAMPP\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010.10.29 10:01:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.24 19:41:38 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- D:\Programy\TumeUp Utilites\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- D:\Programy\XAMPP\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2010.10.08 01:03:46 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.11.17 10:36:48 | 001,353,544 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Programy\TumeUp Utilites\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.11.17 10:31:38 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.02.23 16:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.01.29 23:55:05 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.11.14 23:46:17 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.11.14 23:46:17 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.10.12 14:10:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.07 22:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.02.17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010.02.17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009.12.31 12:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.08.20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.01.25 00:08:34 | 000,057,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2008.01.25 00:08:24 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2008.01.25 00:08:14 | 000,034,312 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2008.01.25 00:08:04 | 000,032,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2008.01.25 00:07:54 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2007.05.02 19:14:48 | 010,503,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV:64bit: - [2007.01.12 20:12:06 | 000,106,360 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV:64bit: - [2006.07.05 14:48:19 | 000,077,688 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Programy\TumeUp Utilites\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2007.05.02 12:09:26 | 010,222,720 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.1
FF - prefs.js..extensions.enabledItems: support@auto-hide-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... 2269050&q="
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.26 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.26 16:43:48 | 000,000,000 | ---D | M]
[2010.10.10 19:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cvach\AppData\Roaming\mozilla\Extensions
[2011.04.12 21:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions
[2011.01.04 16:28:29 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
[2011.01.04 16:28:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.19 16:02:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.04 16:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\fillform@symental.com
[2011.01.04 16:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\staged-xpis
[2011.01.04 16:28:29 | 000,000,000 | ---D | M] (Auto Hide IP) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\support@auto-hide-ip.com
[2011.01.19 20:26:01 | 000,000,873 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\conduit.xml
[2011.04.08 15:41:36 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-1.xml
[2010.12.13 18:58:09 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-2.xml
[2011.01.19 23:52:00 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-3.xml
[2011.03.04 23:21:04 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-4.xml
[2011.03.26 16:43:54 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-5.xml
[2010.08.01 17:24:42 | 000,000,168 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.gif
[2010.08.01 17:24:42 | 000,000,618 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.src
[2010.10.25 14:31:47 | 000,001,056 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.xml
[2010.10.30 11:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.03.02 14:53:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.10.30 11:27:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.10.30 11:27:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.14 23:10:37 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.14 23:10:37 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.14 23:10:37 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.14 23:10:37 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.14 23:10:37 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] D:\Programy\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Java] C:\Users\Cvach\AppData\Roaming\pervious.exe (negerkind)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [avast! Antivirus] D:\Programy\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [DAEMON Tools Lite] D:\Programy\Daemon Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [ICQ] D:\Programy\ICQ 7\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [Java] C:\Users\Cvach\AppData\Roaming\pervious.exe (negerkind)
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [Steam] D:\Hry\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Cvach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Cvach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\Cvach\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
O4 - Startup: C:\Users\Cvach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk = D:\Programy\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Users\Cvach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = D:\Programy\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Users\Cvach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Java = C:\Users\Cvach\AppData\Roaming\pervious.exe (negerkind)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ 7\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ 7\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.255.255.10 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 7 Days ==========
[2011.04.13 16:23:33 | 000,000,000 | ---D | C] -- C:\rsit
[2011.04.13 16:15:40 | 000,000,000 | ---D | C] -- C:\Users\Cvach\AppData\Local\GHISLER
[2011.04.13 16:00:36 | 001,245,184 | ---- | C] (negerkind) -- C:\Users\Cvach\AppData\Roaming\pervious.exe
[2011.04.12 19:55:11 | 000,000,000 | ---D | C] -- C:\Users\Cvach\AppData\Roaming\SUPERAntiSpyware.com
[2011.04.12 19:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.04.12 19:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.04.12 19:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011.04.12 19:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.04.08 20:19:42 | 000,000,000 | ---D | C] -- C:\Users\Cvach\Desktop\Reason postup
[2011.04.06 21:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010.11.21 17:06:00 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2010.11.21 17:06:00 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2010.11.21 17:06:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
========== Files - Modified Within 7 Days ==========
[2011.04.13 20:04:57 | 000,005,124 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\data.dat
[2011.04.13 19:18:25 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.13 19:18:25 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.13 19:11:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.13 19:10:57 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.13 16:00:55 | 001,245,184 | ---- | M] (negerkind) -- C:\Users\Cvach\AppData\Roaming\pervious.exe
[2011.04.11 22:24:28 | 000,005,120 | ---- | M] () -- C:\Users\Cvach\Documents\HESLO 1.sif
[2011.04.11 22:17:31 | 000,679,936 | ---- | M] () -- C:\Users\Cvach\Desktop\Sifrator V 3.0.exe
[2011.04.11 17:49:32 | 000,048,640 | ---- | M] () -- C:\Users\Cvach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.11 17:40:20 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.04.10 17:27:32 | 000,362,784 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2011.04.10 17:27:32 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2011.04.10 17:27:31 | 000,014,184 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011.04.10 15:29:22 | 000,945,014 | ---- | M] () -- C:\Users\Cvach\Desktop\nuke2.PNG
[2011.04.10 15:28:39 | 000,821,805 | ---- | M] () -- C:\Users\Cvach\Desktop\nuke1.PNG
[2011.04.09 23:58:05 | 000,109,702 | ---- | M] () -- C:\Users\Cvach\Desktop\8752.jpg
[2011.04.09 19:40:38 | 000,000,653 | ---- | M] () -- C:\Users\Cvach\Desktop\XAMPP Control Panel.lnk
[2011.04.09 18:54:03 | 000,641,520 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.04.09 18:54:03 | 000,625,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.09 18:54:03 | 000,127,384 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.04.09 18:54:03 | 000,110,754 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.09 18:54:02 | 001,497,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.09 16:50:02 | 002,721,493 | ---- | M] () -- C:\Users\Cvach\Desktop\Energie.png
[2011.04.09 16:15:07 | 000,056,247 | ---- | M] () -- C:\Users\Cvach\Desktop\Kiss 10 cm.png
[2011.04.09 16:13:35 | 000,332,102 | ---- | M] () -- C:\Users\Cvach\Desktop\KISS.jpg
[2011.04.09 15:04:52 | 000,221,988 | ---- | M] () -- C:\Users\Cvach\Desktop\TIRE .png
[2011.04.09 14:56:53 | 000,021,086 | ---- | M] () -- C:\Users\Cvach\Desktop\10149346974cdc5b54da434.png
[2011.04.08 23:36:28 | 000,336,482 | ---- | M] () -- C:\Users\Cvach\Desktop\mapthumb.php.png
[2011.04.08 20:29:40 | 000,970,716 | ---- | M] () -- C:\Users\Cvach\Desktop\Xenty - Reason postup.rar
[2011.04.07 20:00:45 | 000,249,336 | ---- | M] () -- C:\Users\Cvach\Desktop\New Microfon.mp3
[2011.04.07 19:59:49 | 004,378,668 | ---- | M] () -- C:\Users\Cvach\Desktop\New Microfon.wav
[2011.04.07 16:14:10 | 005,499,687 | ---- | M] () -- C:\Users\Cvach\Desktop\Díl 8 - AC blesk DC.mp3
[2011.04.07 16:12:48 | 096,997,016 | ---- | M] () -- C:\Users\Cvach\Desktop\Díl 8 - AC blesk DC.wav
========== Files Created - No Company Name ==========
[2011.04.13 16:09:29 | 000,005,124 | ---- | C] () -- C:\Users\Cvach\AppData\Roaming\data.dat
[2011.04.11 22:24:28 | 000,005,120 | ---- | C] () -- C:\Users\Cvach\Documents\HESLO 1.sif
[2011.04.11 22:16:52 | 000,679,936 | ---- | C] () -- C:\Users\Cvach\Desktop\Sifrator V 3.0.exe
[2011.04.10 15:27:37 | 000,945,014 | ---- | C] () -- C:\Users\Cvach\Desktop\nuke2.PNG
[2011.04.10 15:26:42 | 000,821,805 | ---- | C] () -- C:\Users\Cvach\Desktop\nuke1.PNG
[2011.04.09 23:58:03 | 000,109,702 | ---- | C] () -- C:\Users\Cvach\Desktop\8752.jpg
[2011.04.09 19:40:38 | 000,000,653 | ---- | C] () -- C:\Users\Cvach\Desktop\XAMPP Control Panel.lnk
[2011.04.09 16:49:35 | 002,721,493 | ---- | C] () -- C:\Users\Cvach\Desktop\Energie.png
[2011.04.09 16:15:06 | 000,056,247 | ---- | C] () -- C:\Users\Cvach\Desktop\Kiss 10 cm.png
[2011.04.09 16:13:34 | 000,332,102 | ---- | C] () -- C:\Users\Cvach\Desktop\KISS.jpg
[2011.04.09 15:04:50 | 000,221,988 | ---- | C] () -- C:\Users\Cvach\Desktop\TIRE .png
[2011.04.09 14:56:51 | 000,021,086 | ---- | C] () -- C:\Users\Cvach\Desktop\10149346974cdc5b54da434.png
[2011.04.08 23:36:26 | 000,336,482 | ---- | C] () -- C:\Users\Cvach\Desktop\mapthumb.php.png
[2011.04.08 20:29:40 | 000,970,716 | ---- | C] () -- C:\Users\Cvach\Desktop\Xenty - Reason postup.rar
[2011.04.07 20:00:44 | 000,249,336 | ---- | C] () -- C:\Users\Cvach\Desktop\New Microfon.mp3
[2011.04.07 19:59:48 | 004,378,668 | ---- | C] () -- C:\Users\Cvach\Desktop\New Microfon.wav
[2011.04.07 16:14:27 | 005,499,687 | ---- | C] () -- C:\Users\Cvach\Desktop\Díl 8 - AC blesk DC.mp3
[2011.04.07 16:12:40 | 096,997,016 | ---- | C] () -- C:\Users\Cvach\Desktop\Díl 8 - AC blesk DC.wav
[2011.03.19 12:55:13 | 000,000,030 | ---- | C] () -- C:\Windows\avp.ini
[2011.02.28 20:37:59 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.02.28 20:37:58 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.02.28 20:37:58 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.28 20:37:58 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.02.26 03:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.02.12 11:08:37 | 000,000,078 | ---- | C] () -- C:\Users\Cvach\AppData\Local\SRDownloader.err
[2011.02.12 10:59:21 | 000,001,072 | ---- | C] () -- C:\Users\Cvach\AppData\Local\SRDownloader.nast
[2011.01.24 18:05:26 | 000,000,016 | ---- | C] () -- C:\Windows\guiinfo.dat
[2011.01.17 16:40:33 | 000,000,093 | ---- | C] () -- C:\Users\Cvach\AppData\Local\fusioncache.dat
[2011.01.17 16:39:33 | 001,524,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.24 15:42:35 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.12.24 15:42:34 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010.12.23 13:42:13 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.12.01 22:27:45 | 000,000,654 | ---- | C] () -- C:\Users\Cvach\AppData\Roaming\MPQEditor.ini
[2010.11.25 21:48:13 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll
[2010.11.21 17:06:02 | 000,843,776 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2010.11.21 17:06:02 | 000,368,640 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2010.11.21 17:06:01 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.11.21 16:58:18 | 000,004,990 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.11.18 18:48:39 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.18 18:48:38 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.11.18 18:48:37 | 000,835,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.10.29 22:46:34 | 000,109,083 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.10.25 17:15:21 | 000,000,148 | ---- | C] () -- C:\Users\Cvach\AppData\Roaming\default.rss
[2010.10.24 22:33:46 | 000,048,640 | ---- | C] () -- C:\Users\Cvach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.24 20:12:54 | 000,001,682 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.10.24 20:12:54 | 000,000,088 | RHS- | C] () -- C:\ProgramData\80B4273EF1.sys
[2010.10.24 19:49:58 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\5E1C2FA8E4.sys
[2010.10.24 19:49:51 | 000,001,682 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010.10.15 20:12:28 | 000,000,017 | ---- | C] () -- C:\Users\Cvach\AppData\Local\resmon.resmoncfg
[2010.10.11 22:24:36 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.10.10 19:42:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.08 13:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.08.27 09:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll
[2005.08.30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005.08.30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005.08.30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
========== LOP Check ==========
[2011.01.29 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\.minecraft
[2010.12.30 23:09:20 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\.minecraft server
[2011.01.31 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\0ad
[2011.03.03 22:16:49 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\AnvSoft
[2011.01.14 19:13:52 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Artisteer
[2011.04.08 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Audacity
[2011.01.04 15:52:01 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\AutoHideIP
[2010.11.21 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Carambis
[2010.12.23 13:00:33 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Charles
[2010.10.12 14:32:08 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\DAEMON Tools Lite
[2010.10.24 18:42:17 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\DVDVideoSoft
[2010.11.05 16:41:23 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Firefly Studios
[2011.02.21 17:49:29 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\GameRanger
[2011.03.28 19:13:43 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\HEXelon
[2010.12.13 23:13:54 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\HLSW
[2011.04.13 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\ICQ
[2011.01.04 16:11:39 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Opera
[2010.10.10 20:34:19 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\PhotoFiltre Studio X
[2011.01.14 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Propellerhead Software
[2011.03.19 01:30:24 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\PunkBuster
[2011.03.29 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Rainmeter
[2010.10.27 12:06:27 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\SPORE
[2010.12.13 22:08:38 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Subversion
[2010.10.08 13:38:43 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Telefónica Móviles
[2010.10.24 19:41:34 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\TuneUp Software
[2010.12.29 01:29:50 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Ubisoft
[2010.12.04 15:47:48 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Unity
[2011.03.02 22:21:54 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\VBA-M
[2010.10.10 18:21:56 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Windows Live Writer
[2011.04.13 19:11:10 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Steam" = "D:\Hry\Steam\Steam.exe" -silent -- [2010.11.17 12:21:59 | 001,242,448 | ---- | M] (Valve Corporation)
"DAEMON Tools Lite" = "D:\Programy\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"ICQ" = "D:\Programy\ICQ 7\ICQ7.2\ICQ.exe" silent loginmode=4 -- [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.)
