Adobe Reader

Zpráva

-Galil- · #16 Příspěvek od **-Galil-** » 27 led 2012 16:40

Omlouvám se že tak po dlouhé době ale přece jen

ComboFix 12-01-21.02 - jakub 27.01.2012 16:06:54.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3000.1798 [GMT 1:00]
Spuštěný z: c:\users\jakub\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\jakub\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\InnoGames_International\prxtbInn0.dll"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-1.xml"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-2.xml"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-3.xml"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-4.xml"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-5.xml"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-6.xml"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-7.xml"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-8.xml"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-9.xml"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin.gif"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin.src"
"c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin.xml"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\1006102202\config.xml
c:\program files\ICQ6Toolbar\1006102202\Icons.bmp
c:\program files\ICQ6Toolbar\1006102202\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\1006102202\ICQToolBar.dll
c:\program files\ICQ6Toolbar\1006102202\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\1006102202\logo_small.gif
c:\program files\ICQ6Toolbar\1006102202\short.wav
c:\program files\ICQ6Toolbar\1006102202\Version.txt
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\InnoGames_International\prxtbInn0.dll
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-1.xml
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-2.xml
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-3.xml
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-4.xml
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-5.xml
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-6.xml
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-7.xml
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-8.xml
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin-9.xml
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin.gif
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin.src
c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\icqplugin.xml
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gusvc
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-27 do 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-27 15:14 . 2012-01-27 15:22 -------- d-----w- c:\users\jakub\AppData\Local\temp
2012-01-27 15:14 . 2012-01-27 15:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-27 15:14 . 2012-01-27 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 14:57 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{097A72C3-8EAB-412B-B092-ABA780B544BF}\mpengine.dll
2012-01-22 16:06 . 2012-01-22 16:29 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-01-22 09:11 . 2012-01-22 09:20 -------- d-----w- c:\program files\trend micro
2012-01-22 09:11 . 2012-01-22 09:20 -------- d-----w- C:\rsit
2012-01-15 16:12 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 16:12 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 16:12 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-15 16:12 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 16:12 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 16:12 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-14 11:26 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-14 11:26 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-14 11:26 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-14 11:26 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-14 11:26 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-14 11:26 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-14 11:26 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-14 11:26 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-01 12:22 . 2012-01-01 12:22 -------- d-----w- c:\programdata\Nikon
2012-01-01 11:39 . 2012-01-01 12:44 -------- d-----w- c:\users\jakub\AppData\Local\Nikon
2012-01-01 11:24 . 2012-01-01 11:24 -------- d-----w- c:\users\jakub\AppData\Local\ArcSoft
2012-01-01 11:24 . 2012-01-01 11:55 -------- d--h--w- c:\programdata\ArcSoft
2012-01-01 11:24 . 2012-01-01 12:48 -------- d-----w- c:\program files\Common Files\ArcSoft
2012-01-01 11:23 . 2012-01-01 11:26 -------- d-----w- c:\users\jakub\AppData\Roaming\ArcSoft
2012-01-01 11:23 . 2001-09-05 03:18 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-01-01 11:23 . 2001-09-05 03:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-01-01 11:23 . 2001-09-05 03:14 176128 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-01-01 11:23 . 2001-09-05 03:13 32768 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-01-01 11:21 . 2012-01-01 11:21 57344 ----a-r- c:\users\jakub\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-01-01 11:19 . 2012-01-01 11:19 -------- d-----w- c:\programdata\Ultima_T15
2012-01-01 11:19 . 2012-01-01 11:19 -------- d-----w- c:\programdata\EnterNHelp
2012-01-01 11:19 . 2012-01-01 11:22 -------- d-----w- c:\users\jakub\AppData\Local\Downloaded Installations
2012-01-01 11:18 . 2012-01-01 12:45 -------- d-----w- c:\program files\Nikon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 18:05 . 2011-06-07 15:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-01 11:19 . 2009-09-20 19:39 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-12-28 13:54 . 2011-12-24 19:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-28 13:54 . 2011-12-24 19:00 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-25 21:53 . 2011-12-24 19:00 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-12-24 19:01 . 2011-12-24 19:01 22328 ----a-w- c:\users\jakub\AppData\Roaming\PnkBstrK.sys
2011-12-14 14:33 . 2011-12-14 14:33 515856 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-11 19:31 . 2009-05-20 14:04 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-12-07 09:08 . 2009-10-03 07:02 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-28 18:01 . 2011-04-23 06:43 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-04-23 06:43 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-04-23 06:43 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-04-23 06:43 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-04-23 06:43 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-04-23 06:43 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-04-23 06:43 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-04-23 06:43 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-23 13:37 . 2011-12-14 14:31 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 16:23 . 2012-01-15 16:12 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-08 14:42 . 2011-12-14 14:31 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-29 08:57 . 2011-12-26 07:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-05-14 23:13 157168 ----a-w- c:\programdata\Partner\partner.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-05 1033512]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 145944]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-09-01 858632]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"4StoryPrePatch"="d:\program files\Gameforge4D\4Story\PrePatch.exe" [2011-12-02 327680]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-27 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath - c:\users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\

.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-27 16:19
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\TEMP\3020.tmp 85095695 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5868)
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\ieframe.dll
c:\program files\CursorXP\CurXP0.dll
c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax
c:\windows\system32\VSFilter.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\users\jakub\AppData\Local\Temp\RtkBtMnt.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2012-01-27 16:28:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-27 15:28
ComboFix2.txt 2012-01-22 18:28
.
Před spuštěním: Volných bajtů: 50 205 261 824
Po spuštění: Volných bajtů: 49 376 071 680
.
- - End Of File - - 2BC9BECA13D8960D044A7BD136A0A0EC

#17 Příspěvek od **vyosek** » 27 led 2012 16:44

Zdravim

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:files
c:\windows\TEMP\3020.tmp
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

-Galil- · #18 Příspěvek od **-Galil-** » 27 led 2012 17:15

All processes killed
========== FILES ==========
File/Folder c:\windows\TEMP\3020.tmp not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes

User: jakub
->Temp folder emptied: 206336 bytes
->Temporary Internet Files folder emptied: 1534228474 bytes
->Java cache emptied: 47115534 bytes
->FireFox cache emptied