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.01.26 18:05:34 | 015,026,056 | R--- | M] (Skype Technologies S.A.)
"avast! Antivirus" = D:\Programy\Alwil Software\Avast5\AvastUI.exe -- [2011.02.23 17:04:20 | 003,451,496 | ---- | M] (AVAST Software)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -- [2011.03.17 00:24:08 | 002,988,488 | ---- | M] (SUPERAntiSpyware.com)
"Java" = C:\Users\Cvach\AppData\Roaming\pervious.exe -- [2011.04.13 16:00:55 | 001,245,184 | ---- | M] (negerkind)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.01.29 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\.minecraft
[2010.12.30 23:09:20 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\.minecraft server
[2011.01.31 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\0ad
[2011.01.28 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Adobe
[2011.03.03 22:16:49 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\AnvSoft
[2011.01.14 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Apple Computer
[2011.01.14 19:13:52 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Artisteer
[2011.04.08 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Audacity
[2011.01.04 15:52:01 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\AutoHideIP
[2010.11.21 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Carambis
[2010.12.23 13:00:33 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Charles
[2010.10.12 14:32:08 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\DAEMON Tools Lite
[2010.10.24 18:42:17 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\DVDVideoSoft
[2010.11.05 16:41:23 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Firefly Studios
[2011.02.21 17:49:29 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\GameRanger
[2010.11.25 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Google
[2011.04.13 19:25:03 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Hamachi
[2011.03.28 19:13:43 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\HEXelon
[2010.12.13 23:13:54 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\HLSW
[2011.04.13 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\ICQ
[2010.10.10 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Identities
[2010.10.22 22:50:59 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\InstallShield
[2011.03.11 20:48:54 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\InstallShield Installation Information
[2010.10.08 14:49:51 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Macromedia
[2011.02.13 14:37:32 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Malwarebytes
[2011.03.11 20:56:24 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Media Center Programs
[2010.12.29 12:32:44 | 000,000,000 | --SD | M] -- C:\Users\Cvach\AppData\Roaming\Microsoft
[2011.01.17 17:55:41 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Mozilla
[2010.12.09 22:46:40 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Nero
[2010.10.10 21:09:39 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\NVIDIA
[2011.01.04 16:11:39 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Opera
[2010.10.10 20:34:19 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\PhotoFiltre Studio X
[2011.01.14 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Propellerhead Software
[2011.03.19 01:30:24 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\PunkBuster
[2011.03.29 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Rainmeter
[2011.04.13 20:09:40 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Skype
[2011.04.13 19:20:16 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\skypePM
[2010.10.27 12:06:27 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\SPORE
[2010.12.13 22:08:38 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Subversion
[2011.04.12 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\SUPERAntiSpyware.com
[2010.10.08 13:38:43 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Telefónica Móviles
[2010.12.13 22:11:59 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\TortoiseSVN
[2010.10.24 19:41:34 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\TuneUp Software
[2010.12.29 01:29:50 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Ubisoft
[2010.12.04 15:47:48 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Unity
[2011.03.02 22:21:54 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\VBA-M
[2010.10.10 18:21:56 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Windows Live Writer
[2010.10.12 16:31:26 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\WinRAR
[2011.04.08 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Xfire
< %APPDATA%\*.exe /s >
[2011.04.13 16:00:55 | 001,245,184 | ---- | M] (negerkind) -- C:\Users\Cvach\AppData\Roaming\pervious.exe
[2005.07.16 06:46:54 | 000,112,611 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\applydiff.exe
[2010.11.27 01:52:18 | 000,020,480 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\get_csv.exe
[2006.07.02 15:12:14 | 000,495,616 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\jad.exe
[2009.12.14 19:03:32 | 000,191,488 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\jadretro.exe
[2010.11.27 01:52:18 | 000,021,504 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\obfuscathon.exe
[2010.11.27 04:14:54 | 000,246,784 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\obfuscathonCharmer.exe
[2010.11.27 01:52:18 | 000,027,648 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\renamer.exe
[2010.11.06 14:01:24 | 000,006,656 | ---- | M] (Searge) -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\repackage.exe
[2005.02.14 19:03:38 | 000,164,864 | ---- | M] (Info-Zip <www.info-zip.org>) -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\unzip.exe
[2010.11.04 21:21:34 | 000,049,664 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\w9xpopen.exe
[2010.11.20 01:07:52 | 000,019,456 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\whereis.exe
[2011.04.07 16:20:39 | 001,257,184 | ---- | M] (GameRanger Technologies) -- C:\Users\Cvach\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
[2007.01.13 08:25:50 | 000,450,560 | R--- | M] (Macrovision Corporation) -- C:\Users\Cvach\AppData\Roaming\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe
[2007.09.21 23:33:22 | 000,456,416 | R--- | M] (Macrovision Corporation) -- C:\Users\Cvach\AppData\Roaming\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe
[2010.10.14 17:04:19 | 000,331,776 | ---- | M] (Epic Games ) -- C:\Users\Cvach\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
[2010.10.24 22:18:11 | 000,029,926 | R--- | M] () -- C:\Users\Cvach\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2011.03.09 22:08:09 | 000,004,710 | R--- | M] () -- C:\Users\Cvach\AppData\Roaming\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_4708847016EFACC47BFD4B.exe
[2011.03.09 22:08:09 | 000,004,710 | R--- | M] () -- C:\Users\Cvach\AppData\Roaming\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_6FEFF9B68218417F98F549.exe
[2011.03.09 22:08:09 | 000,004,710 | R--- | M] () -- C:\Users\Cvach\AppData\Roaming\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_FF02FD0831F4C529FF6494.exe
[2011.02.24 17:07:45 | 000,835,440 | R--- | M] () -- C:\Users\Cvach\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
[2010.04.21 16:22:56 | 000,041,984 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Ubisoft\Assassin's Creed 2\SKIDROW.exe
[2010.03.02 13:53:59 | 000,607,544 | ---- | M] (Ubisoft) -- C:\Users\Cvach\AppData\Roaming\Ubisoft\Assassin's Creed 2\UbisoftGameLauncher.exe
[2010.02.05 16:36:18 | 001,680,008 | ---- | M] (Ubisoft Entertainment) -- C:\Users\Cvach\AppData\Roaming\Ubisoft\Assassin's Creed 2\UPlayBrowser.exe
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\ERDNT\cache64\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache86\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.10.12 20:05:08 | 000,004,608 | ---- | M] () MD5=4140C56FE13A421BE901DA64EA99DA67 -- C:\Users\Cvach\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@SYSTEM@\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\ERDNT\cache64\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\ERDNT\cache64\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\drivers\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\ERDNT\cache64\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\ERDNT\cache64\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache86\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2010.12.18 07:29:18 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll
[2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2010.12.18 07:29:18 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll
[2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
< End of report >
OTL logfile created on: 13.4.2011 20:04:56 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Programy\OTL
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 126,85 Gb Total Space | 72,97 Gb Free Space | 57,52% Space Free | Partition Type: NTFS
Drive D: | 804,56 Gb Total Space | 118,93 Gb Free Space | 14,78% Space Free | Partition Type: NTFS
Computer Name: CVACH-PC | User Name: Cvach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.04.13 20:02:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Programy\OTL\OTL.exe
PRC - [2011.04.13 16:00:55 | 001,245,184 | ---- | M] (negerkind) -- C:\Users\Cvach\AppData\Roaming\pervious.exe
PRC - [2011.04.07 16:20:39 | 001,257,184 | ---- | M] (GameRanger Technologies) -- C:\Users\Cvach\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
PRC - [2011.03.26 16:43:47 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.03.23 14:58:27 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011.03.19 01:30:27 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.02.26 03:19:28 | 003,502,992 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2011.02.23 17:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- D:\Programy\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.02.23 17:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- D:\Programy\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.01.29 23:55:05 | 000,625,952 | ---- | M] (LogMeIn Inc.) -- D:\Programy\Hamachi\hamachi.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- D:\Programy\ICQ 7\ICQ7.2\ICQ.exe
PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- D:\Programy\XAMPP\mysql\bin\mysqld.exe
PRC - [2010.11.17 12:21:59 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Hry\Steam\Steam.exe
PRC - [2010.10.08 01:03:46 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Programy\Daemon Tools\DAEMON Tools Lite\DTLite.exe
PRC - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.08.04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2007.06.15 16:00:08 | 000,368,640 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2006.09.18 15:12:12 | 000,843,776 | ---- | M] () -- C:\Windows\vsnpstd3.exe
========== Modules (SafeList) ==========
MOD - [2011.04.13 20:02:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Programy\OTL\OTL.exe
MOD - [2011.04.10 17:27:32 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2011.02.23 17:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- D:\Programy\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.06.29 19:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009.11.17 10:31:46 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.04.10 17:27:03 | 002,466,032 | ---- | M] (COMODO) [Auto | Running] -- D:\Programy\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011.03.30 22:05:16 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011.03.23 14:58:27 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.19 01:30:27 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.02.23 17:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programy\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- D:\Programy\XAMPP\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010.10.29 10:01:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.24 19:41:38 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- D:\Programy\TumeUp Utilites\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- D:\Programy\XAMPP\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2010.10.08 01:03:46 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.11.17 10:36:48 | 001,353,544 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Programy\TumeUp Utilites\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.11.17 10:31:38 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.02.23 16:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.01.29 23:55:05 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.11.14 23:46:17 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.11.14 23:46:17 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.10.12 14:10:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.07 22:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.02.17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010.02.17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009.12.31 12:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.08.20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.01.25 00:08:34 | 000,057,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2008.01.25 00:08:24 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2008.01.25 00:08:14 | 000,034,312 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2008.01.25 00:08:04 | 000,032,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2008.01.25 00:07:54 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2007.05.02 19:14:48 | 010,503,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV:64bit: - [2007.01.12 20:12:06 | 000,106,360 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV:64bit: - [2006.07.05 14:48:19 | 000,077,688 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Programy\TumeUp Utilites\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2007.05.02 12:09:26 | 010,222,720 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.1
FF - prefs.js..extensions.enabledItems: support@auto-hide-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... 2269050&q="
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.26 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.26 16:43:48 | 000,000,000 | ---D | M]
[2010.10.10 19:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cvach\AppData\Roaming\mozilla\Extensions
[2011.04.12 21:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions
[2011.01.04 16:28:29 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
[2011.01.04 16:28:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.19 16:02:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.04 16:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\fillform@symental.com
[2011.01.04 16:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\staged-xpis
[2011.01.04 16:28:29 | 000,000,000 | ---D | M] (Auto Hide IP) -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\support@auto-hide-ip.com
[2011.01.19 20:26:01 | 000,000,873 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\conduit.xml
[2011.04.08 15:41:36 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-1.xml
[2010.12.13 18:58:09 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-2.xml
[2011.01.19 23:52:00 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-3.xml
[2011.03.04 23:21:04 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-4.xml
[2011.03.26 16:43:54 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-5.xml
[2010.08.01 17:24:42 | 000,000,168 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.gif
[2010.08.01 17:24:42 | 000,000,618 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.src
[2010.10.25 14:31:47 | 000,001,056 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.xml
[2010.10.30 11:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.03.02 14:53:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.10.30 11:27:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.10.30 11:27:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.14 23:10:37 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.14 23:10:37 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.14 23:10:37 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.14 23:10:37 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.14 23:10:37 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] D:\Programy\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Java] C:\Users\Cvach\AppData\Roaming\pervious.exe (negerkind)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [avast! Antivirus] D:\Programy\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [DAEMON Tools Lite] D:\Programy\Daemon Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [ICQ] D:\Programy\ICQ 7\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [Java] C:\Users\Cvach\AppData\Roaming\pervious.exe (negerkind)
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [Steam] D:\Hry\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Cvach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Cvach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\Cvach\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
O4 - Startup: C:\Users\Cvach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk = D:\Programy\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Users\Cvach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = D:\Programy\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Users\Cvach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Java = C:\Users\Cvach\AppData\Roaming\pervious.exe (negerkind)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ 7\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ 7\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.255.255.10 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 7 Days ==========
[2011.04.13 16:23:33 | 000,000,000 | ---D | C] -- C:\rsit
[2011.04.13 16:15:40 | 000,000,000 | ---D | C] -- C:\Users\Cvach\AppData\Local\GHISLER
[2011.04.13 16:00:36 | 001,245,184 | ---- | C] (negerkind) -- C:\Users\Cvach\AppData\Roaming\pervious.exe
[2011.04.12 19:55:11 | 000,000,000 | ---D | C] -- C:\Users\Cvach\AppData\Roaming\SUPERAntiSpyware.com
[2011.04.12 19:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.04.12 19:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.04.12 19:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011.04.12 19:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.04.08 20:19:42 | 000,000,000 | ---D | C] -- C:\Users\Cvach\Desktop\Reason postup
[2011.04.06 21:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010.11.21 17:06:00 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2010.11.21 17:06:00 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2010.11.21 17:06:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
========== Files - Modified Within 7 Days ==========
[2011.04.13 20:04:57 | 000,005,124 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\data.dat
[2011.04.13 19:18:25 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.13 19:18:25 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.13 19:11:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.13 19:10:57 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.13 16:00:55 | 001,245,184 | ---- | M] (negerkind) -- C:\Users\Cvach\AppData\Roaming\pervious.exe
[2011.04.11 22:24:28 | 000,005,120 | ---- | M] () -- C:\Users\Cvach\Documents\HESLO 1.sif
[2011.04.11 22:17:31 | 000,679,936 | ---- | M] () -- C:\Users\Cvach\Desktop\Sifrator V 3.0.exe
[2011.04.11 17:49:32 | 000,048,640 | ---- | M] () -- C:\Users\Cvach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.11 17:40:20 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.04.10 17:27:32 | 000,362,784 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2011.04.10 17:27:32 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2011.04.10 17:27:31 | 000,014,184 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011.04.10 15:29:22 | 000,945,014 | ---- | M] () -- C:\Users\Cvach\Desktop\nuke2.PNG
[2011.04.10 15:28:39 | 000,821,805 | ---- | M] () -- C:\Users\Cvach\Desktop\nuke1.PNG
[2011.04.09 23:58:05 | 000,109,702 | ---- | M] () -- C:\Users\Cvach\Desktop\8752.jpg
[2011.04.09 19:40:38 | 000,000,653 | ---- | M] () -- C:\Users\Cvach\Desktop\XAMPP Control Panel.lnk
[2011.04.09 18:54:03 | 000,641,520 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.04.09 18:54:03 | 000,625,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.09 18:54:03 | 000,127,384 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.04.09 18:54:03 | 000,110,754 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.09 18:54:02 | 001,497,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.09 16:50:02 | 002,721,493 | ---- | M] () -- C:\Users\Cvach\Desktop\Energie.png
[2011.04.09 16:15:07 | 000,056,247 | ---- | M] () -- C:\Users\Cvach\Desktop\Kiss 10 cm.png
[2011.04.09 16:13:35 | 000,332,102 | ---- | M] () -- C:\Users\Cvach\Desktop\KISS.jpg
[2011.04.09 15:04:52 | 000,221,988 | ---- | M] () -- C:\Users\Cvach\Desktop\TIRE .png
[2011.04.09 14:56:53 | 000,021,086 | ---- | M] () -- C:\Users\Cvach\Desktop\10149346974cdc5b54da434.png
[2011.04.08 23:36:28 | 000,336,482 | ---- | M] () -- C:\Users\Cvach\Desktop\mapthumb.php.png
[2011.04.08 20:29:40 | 000,970,716 | ---- | M] () -- C:\Users\Cvach\Desktop\Xenty - Reason postup.rar
[2011.04.07 20:00:45 | 000,249,336 | ---- | M] () -- C:\Users\Cvach\Desktop\New Microfon.mp3
[2011.04.07 19:59:49 | 004,378,668 | ---- | M] () -- C:\Users\Cvach\Desktop\New Microfon.wav
[2011.04.07 16:14:10 | 005,499,687 | ---- | M] () -- C:\Users\Cvach\Desktop\Díl 8 - AC blesk DC.mp3
[2011.04.07 16:12:48 | 096,997,016 | ---- | M] () -- C:\Users\Cvach\Desktop\Díl 8 - AC blesk DC.wav
========== Files Created - No Company Name ==========
[2011.04.13 16:09:29 | 000,005,124 | ---- | C] () -- C:\Users\Cvach\AppData\Roaming\data.dat
[2011.04.11 22:24:28 | 000,005,120 | ---- | C] () -- C:\Users\Cvach\Documents\HESLO 1.sif
[2011.04.11 22:16:52 | 000,679,936 | ---- | C] () -- C:\Users\Cvach\Desktop\Sifrator V 3.0.exe
[2011.04.10 15:27:37 | 000,945,014 | ---- | C] () -- C:\Users\Cvach\Desktop\nuke2.PNG
[2011.04.10 15:26:42 | 000,821,805 | ---- | C] () -- C:\Users\Cvach\Desktop\nuke1.PNG
[2011.04.09 23:58:03 | 000,109,702 | ---- | C] () -- C:\Users\Cvach\Desktop\8752.jpg
[2011.04.09 19:40:38 | 000,000,653 | ---- | C] () -- C:\Users\Cvach\Desktop\XAMPP Control Panel.lnk
[2011.04.09 16:49:35 | 002,721,493 | ---- | C] () -- C:\Users\Cvach\Desktop\Energie.png
[2011.04.09 16:15:06 | 000,056,247 | ---- | C] () -- C:\Users\Cvach\Desktop\Kiss 10 cm.png
[2011.04.09 16:13:34 | 000,332,102 | ---- | C] () -- C:\Users\Cvach\Desktop\KISS.jpg
[2011.04.09 15:04:50 | 000,221,988 | ---- | C] () -- C:\Users\Cvach\Desktop\TIRE .png
[2011.04.09 14:56:51 | 000,021,086 | ---- | C] () -- C:\Users\Cvach\Desktop\10149346974cdc5b54da434.png
[2011.04.08 23:36:26 | 000,336,482 | ---- | C] () -- C:\Users\Cvach\Desktop\mapthumb.php.png
[2011.04.08 20:29:40 | 000,970,716 | ---- | C] () -- C:\Users\Cvach\Desktop\Xenty - Reason postup.rar
[2011.04.07 20:00:44 | 000,249,336 | ---- | C] () -- C:\Users\Cvach\Desktop\New Microfon.mp3
[2011.04.07 19:59:48 | 004,378,668 | ---- | C] () -- C:\Users\Cvach\Desktop\New Microfon.wav
[2011.04.07 16:14:27 | 005,499,687 | ---- | C] () -- C:\Users\Cvach\Desktop\Díl 8 - AC blesk DC.mp3
[2011.04.07 16:12:40 | 096,997,016 | ---- | C] () -- C:\Users\Cvach\Desktop\Díl 8 - AC blesk DC.wav
[2011.03.19 12:55:13 | 000,000,030 | ---- | C] () -- C:\Windows\avp.ini
[2011.02.28 20:37:59 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.02.28 20:37:58 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.02.28 20:37:58 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.28 20:37:58 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.02.26 03:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.02.12 11:08:37 | 000,000,078 | ---- | C] () -- C:\Users\Cvach\AppData\Local\SRDownloader.err
[2011.02.12 10:59:21 | 000,001,072 | ---- | C] () -- C:\Users\Cvach\AppData\Local\SRDownloader.nast
[2011.01.24 18:05:26 | 000,000,016 | ---- | C] () -- C:\Windows\guiinfo.dat
[2011.01.17 16:40:33 | 000,000,093 | ---- | C] () -- C:\Users\Cvach\AppData\Local\fusioncache.dat
[2011.01.17 16:39:33 | 001,524,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.24 15:42:35 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.12.24 15:42:34 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010.12.23 13:42:13 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.12.01 22:27:45 | 000,000,654 | ---- | C] () -- C:\Users\Cvach\AppData\Roaming\MPQEditor.ini
[2010.11.25 21:48:13 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll
[2010.11.21 17:06:02 | 000,843,776 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2010.11.21 17:06:02 | 000,368,640 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2010.11.21 17:06:01 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.11.21 16:58:18 | 000,004,990 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.11.18 18:48:39 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.18 18:48:38 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.11.18 18:48:37 | 000,835,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.10.29 22:46:34 | 000,109,083 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.10.25 17:15:21 | 000,000,148 | ---- | C] () -- C:\Users\Cvach\AppData\Roaming\default.rss
[2010.10.24 22:33:46 | 000,048,640 | ---- | C] () -- C:\Users\Cvach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.24 20:12:54 | 000,001,682 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.10.24 20:12:54 | 000,000,088 | RHS- | C] () -- C:\ProgramData\80B4273EF1.sys
[2010.10.24 19:49:58 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\5E1C2FA8E4.sys
[2010.10.24 19:49:51 | 000,001,682 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010.10.15 20:12:28 | 000,000,017 | ---- | C] () -- C:\Users\Cvach\AppData\Local\resmon.resmoncfg
[2010.10.11 22:24:36 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.10.10 19:42:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.08 13:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.08.27 09:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll
[2005.08.30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005.08.30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005.08.30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
========== LOP Check ==========
[2011.01.29 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\.minecraft
[2010.12.30 23:09:20 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\.minecraft server
[2011.01.31 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\0ad
[2011.03.03 22:16:49 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\AnvSoft
[2011.01.14 19:13:52 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Artisteer
[2011.04.08 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Audacity
[2011.01.04 15:52:01 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\AutoHideIP
[2010.11.21 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Carambis
[2010.12.23 13:00:33 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Charles
[2010.10.12 14:32:08 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\DAEMON Tools Lite
[2010.10.24 18:42:17 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\DVDVideoSoft
[2010.11.05 16:41:23 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Firefly Studios
[2011.02.21 17:49:29 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\GameRanger
[2011.03.28 19:13:43 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\HEXelon
[2010.12.13 23:13:54 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\HLSW
[2011.04.13 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\ICQ
[2011.01.04 16:11:39 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Opera
[2010.10.10 20:34:19 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\PhotoFiltre Studio X
[2011.01.14 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Propellerhead Software
[2011.03.19 01:30:24 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\PunkBuster
[2011.03.29 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Rainmeter
[2010.10.27 12:06:27 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\SPORE
[2010.12.13 22:08:38 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Subversion
[2010.10.08 13:38:43 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Telefónica Móviles
[2010.10.24 19:41:34 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\TuneUp Software
[2010.12.29 01:29:50 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Ubisoft
[2010.12.04 15:47:48 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Unity
[2011.03.02 22:21:54 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\VBA-M
[2010.10.10 18:21:56 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Windows Live Writer
[2011.04.13 19:11:10 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Steam" = "D:\Hry\Steam\Steam.exe" -silent -- [2010.11.17 12:21:59 | 001,242,448 | ---- | M] (Valve Corporation)
"DAEMON Tools Lite" = "D:\Programy\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"ICQ" = "D:\Programy\ICQ 7\ICQ7.2\ICQ.exe" silent loginmode=4 -- [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.)
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.01.26 18:05:34 | 015,026,056 | R--- | M] (Skype Technologies S.A.)
"avast! Antivirus" = D:\Programy\Alwil Software\Avast5\AvastUI.exe -- [2011.02.23 17:04:20 | 003,451,496 | ---- | M] (AVAST Software)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -- [2011.03.17 00:24:08 | 002,988,488 | ---- | M] (SUPERAntiSpyware.com)
"Java" = C:\Users\Cvach\AppData\Roaming\pervious.exe -- [2011.04.13 16:00:55 | 001,245,184 | ---- | M] (negerkind)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.01.29 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\.minecraft
[2010.12.30 23:09:20 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\.minecraft server
[2011.01.31 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\0ad
[2011.01.28 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Adobe
[2011.03.03 22:16:49 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\AnvSoft
[2011.01.14 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Apple Computer
[2011.01.14 19:13:52 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Artisteer
[2011.04.08 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Audacity
[2011.01.04 15:52:01 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\AutoHideIP
[2010.11.21 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Carambis
[2010.12.23 13:00:33 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Charles
[2010.10.12 14:32:08 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\DAEMON Tools Lite
[2010.10.24 18:42:17 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\DVDVideoSoft
[2010.11.05 16:41:23 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Firefly Studios
[2011.02.21 17:49:29 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\GameRanger
[2010.11.25 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Google
[2011.04.13 19:25:03 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Hamachi
[2011.03.28 19:13:43 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\HEXelon
[2010.12.13 23:13:54 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\HLSW
[2011.04.13 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\ICQ
[2010.10.10 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Identities
[2010.10.22 22:50:59 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\InstallShield
[2011.03.11 20:48:54 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\InstallShield Installation Information
[2010.10.08 14:49:51 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Macromedia
[2011.02.13 14:37:32 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Malwarebytes
[2011.03.11 20:56:24 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Media Center Programs
[2010.12.29 12:32:44 | 000,000,000 | --SD | M] -- C:\Users\Cvach\AppData\Roaming\Microsoft
[2011.01.17 17:55:41 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Mozilla
[2010.12.09 22:46:40 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Nero
[2010.10.10 21:09:39 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\NVIDIA
[2011.01.04 16:11:39 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Opera
[2010.10.10 20:34:19 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\PhotoFiltre Studio X
[2011.01.14 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Propellerhead Software
[2011.03.19 01:30:24 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\PunkBuster
[2011.03.29 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Rainmeter
[2011.04.13 20:09:40 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Skype
[2011.04.13 19:20:16 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\skypePM
[2010.10.27 12:06:27 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\SPORE
[2010.12.13 22:08:38 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Subversion
[2011.04.12 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\SUPERAntiSpyware.com
[2010.10.08 13:38:43 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Telefónica Móviles
[2010.12.13 22:11:59 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\TortoiseSVN
[2010.10.24 19:41:34 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\TuneUp Software
[2010.12.29 01:29:50 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Ubisoft
[2010.12.04 15:47:48 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Unity
[2011.03.02 22:21:54 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\VBA-M
[2010.10.10 18:21:56 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Windows Live Writer
[2010.10.12 16:31:26 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\WinRAR
[2011.04.08 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\Cvach\AppData\Roaming\Xfire
< %APPDATA%\*.exe /s >
[2011.04.13 16:00:55 | 001,245,184 | ---- | M] (negerkind) -- C:\Users\Cvach\AppData\Roaming\pervious.exe
[2005.07.16 06:46:54 | 000,112,611 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\applydiff.exe
[2010.11.27 01:52:18 | 000,020,480 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\get_csv.exe
[2006.07.02 15:12:14 | 000,495,616 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\jad.exe
[2009.12.14 19:03:32 | 000,191,488 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\jadretro.exe
[2010.11.27 01:52:18 | 000,021,504 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\obfuscathon.exe
[2010.11.27 04:14:54 | 000,246,784 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\obfuscathonCharmer.exe
[2010.11.27 01:52:18 | 000,027,648 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\renamer.exe
[2010.11.06 14:01:24 | 000,006,656 | ---- | M] (Searge) -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\repackage.exe
[2005.02.14 19:03:38 | 000,164,864 | ---- | M] (Info-Zip <www.info-zip.org>) -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\unzip.exe
[2010.11.04 21:21:34 | 000,049,664 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\w9xpopen.exe
[2010.11.20 01:07:52 | 000,019,456 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\.minecraft server\tools\whereis.exe
[2011.04.07 16:20:39 | 001,257,184 | ---- | M] (GameRanger Technologies) -- C:\Users\Cvach\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
[2007.01.13 08:25:50 | 000,450,560 | R--- | M] (Macrovision Corporation) -- C:\Users\Cvach\AppData\Roaming\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe
[2007.09.21 23:33:22 | 000,456,416 | R--- | M] (Macrovision Corporation) -- C:\Users\Cvach\AppData\Roaming\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe
[2010.10.14 17:04:19 | 000,331,776 | ---- | M] (Epic Games ) -- C:\Users\Cvach\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
[2010.10.24 22:18:11 | 000,029,926 | R--- | M] () -- C:\Users\Cvach\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2011.03.09 22:08:09 | 000,004,710 | R--- | M] () -- C:\Users\Cvach\AppData\Roaming\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_4708847016EFACC47BFD4B.exe
[2011.03.09 22:08:09 | 000,004,710 | R--- | M] () -- C:\Users\Cvach\AppData\Roaming\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_6FEFF9B68218417F98F549.exe
[2011.03.09 22:08:09 | 000,004,710 | R--- | M] () -- C:\Users\Cvach\AppData\Roaming\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_FF02FD0831F4C529FF6494.exe
[2011.02.24 17:07:45 | 000,835,440 | R--- | M] () -- C:\Users\Cvach\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
[2010.04.21 16:22:56 | 000,041,984 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Ubisoft\Assassin's Creed 2\SKIDROW.exe
[2010.03.02 13:53:59 | 000,607,544 | ---- | M] (Ubisoft) -- C:\Users\Cvach\AppData\Roaming\Ubisoft\Assassin's Creed 2\UbisoftGameLauncher.exe
[2010.02.05 16:36:18 | 001,680,008 | ---- | M] (Ubisoft Entertainment) -- C:\Users\Cvach\AppData\Roaming\Ubisoft\Assassin's Creed 2\UPlayBrowser.exe
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\ERDNT\cache64\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache86\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.10.12 20:05:08 | 000,004,608 | ---- | M] () MD5=4140C56FE13A421BE901DA64EA99DA67 -- C:\Users\Cvach\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@SYSTEM@\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\ERDNT\cache64\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\ERDNT\cache64\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\drivers\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\ERDNT\cache64\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\ERDNT\cache64\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache86\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2010.12.18 07:29:18 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll
[2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2010.12.18 07:29:18 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll
[2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
< End of report >
Re: Podezření - proces pervious.exe - LOG
EXTRAS.txt
OTL Extras logfile created on: 13.4.2011 20:04:56 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Programy\OTL
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 126,85 Gb Total Space | 72,97 Gb Free Space | 57,52% Space Free | Partition Type: NTFS
Drive D: | 804,56 Gb Total Space | 118,93 Gb Free Space | 14,78% Space Free | Partition Type: NTFS
Computer Name: CVACH-PC | User Name: Cvach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-4198012068-3784662148-1576838182-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Prostředí Windows XP Mode
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum zařízení Windows Mobile
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Aktualizace ovladače pro aplikaci Centrum zařízení Windows Mobile
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 260.89
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ECDF0939-A653-44D0-8B8E-597B890F45EC}" = Logitech Gaming Software 5.02
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"UDK-87798f97-44d9-4fc3-af4b-09299979a1d0" = Dungeon Defense
"UDK-8d7427cc-a28a-462a-a716-9f4a71bffdc1" = Unreal Development Kit: 2010-09
"UDK-d07b8379-d537-4f69-b17a-ed2fb85977ce" = AFFPlanetstorm
"UDK-e77441e8-eb9c-4e7c-b1a9-2dd9b718325b" = Hazard - Journey Of Life Demo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0901FCE8-5415-4499-BBC8-1AA106DD66E2}" = Adobe Setup
"{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}" = Duty Calls
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB)
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{14008C0E-F516-4B44-868C-14A12CF95D5D}" = Project Powder
"{1407B87C-36E3-4FC1-9051-D08B21E1096F}" = Windows Live Sync
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{15FA5ED6-2F98-4B5E-AF0B-18E5F4723FAD}_is1" = Cities In Motion
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AE1681F-512E-4244-BC73-13FB4CCA92E7}" = WindSlayer
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2253BD-8907-4A0E-B6D1-EBB9723A70B3}_is1" = CPU Časomíra 2.0
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{5178C1BB-1EB1-4468-894B-7DE964DDCAA2}" = Adobe Photoshop CS3
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5B2135A0-B026-459A-9467-4303FC2F7369}" = Project Powder
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5bee8c05-0049-4bf0-be17-ec33dc896714}" = Nero 9
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784D1110-7A5D-4BE9-8AAA-CC70FA2D1CBA}" = WindSlayer
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81D200BA-8BC6-46D1-974D-FCC87ECCB2F8}" = Icewind Dale II
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{828D0FE5-EB2F-4CED-80AB-27E5108CCD66}_is1" = Legends of Arteix - Classic 1.1.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate 2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D68F6EE-CC88-44E2-AE79-37C074CC1F56}" = S4 League_EU
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.0 - Czech
"{AC7EDC76-DE45-4BC3-BC4F-3273F0836464}_is1" = CityVilleBot
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Prameny
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D60924D0-86C6-441B-BD39-BA3037508976}" = NVIDIA PhysX Unreal Tournament 3 Mods
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = StarCam Genie
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.01.801
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_4977c84bcdc298c444ccfbdcccb660d" = Adobe Photoshop CS3
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 3.2.0
"Artisteer 3" = Artisteer 3
"aTube Catcher" = aTube Catcher
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Automatické vypnutí počítače (AVP)_is1" = Automatické vypnutí počítače 1.0
"avast" = avast! Free Antivirus
"BitLord" = BitLord 1.1
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DLTCEP" = DLTC Editor Pro (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Floorball League Demo_is1" = Floorball League 1.0 Demo
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.15
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.1
"Game Cam" = Game Cam 2.2
"Game Maker 8.0" = Game Maker 8.0
"Hamachi" = Hamachi 1.0.3.0
"HLSW_is1" = HLSW v1.3.3.7b
"Horsez 2 Vzhůru do sedel" = Horsez 2 Vzhůru do sedel
"HyperCam 2" = HyperCam 2
"Charles_XK72" = Charles
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"ICQToolbar" = ICQ Toolbar
"IETME" = IE Tileset Map Editor
"InstallShield_{81D200BA-8BC6-46D1-974D-FCC87ECCB2F8}" = Icewind Dale II
"InstallShield_{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate 2
"JumpCraft_is1" = JumpCraft 3.6.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LOCO" = LOCO EU
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Magic The Gathering - Duels of the Planeswalkers_is1" = Magic The Gathering - Duels of the Planeswalkers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.0.5
"Opera 11.01.1190" = Opera 11.01
"PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"rajče.net_is1" = rajče verze 57 sestavení 192
"Realm Crafter" = Realm Crafter
"Realm Crafter Demo" = Realm Crafter Demo
"Reason5_is1" = Reason 5.0
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Rigs of Rods" = Rigs of Rods
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Stratagus (64 bit)" = Stratagus (64 bit)
"The KMPlayer" = The KMPlayer (remove only)
"TmNationsForever_is1" = TmNationsForever
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.1
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Worms Reloaded_is1" = Worms Reloaded
"xampp" = XAMPP 1.7.4
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4198012068-3784662148-1576838182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[SG-DOTE] - Space Battle" = [SG-DOTE] - Space Battle
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"0 A.D." = 0 A.D.
"090215de958f1060" = Curse Client
"75c0e0ceac8ef0d4" = CZShare Manager
"GameRanger" = GameRanger
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"Platform Game Maker BETA" = Platform Game Maker BETA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL Extras logfile created on: 13.4.2011 20:04:56 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Programy\OTL
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 126,85 Gb Total Space | 72,97 Gb Free Space | 57,52% Space Free | Partition Type: NTFS
Drive D: | 804,56 Gb Total Space | 118,93 Gb Free Space | 14,78% Space Free | Partition Type: NTFS
Computer Name: CVACH-PC | User Name: Cvach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-4198012068-3784662148-1576838182-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Prostředí Windows XP Mode
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum zařízení Windows Mobile
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Aktualizace ovladače pro aplikaci Centrum zařízení Windows Mobile
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 260.89
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ECDF0939-A653-44D0-8B8E-597B890F45EC}" = Logitech Gaming Software 5.02
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"UDK-87798f97-44d9-4fc3-af4b-09299979a1d0" = Dungeon Defense
"UDK-8d7427cc-a28a-462a-a716-9f4a71bffdc1" = Unreal Development Kit: 2010-09
"UDK-d07b8379-d537-4f69-b17a-ed2fb85977ce" = AFFPlanetstorm
"UDK-e77441e8-eb9c-4e7c-b1a9-2dd9b718325b" = Hazard - Journey Of Life Demo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0901FCE8-5415-4499-BBC8-1AA106DD66E2}" = Adobe Setup
"{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}" = Duty Calls
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB)
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{14008C0E-F516-4B44-868C-14A12CF95D5D}" = Project Powder
"{1407B87C-36E3-4FC1-9051-D08B21E1096F}" = Windows Live Sync
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{15FA5ED6-2F98-4B5E-AF0B-18E5F4723FAD}_is1" = Cities In Motion
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AE1681F-512E-4244-BC73-13FB4CCA92E7}" = WindSlayer
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2253BD-8907-4A0E-B6D1-EBB9723A70B3}_is1" = CPU Časomíra 2.0
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{5178C1BB-1EB1-4468-894B-7DE964DDCAA2}" = Adobe Photoshop CS3
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5B2135A0-B026-459A-9467-4303FC2F7369}" = Project Powder
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5bee8c05-0049-4bf0-be17-ec33dc896714}" = Nero 9
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784D1110-7A5D-4BE9-8AAA-CC70FA2D1CBA}" = WindSlayer
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81D200BA-8BC6-46D1-974D-FCC87ECCB2F8}" = Icewind Dale II
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{828D0FE5-EB2F-4CED-80AB-27E5108CCD66}_is1" = Legends of Arteix - Classic 1.1.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate 2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D68F6EE-CC88-44E2-AE79-37C074CC1F56}" = S4 League_EU
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.0 - Czech
"{AC7EDC76-DE45-4BC3-BC4F-3273F0836464}_is1" = CityVilleBot
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Prameny
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D60924D0-86C6-441B-BD39-BA3037508976}" = NVIDIA PhysX Unreal Tournament 3 Mods
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = StarCam Genie
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.01.801
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_4977c84bcdc298c444ccfbdcccb660d" = Adobe Photoshop CS3
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 3.2.0
"Artisteer 3" = Artisteer 3
"aTube Catcher" = aTube Catcher
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Automatické vypnutí počítače (AVP)_is1" = Automatické vypnutí počítače 1.0
"avast" = avast! Free Antivirus
"BitLord" = BitLord 1.1
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DLTCEP" = DLTC Editor Pro (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Floorball League Demo_is1" = Floorball League 1.0 Demo
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.15
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.1
"Game Cam" = Game Cam 2.2
"Game Maker 8.0" = Game Maker 8.0
"Hamachi" = Hamachi 1.0.3.0
"HLSW_is1" = HLSW v1.3.3.7b
"Horsez 2 Vzhůru do sedel" = Horsez 2 Vzhůru do sedel
"HyperCam 2" = HyperCam 2
"Charles_XK72" = Charles
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"ICQToolbar" = ICQ Toolbar
"IETME" = IE Tileset Map Editor
"InstallShield_{81D200BA-8BC6-46D1-974D-FCC87ECCB2F8}" = Icewind Dale II
"InstallShield_{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate 2
"JumpCraft_is1" = JumpCraft 3.6.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LOCO" = LOCO EU
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Magic The Gathering - Duels of the Planeswalkers_is1" = Magic The Gathering - Duels of the Planeswalkers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.0.5
"Opera 11.01.1190" = Opera 11.01
"PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"rajče.net_is1" = rajče verze 57 sestavení 192
"Realm Crafter" = Realm Crafter
"Realm Crafter Demo" = Realm Crafter Demo
"Reason5_is1" = Reason 5.0
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Rigs of Rods" = Rigs of Rods
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Stratagus (64 bit)" = Stratagus (64 bit)
"The KMPlayer" = The KMPlayer (remove only)
"TmNationsForever_is1" = TmNationsForever
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.1
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Worms Reloaded_is1" = Worms Reloaded
"xampp" = XAMPP 1.7.4
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4198012068-3784662148-1576838182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[SG-DOTE] - Space Battle" = [SG-DOTE] - Space Battle
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"0 A.D." = 0 A.D.
"090215de958f1060" = Curse Client
"75c0e0ceac8ef0d4" = CZShare Manager
"GameRanger" = GameRanger
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"Platform Game Maker BETA" = Platform Game Maker BETA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Re: Podezření - proces pervious.exe - LOG
Spustte znovu OTL
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
:otl FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" [2011.01.04 16:28:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.01.19 20:26:01 | 000,000,873 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\conduit.xml [2011.04.08 15:41:36 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-1.xml [2010.12.13 18:58:09 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-2.xml [2011.01.19 23:52:00 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-3.xml [2011.03.04 23:21:04 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-4.xml [2011.03.26 16:43:54 | 000,000,950 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-5.xml [2010.08.01 17:24:42 | 000,000,168 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.gif [2010.08.01 17:24:42 | 000,000,618 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.src [2010.10.25 14:31:47 | 000,001,056 | ---- | M] () -- C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.xml O4 - HKLM..\Run: [Java] C:\Users\Cvach\AppData\Roaming\pervious.exe (negerkind) O4 - HKU\S-1-5-21-4198012068-3784662148-1576838182-1000..\Run: [Java] C:\Users\Cvach\AppData\Roaming\pervious.exe (negerkind) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Java = C:\Users\Cvach\AppData\Roaming\pervious.exe (negerkind) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found [2011.04.13 16:00:36 | 001,245,184 | ---- | C] (negerkind) -- C:\Users\Cvach\AppData\Roaming\pervious.exe [2011.04.13 16:00:55 | 001,245,184 | ---- | M] (negerkind) -- C:\Users\Cvach\AppData\Roaming\pervious.exe :reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] ""=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- "ICQ"=- "Skype"=- "Java"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=- :files %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp /s :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Nasledne kliknete na Opravit
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Podezření - proces pervious.exe - LOG
LOG po restartu:
All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
Folder move failed. C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults scheduled to be moved on reboot.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
Folder move failed. C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale scheduled to be moved on reboot.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
Folder move failed. C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} scheduled to be moved on reboot.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\conduit.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Java deleted successfully.
File move failed. C:\Users\Cvach\AppData\Roaming\pervious.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-4198012068-3784662148-1576838182-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Java deleted successfully.
File move failed. C:\Users\Cvach\AppData\Roaming\pervious.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Java deleted successfully.
File move failed. C:\Users\Cvach\AppData\Roaming\pervious.exe scheduled to be moved on reboot.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File move failed. C:\Users\Cvach\AppData\Roaming\pervious.exe scheduled to be moved on reboot.
File move failed. C:\Users\Cvach\AppData\Roaming\pervious.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Java deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2490.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3E67.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4C0D.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\Installer\MSI120.tmp moved successfully.
C:\Windows\Installer\MSI1443.tmp moved successfully.
C:\Windows\Installer\MSI21AC.tmp moved successfully.
C:\Windows\Installer\MSI2304.tmp moved successfully.
C:\Windows\Installer\MSI24A.tmp moved successfully.
C:\Windows\Installer\MSI335.tmp moved successfully.
C:\Windows\Installer\MSI35.tmp moved successfully.
C:\Windows\Installer\MSI43F.tmp moved successfully.
C:\Windows\Installer\MSI5210.tmp moved successfully.
C:\Windows\Installer\MSI528E.tmp moved successfully.
C:\Windows\Installer\MSI52A.tmp moved successfully.
C:\Windows\Installer\MSI535A.tmp moved successfully.
C:\Windows\Installer\MSI615.tmp moved successfully.
C:\Windows\Installer\MSI64D.tmp moved successfully.
C:\Windows\Installer\MSI7036.tmp moved successfully.
C:\Windows\Installer\MSI74E.tmp moved successfully.
C:\Windows\Installer\MSI858.tmp moved successfully.
C:\Windows\Installer\MSI943.tmp moved successfully.
C:\Windows\Installer\MSIA9B.tmp moved successfully.
C:\Windows\Installer\MSIAED2.tmp moved successfully.
C:\Windows\Installer\MSIB86.tmp moved successfully.
C:\Windows\Installer\MSIC91.tmp moved successfully.
C:\Windows\Installer\MSID7C.tmp moved successfully.
C:\Windows\Installer\MSIE76.tmp moved successfully.
C:\Windows\Installer\MSIF36.tmp moved successfully.
C:\Windows\Installer\MSIF767.tmp moved successfully.
C:\Windows\Installer\MSIF80.tmp moved successfully.
C:\Windows\Installer\MSIF95B.tmp moved successfully.
C:\Windows\Installer\MSIFA36.tmp moved successfully.
C:\Windows\Installer\MSIFB60.tmp moved successfully.
C:\Windows\Installer\MSIFC7A.tmp moved successfully.
C:\Windows\Installer\MSIFD65.tmp moved successfully.
C:\Windows\Installer\MSIFE50.tmp moved successfully.
C:\Windows\Installer\MSIFF2B.tmp moved successfully.
C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltE9D5.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\14152667bddb02b71af8219f47612d9f\BITBE9D.tmp moved successfully.
C:\Windows\temp\Cab162E.tmp moved successfully.
C:\Windows\temp\Cab164D.tmp moved successfully.
C:\Windows\temp\Cab167C.tmp moved successfully.
C:\Windows\temp\Cab16E9.tmp moved successfully.
C:\Windows\temp\Cab21C2.tmp moved successfully.
C:\Windows\temp\Cab227D.tmp moved successfully.
C:\Windows\temp\Cab2403.tmp moved successfully.
C:\Windows\temp\Cab256A.tmp moved successfully.
C:\Windows\temp\Cab2644.tmp moved successfully.
C:\Windows\temp\Cab2AF6.tmp moved successfully.
C:\Windows\temp\Cab2B34.tmp moved successfully.
C:\Windows\temp\Cab2DB4.tmp moved successfully.
C:\Windows\temp\Cab3948.tmp moved successfully.
C:\Windows\temp\Cab3ABE.tmp moved successfully.
C:\Windows\temp\Cab3B89.tmp moved successfully.
C:\Windows\temp\Cab3F8F.tmp moved successfully.
C:\Windows\temp\Cab4385.tmp moved successfully.
C:\Windows\temp\Cab498D.tmp moved successfully.
C:\Windows\temp\Cab4F3A.tmp moved successfully.
C:\Windows\temp\Cab5060.tmp moved successfully.
C:\Windows\temp\Cab511B.tmp moved successfully.
C:\Windows\temp\Cab56CA.tmp moved successfully.
C:\Windows\temp\Cab5793.tmp moved successfully.
C:\Windows\temp\Cab5CBF.tmp moved successfully.
C:\Windows\temp\Cab5EA2.tmp moved successfully.
C:\Windows\temp\Cab609C.tmp moved successfully.
C:\Windows\temp\Cab65E3.tmp moved successfully.
C:\Windows\temp\Cab6F07.tmp moved successfully.
C:\Windows\temp\Cab7119.tmp moved successfully.
C:\Windows\temp\Cab72CE.tmp moved successfully.
C:\Windows\temp\Cab72E4.tmp moved successfully.
C:\Windows\temp\Cab76C4.tmp moved successfully.
C:\Windows\temp\Cab7702.tmp moved successfully.
C:\Windows\temp\Cab78A8.tmp moved successfully.
C:\Windows\temp\Cab7C31.tmp moved successfully.
C:\Windows\temp\Cab7DB7.tmp moved successfully.
C:\Windows\temp\Cab7E81.tmp moved successfully.
C:\Windows\temp\Cab7F7C.tmp moved successfully.
C:\Windows\temp\Cab8036.tmp moved successfully.
C:\Windows\temp\Cab80C4.tmp moved successfully.
C:\Windows\temp\Cab814F.tmp moved successfully.
C:\Windows\temp\Cab821A.tmp moved successfully.
C:\Windows\temp\Cab8545.tmp moved successfully.
C:\Windows\temp\Cab8767.tmp moved successfully.
C:\Windows\temp\Cab8786.tmp moved successfully.
C:\Windows\temp\Cab8AC1.tmp moved successfully.
C:\Windows\temp\Cab8B0F.tmp moved successfully.
C:\Windows\temp\Cab8B8C.tmp moved successfully.
C:\Windows\temp\Cab8D41.tmp moved successfully.
C:\Windows\temp\Cab9471.tmp moved successfully.
C:\Windows\temp\Cab94D4.tmp moved successfully.
C:\Windows\temp\Cab950D.tmp moved successfully.
C:\Windows\temp\Cab999F.tmp moved successfully.
C:\Windows\temp\Cab9A99.tmp moved successfully.
C:\Windows\temp\Cab9FE.tmp moved successfully.
C:\Windows\temp\CabA12E.tmp moved successfully.
C:\Windows\temp\CabA968.tmp moved successfully.
C:\Windows\temp\CabAAEE.tmp moved successfully.
C:\Windows\temp\CabADBB.tmp moved successfully.
C:\Windows\temp\CabB0C7.tmp moved successfully.
C:\Windows\temp\CabB26D.tmp moved successfully.
C:\Windows\temp\CabB402.tmp moved successfully.
C:\Windows\temp\CabB461.tmp moved successfully.
C:\Windows\temp\CabB9CC.tmp moved successfully.
C:\Windows\temp\CabBBFE.tmp moved successfully.
C:\Windows\temp\CabBDB3.tmp moved successfully.
C:\Windows\temp\CabBF19.tmp moved successfully.
C:\Windows\temp\CabC0AF.tmp moved successfully.
C:\Windows\temp\CabC46B.tmp moved successfully.
C:\Windows\temp\CabC4A7.tmp moved successfully.
C:\Windows\temp\CabD171.tmp moved successfully.
C:\Windows\temp\CabD1A0.tmp moved successfully.
C:\Windows\temp\CabD641.tmp moved successfully.
C:\Windows\temp\CabD7C8.tmp moved successfully.
C:\Windows\temp\CabD883.tmp moved successfully.
C:\Windows\temp\CabDB85.tmp moved successfully.
C:\Windows\temp\CabDBAE.tmp moved successfully.
C:\Windows\temp\CabE04.tmp moved successfully.
C:\Windows\temp\CabE2B0.tmp moved successfully.
C:\Windows\temp\CabE455.tmp moved successfully.
C:\Windows\temp\CabE66E.tmp moved successfully.
C:\Windows\temp\CabE8F7.tmp moved successfully.
C:\Windows\temp\CabEA3E.tmp moved successfully.
C:\Windows\temp\CabED4A.tmp moved successfully.
C:\Windows\temp\CabEE63.tmp moved successfully.
C:\Windows\temp\CabF278.tmp moved successfully.
C:\Windows\temp\CabF353.tmp moved successfully.
C:\Windows\temp\CabF391.tmp moved successfully.
C:\Windows\temp\CabF6F1.tmp moved successfully.
C:\Windows\temp\CabF6FB.tmp moved successfully.
C:\Windows\temp\CabFC29.tmp moved successfully.
C:\Windows\temp\CabFE99.tmp moved successfully.
C:\Windows\temp\CabFED8.tmp moved successfully.
C:\Windows\temp\SPL1991.tmp moved successfully.
C:\Windows\temp\SPL19C0.tmp moved successfully.
C:\Windows\temp\SPL1A3E.tmp moved successfully.
C:\Windows\temp\SPL1ACC.tmp moved successfully.
C:\Windows\temp\SPLE831.tmp moved successfully.
C:\Windows\temp\SPLE8AE.tmp moved successfully.
C:\Windows\temp\SPLE8CF.tmp moved successfully.
C:\Windows\temp\SPLE93D.tmp moved successfully.
C:\Windows\temp\Tar162F.tmp moved successfully.
C:\Windows\temp\Tar165E.tmp moved successfully.
C:\Windows\temp\Tar167D.tmp moved successfully.
C:\Windows\temp\Tar1777.tmp moved successfully.
C:\Windows\temp\Tar21C3.tmp moved successfully.
C:\Windows\temp\Tar228E.tmp moved successfully.
C:\Windows\temp\Tar2404.tmp moved successfully.
C:\Windows\temp\Tar256B.tmp moved successfully.
C:\Windows\temp\Tar2645.tmp moved successfully.
C:\Windows\temp\Tar2AF7.tmp moved successfully.
C:\Windows\temp\Tar2B35.tmp moved successfully.
C:\Windows\temp\Tar2DC4.tmp moved successfully.
C:\Windows\temp\Tar3968.tmp moved successfully.
C:\Windows\temp\Tar3ADE.tmp moved successfully.
C:\Windows\temp\Tar3B8A.tmp moved successfully.
C:\Windows\temp\Tar3FBE.tmp moved successfully.
C:\Windows\temp\Tar4395.tmp moved successfully.
C:\Windows\temp\Tar499E.tmp moved successfully.
C:\Windows\temp\Tar4F3B.tmp moved successfully.
C:\Windows\temp\Tar5061.tmp moved successfully.
C:\Windows\temp\Tar5189.tmp moved successfully.
C:\Windows\temp\Tar56CB.tmp moved successfully.
C:\Windows\temp\Tar5794.tmp moved successfully.
C:\Windows\temp\Tar5D2D.tmp moved successfully.
C:\Windows\temp\Tar5EB3.tmp moved successfully.
C:\Windows\temp\Tar609D.tmp moved successfully.
C:\Windows\temp\Tar65E4.tmp moved successfully.
C:\Windows\temp\Tar6F08.tmp moved successfully.
C:\Windows\temp\Tar7214.tmp moved successfully.
C:\Windows\temp\Tar72E5.tmp moved successfully.
C:\Windows\temp\Tar732D.tmp moved successfully.
C:\Windows\temp\Tar76C5.tmp moved successfully.
C:\Windows\temp\Tar7703.tmp moved successfully.
C:\Windows\temp\Tar78B8.tmp moved successfully.
C:\Windows\temp\Tar7C32.tmp moved successfully.
C:\Windows\temp\Tar7DC7.tmp moved successfully.
C:\Windows\temp\Tar7E82.tmp moved successfully.
C:\Windows\temp\Tar7F7D.tmp moved successfully.
C:\Windows\temp\Tar8047.tmp moved successfully.
C:\Windows\temp\Tar80C5.tmp moved successfully.
C:\Windows\temp\Tar821B.tmp moved successfully.
C:\Windows\temp\Tar8298.tmp moved successfully.
C:\Windows\temp\Tar8584.tmp moved successfully.
C:\Windows\temp\Tar8778.tmp moved successfully.
C:\Windows\temp\Tar8787.tmp moved successfully.
C:\Windows\temp\Tar8AD2.tmp moved successfully.
C:\Windows\temp\Tar8B10.tmp moved successfully.
C:\Windows\temp\Tar8B9C.tmp moved successfully.
C:\Windows\temp\Tar8D70.tmp moved successfully.
C:\Windows\temp\Tar9492.tmp moved successfully.
C:\Windows\temp\Tar94D5.tmp moved successfully.
C:\Windows\temp\Tar951E.tmp moved successfully.
C:\Windows\temp\Tar99A0.tmp moved successfully.
C:\Windows\temp\Tar9AAA.tmp moved successfully.
C:\Windows\temp\TarA0F.tmp moved successfully.
C:\Windows\temp\TarA16D.tmp moved successfully.
C:\Windows\temp\TarA978.tmp moved successfully.
C:\Windows\temp\TarAAFE.tmp moved successfully.
C:\Windows\temp\TarAE0A.tmp moved successfully.
C:\Windows\temp\TarB0E8.tmp moved successfully.
C:\Windows\temp\TarB26E.tmp moved successfully.
C:\Windows\temp\TarB432.tmp moved successfully.
C:\Windows\temp\TarB462.tmp moved successfully.
C:\Windows\temp\TarB9CD.tmp moved successfully.
C:\Windows\temp\TarBBFF.tmp moved successfully.
C:\Windows\temp\TarBDD3.tmp moved successfully.
C:\Windows\temp\TarBF2A.tmp moved successfully.
C:\Windows\temp\TarC0C0.tmp moved successfully.
C:\Windows\temp\TarC46C.tmp moved successfully.
C:\Windows\temp\TarC4A8.tmp moved successfully.
C:\Windows\temp\TarD191.tmp moved successfully.
C:\Windows\temp\TarD1B1.tmp moved successfully.
C:\Windows\temp\TarD7B9.tmp moved successfully.
C:\Windows\temp\TarD845.tmp moved successfully.
C:\Windows\temp\TarD893.tmp moved successfully.
C:\Windows\temp\TarDB86.tmp moved successfully.
C:\Windows\temp\TarDBCE.tmp moved successfully.
C:\Windows\temp\TarE05.tmp moved successfully.
C:\Windows\temp\TarE2C1.tmp moved successfully.
C:\Windows\temp\TarE466.tmp moved successfully.
C:\Windows\temp\TarE66F.tmp moved successfully.
C:\Windows\temp\TarE926.tmp moved successfully.
C:\Windows\temp\TarEA5F.tmp moved successfully.
C:\Windows\temp\TarED6B.tmp moved successfully.
C:\Windows\temp\TarEE83.tmp moved successfully.
C:\Windows\temp\TarF298.tmp moved successfully.
C:\Windows\temp\TarF354.tmp moved successfully.
C:\Windows\temp\TarF3D1.tmp moved successfully.
C:\Windows\temp\TarF6F2.tmp moved successfully.
C:\Windows\temp\TarF6FC.tmp moved successfully.
C:\Windows\temp\TarFC49.tmp moved successfully.
C:\Windows\temp\TarFEB9.tmp moved successfully.
C:\Windows\temp\TarFED9.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Cvach
->Temp folder emptied: 444825297 bytes
->Temporary Internet Files folder emptied: 56353534 bytes
->Java cache emptied: 7084598 bytes
->FireFox cache emptied: 91375418 bytes
->Opera cache emptied: 10067685 bytes
->Flash cache emptied: 39562 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4769342 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50574 bytes
RecycleBin emptied: 79177 bytes
Total Files Cleaned = 586,00 mb
[EMPTYFLASH]
User: All Users
User: Cvach
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04132011_213108
Files\Folders moved on Reboot...
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Cvach\AppData\Roaming\pervious.exe moved successfully.
C:\Users\Cvach\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Cvach\AppData\Local\Temp\~DF9E0BE2BDC601BFF4.TMP moved successfully.
C:\Users\Cvach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R03EDK2M\background_banner[1].png moved successfully.
C:\Users\Cvach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JB37NEC\background_button_green_full[3].png moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
Folder move failed. C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults scheduled to be moved on reboot.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
Folder move failed. C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale scheduled to be moved on reboot.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
Folder move failed. C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} scheduled to be moved on reboot.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\conduit.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Cvach\AppData\Roaming\Mozilla\Firefox\Profiles\6hsfd79m.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Java deleted successfully.
File move failed. C:\Users\Cvach\AppData\Roaming\pervious.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-4198012068-3784662148-1576838182-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Java deleted successfully.
File move failed. C:\Users\Cvach\AppData\Roaming\pervious.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Java deleted successfully.
File move failed. C:\Users\Cvach\AppData\Roaming\pervious.exe scheduled to be moved on reboot.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File move failed. C:\Users\Cvach\AppData\Roaming\pervious.exe scheduled to be moved on reboot.
File move failed. C:\Users\Cvach\AppData\Roaming\pervious.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Java deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2490.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3E67.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4C0D.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\Installer\MSI120.tmp moved successfully.
C:\Windows\Installer\MSI1443.tmp moved successfully.
C:\Windows\Installer\MSI21AC.tmp moved successfully.
C:\Windows\Installer\MSI2304.tmp moved successfully.
C:\Windows\Installer\MSI24A.tmp moved successfully.
C:\Windows\Installer\MSI335.tmp moved successfully.
C:\Windows\Installer\MSI35.tmp moved successfully.
C:\Windows\Installer\MSI43F.tmp moved successfully.
C:\Windows\Installer\MSI5210.tmp moved successfully.
C:\Windows\Installer\MSI528E.tmp moved successfully.
C:\Windows\Installer\MSI52A.tmp moved successfully.
C:\Windows\Installer\MSI535A.tmp moved successfully.
C:\Windows\Installer\MSI615.tmp moved successfully.
C:\Windows\Installer\MSI64D.tmp moved successfully.
C:\Windows\Installer\MSI7036.tmp moved successfully.
C:\Windows\Installer\MSI74E.tmp moved successfully.
C:\Windows\Installer\MSI858.tmp moved successfully.
C:\Windows\Installer\MSI943.tmp moved successfully.
C:\Windows\Installer\MSIA9B.tmp moved successfully.
C:\Windows\Installer\MSIAED2.tmp moved successfully.
C:\Windows\Installer\MSIB86.tmp moved successfully.
C:\Windows\Installer\MSIC91.tmp moved successfully.
C:\Windows\Installer\MSID7C.tmp moved successfully.
C:\Windows\Installer\MSIE76.tmp moved successfully.
C:\Windows\Installer\MSIF36.tmp moved successfully.
C:\Windows\Installer\MSIF767.tmp moved successfully.
C:\Windows\Installer\MSIF80.tmp moved successfully.
C:\Windows\Installer\MSIF95B.tmp moved successfully.
C:\Windows\Installer\MSIFA36.tmp moved successfully.
C:\Windows\Installer\MSIFB60.tmp moved successfully.
C:\Windows\Installer\MSIFC7A.tmp moved successfully.
C:\Windows\Installer\MSIFD65.tmp moved successfully.
C:\Windows\Installer\MSIFE50.tmp moved successfully.
C:\Windows\Installer\MSIFF2B.tmp moved successfully.
C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltE9D5.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\14152667bddb02b71af8219f47612d9f\BITBE9D.tmp moved successfully.
C:\Windows\temp\Cab162E.tmp moved successfully.
C:\Windows\temp\Cab164D.tmp moved successfully.
C:\Windows\temp\Cab167C.tmp moved successfully.
C:\Windows\temp\Cab16E9.tmp moved successfully.
C:\Windows\temp\Cab21C2.tmp moved successfully.
C:\Windows\temp\Cab227D.tmp moved successfully.
C:\Windows\temp\Cab2403.tmp moved successfully.
C:\Windows\temp\Cab256A.tmp moved successfully.
C:\Windows\temp\Cab2644.tmp moved successfully.
C:\Windows\temp\Cab2AF6.tmp moved successfully.
C:\Windows\temp\Cab2B34.tmp moved successfully.
C:\Windows\temp\Cab2DB4.tmp moved successfully.
C:\Windows\temp\Cab3948.tmp moved successfully.
C:\Windows\temp\Cab3ABE.tmp moved successfully.
C:\Windows\temp\Cab3B89.tmp moved successfully.
C:\Windows\temp\Cab3F8F.tmp moved successfully.
C:\Windows\temp\Cab4385.tmp moved successfully.
C:\Windows\temp\Cab498D.tmp moved successfully.
C:\Windows\temp\Cab4F3A.tmp moved successfully.
C:\Windows\temp\Cab5060.tmp moved successfully.
C:\Windows\temp\Cab511B.tmp moved successfully.
C:\Windows\temp\Cab56CA.tmp moved successfully.
C:\Windows\temp\Cab5793.tmp moved successfully.
C:\Windows\temp\Cab5CBF.tmp moved successfully.
C:\Windows\temp\Cab5EA2.tmp moved successfully.
C:\Windows\temp\Cab609C.tmp moved successfully.
C:\Windows\temp\Cab65E3.tmp moved successfully.
C:\Windows\temp\Cab6F07.tmp moved successfully.
C:\Windows\temp\Cab7119.tmp moved successfully.
C:\Windows\temp\Cab72CE.tmp moved successfully.
C:\Windows\temp\Cab72E4.tmp moved successfully.
C:\Windows\temp\Cab76C4.tmp moved successfully.
C:\Windows\temp\Cab7702.tmp moved successfully.
C:\Windows\temp\Cab78A8.tmp moved successfully.
C:\Windows\temp\Cab7C31.tmp moved successfully.
C:\Windows\temp\Cab7DB7.tmp moved successfully.
C:\Windows\temp\Cab7E81.tmp moved successfully.
C:\Windows\temp\Cab7F7C.tmp moved successfully.
C:\Windows\temp\Cab8036.tmp moved successfully.
C:\Windows\temp\Cab80C4.tmp moved successfully.
C:\Windows\temp\Cab814F.tmp moved successfully.
C:\Windows\temp\Cab821A.tmp moved successfully.
C:\Windows\temp\Cab8545.tmp moved successfully.
C:\Windows\temp\Cab8767.tmp moved successfully.
C:\Windows\temp\Cab8786.tmp moved successfully.
C:\Windows\temp\Cab8AC1.tmp moved successfully.
C:\Windows\temp\Cab8B0F.tmp moved successfully.
C:\Windows\temp\Cab8B8C.tmp moved successfully.
C:\Windows\temp\Cab8D41.tmp moved successfully.
C:\Windows\temp\Cab9471.tmp moved successfully.
C:\Windows\temp\Cab94D4.tmp moved successfully.
C:\Windows\temp\Cab950D.tmp moved successfully.
C:\Windows\temp\Cab999F.tmp moved successfully.
C:\Windows\temp\Cab9A99.tmp moved successfully.
C:\Windows\temp\Cab9FE.tmp moved successfully.
C:\Windows\temp\CabA12E.tmp moved successfully.
C:\Windows\temp\CabA968.tmp moved successfully.
C:\Windows\temp\CabAAEE.tmp moved successfully.
C:\Windows\temp\CabADBB.tmp moved successfully.
C:\Windows\temp\CabB0C7.tmp moved successfully.
C:\Windows\temp\CabB26D.tmp moved successfully.
C:\Windows\temp\CabB402.tmp moved successfully.
C:\Windows\temp\CabB461.tmp moved successfully.
C:\Windows\temp\CabB9CC.tmp moved successfully.
C:\Windows\temp\CabBBFE.tmp moved successfully.
C:\Windows\temp\CabBDB3.tmp moved successfully.
C:\Windows\temp\CabBF19.tmp moved successfully.
C:\Windows\temp\CabC0AF.tmp moved successfully.
C:\Windows\temp\CabC46B.tmp moved successfully.
C:\Windows\temp\CabC4A7.tmp moved successfully.
C:\Windows\temp\CabD171.tmp moved successfully.
C:\Windows\temp\CabD1A0.tmp moved successfully.
C:\Windows\temp\CabD641.tmp moved successfully.
C:\Windows\temp\CabD7C8.tmp moved successfully.
C:\Windows\temp\CabD883.tmp moved successfully.
C:\Windows\temp\CabDB85.tmp moved successfully.
C:\Windows\temp\CabDBAE.tmp moved successfully.
C:\Windows\temp\CabE04.tmp moved successfully.
C:\Windows\temp\CabE2B0.tmp moved successfully.
C:\Windows\temp\CabE455.tmp moved successfully.
C:\Windows\temp\CabE66E.tmp moved successfully.
C:\Windows\temp\CabE8F7.tmp moved successfully.
C:\Windows\temp\CabEA3E.tmp moved successfully.
C:\Windows\temp\CabED4A.tmp moved successfully.
C:\Windows\temp\CabEE63.tmp moved successfully.
C:\Windows\temp\CabF278.tmp moved successfully.
C:\Windows\temp\CabF353.tmp moved successfully.
C:\Windows\temp\CabF391.tmp moved successfully.
C:\Windows\temp\CabF6F1.tmp moved successfully.
C:\Windows\temp\CabF6FB.tmp moved successfully.
C:\Windows\temp\CabFC29.tmp moved successfully.
C:\Windows\temp\CabFE99.tmp moved successfully.
C:\Windows\temp\CabFED8.tmp moved successfully.
C:\Windows\temp\SPL1991.tmp moved successfully.
C:\Windows\temp\SPL19C0.tmp moved successfully.
C:\Windows\temp\SPL1A3E.tmp moved successfully.
C:\Windows\temp\SPL1ACC.tmp moved successfully.
C:\Windows\temp\SPLE831.tmp moved successfully.
C:\Windows\temp\SPLE8AE.tmp moved successfully.
C:\Windows\temp\SPLE8CF.tmp moved successfully.
C:\Windows\temp\SPLE93D.tmp moved successfully.
C:\Windows\temp\Tar162F.tmp moved successfully.
C:\Windows\temp\Tar165E.tmp moved successfully.
C:\Windows\temp\Tar167D.tmp moved successfully.
C:\Windows\temp\Tar1777.tmp moved successfully.
C:\Windows\temp\Tar21C3.tmp moved successfully.
C:\Windows\temp\Tar228E.tmp moved successfully.
C:\Windows\temp\Tar2404.tmp moved successfully.
C:\Windows\temp\Tar256B.tmp moved successfully.
C:\Windows\temp\Tar2645.tmp moved successfully.
C:\Windows\temp\Tar2AF7.tmp moved successfully.
C:\Windows\temp\Tar2B35.tmp moved successfully.
C:\Windows\temp\Tar2DC4.tmp moved successfully.
C:\Windows\temp\Tar3968.tmp moved successfully.
C:\Windows\temp\Tar3ADE.tmp moved successfully.
C:\Windows\temp\Tar3B8A.tmp moved successfully.
C:\Windows\temp\Tar3FBE.tmp moved successfully.
C:\Windows\temp\Tar4395.tmp moved successfully.
C:\Windows\temp\Tar499E.tmp moved successfully.
C:\Windows\temp\Tar4F3B.tmp moved successfully.
C:\Windows\temp\Tar5061.tmp moved successfully.
C:\Windows\temp\Tar5189.tmp moved successfully.
C:\Windows\temp\Tar56CB.tmp moved successfully.
C:\Windows\temp\Tar5794.tmp moved successfully.
C:\Windows\temp\Tar5D2D.tmp moved successfully.
C:\Windows\temp\Tar5EB3.tmp moved successfully.
C:\Windows\temp\Tar609D.tmp moved successfully.
C:\Windows\temp\Tar65E4.tmp moved successfully.
C:\Windows\temp\Tar6F08.tmp moved successfully.
C:\Windows\temp\Tar7214.tmp moved successfully.
C:\Windows\temp\Tar72E5.tmp moved successfully.
C:\Windows\temp\Tar732D.tmp moved successfully.
C:\Windows\temp\Tar76C5.tmp moved successfully.
C:\Windows\temp\Tar7703.tmp moved successfully.
C:\Windows\temp\Tar78B8.tmp moved successfully.
C:\Windows\temp\Tar7C32.tmp moved successfully.
C:\Windows\temp\Tar7DC7.tmp moved successfully.
C:\Windows\temp\Tar7E82.tmp moved successfully.
C:\Windows\temp\Tar7F7D.tmp moved successfully.
C:\Windows\temp\Tar8047.tmp moved successfully.
C:\Windows\temp\Tar80C5.tmp moved successfully.
C:\Windows\temp\Tar821B.tmp moved successfully.
C:\Windows\temp\Tar8298.tmp moved successfully.
C:\Windows\temp\Tar8584.tmp moved successfully.
C:\Windows\temp\Tar8778.tmp moved successfully.
C:\Windows\temp\Tar8787.tmp moved successfully.
C:\Windows\temp\Tar8AD2.tmp moved successfully.
C:\Windows\temp\Tar8B10.tmp moved successfully.
C:\Windows\temp\Tar8B9C.tmp moved successfully.
C:\Windows\temp\Tar8D70.tmp moved successfully.
C:\Windows\temp\Tar9492.tmp moved successfully.
C:\Windows\temp\Tar94D5.tmp moved successfully.
C:\Windows\temp\Tar951E.tmp moved successfully.
C:\Windows\temp\Tar99A0.tmp moved successfully.
C:\Windows\temp\Tar9AAA.tmp moved successfully.
C:\Windows\temp\TarA0F.tmp moved successfully.
C:\Windows\temp\TarA16D.tmp moved successfully.
C:\Windows\temp\TarA978.tmp moved successfully.
C:\Windows\temp\TarAAFE.tmp moved successfully.
C:\Windows\temp\TarAE0A.tmp moved successfully.
C:\Windows\temp\TarB0E8.tmp moved successfully.
C:\Windows\temp\TarB26E.tmp moved successfully.
C:\Windows\temp\TarB432.tmp moved successfully.
C:\Windows\temp\TarB462.tmp moved successfully.
C:\Windows\temp\TarB9CD.tmp moved successfully.
C:\Windows\temp\TarBBFF.tmp moved successfully.
C:\Windows\temp\TarBDD3.tmp moved successfully.
C:\Windows\temp\TarBF2A.tmp moved successfully.
C:\Windows\temp\TarC0C0.tmp moved successfully.
C:\Windows\temp\TarC46C.tmp moved successfully.
C:\Windows\temp\TarC4A8.tmp moved successfully.
C:\Windows\temp\TarD191.tmp moved successfully.
C:\Windows\temp\TarD1B1.tmp moved successfully.
C:\Windows\temp\TarD7B9.tmp moved successfully.
C:\Windows\temp\TarD845.tmp moved successfully.
C:\Windows\temp\TarD893.tmp moved successfully.
C:\Windows\temp\TarDB86.tmp moved successfully.
C:\Windows\temp\TarDBCE.tmp moved successfully.
C:\Windows\temp\TarE05.tmp moved successfully.
C:\Windows\temp\TarE2C1.tmp moved successfully.
C:\Windows\temp\TarE466.tmp moved successfully.
C:\Windows\temp\TarE66F.tmp moved successfully.
C:\Windows\temp\TarE926.tmp moved successfully.
C:\Windows\temp\TarEA5F.tmp moved successfully.
C:\Windows\temp\TarED6B.tmp moved successfully.
C:\Windows\temp\TarEE83.tmp moved successfully.
C:\Windows\temp\TarF298.tmp moved successfully.
C:\Windows\temp\TarF354.tmp moved successfully.
C:\Windows\temp\TarF3D1.tmp moved successfully.
C:\Windows\temp\TarF6F2.tmp moved successfully.
C:\Windows\temp\TarF6FC.tmp moved successfully.
C:\Windows\temp\TarFC49.tmp moved successfully.
C:\Windows\temp\TarFEB9.tmp moved successfully.
C:\Windows\temp\TarFED9.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Cvach
->Temp folder emptied: 444825297 bytes
->Temporary Internet Files folder emptied: 56353534 bytes
->Java cache emptied: 7084598 bytes
->FireFox cache emptied: 91375418 bytes
->Opera cache emptied: 10067685 bytes
->Flash cache emptied: 39562 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4769342 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50574 bytes
RecycleBin emptied: 79177 bytes
Total Files Cleaned = 586,00 mb
[EMPTYFLASH]
User: All Users
User: Cvach
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04132011_213108
Files\Folders moved on Reboot...
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Cvach\AppData\Roaming\mozilla\Firefox\Profiles\6hsfd79m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Cvach\AppData\Roaming\pervious.exe moved successfully.
C:\Users\Cvach\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Cvach\AppData\Local\Temp\~DF9E0BE2BDC601BFF4.TMP moved successfully.
C:\Users\Cvach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R03EDK2M\background_banner[1].png moved successfully.
C:\Users\Cvach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JB37NEC\background_button_green_full[3].png moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Re: Podezření - proces pervious.exe - LOG
Jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Podezření - proces pervious.exe - LOG
No, ten proces uz se nespousti, takze mi prijde, ze to je dobry... Alespon zatim. Diky moc!
Re: Podezření - proces pervious.exe - LOG
Spoustet se nemuze, pac byl smazan 
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner (viz muj podpis)Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Podezření - proces pervious.exe - LOG
Takze hotovo, diky moc a ode me to je asi uz taky vse 
.
.Re: Podezření - proces pervious.exe - LOG
Nemate zac, rad jsem pomohl Zase nekdy 
Zase nekdy "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?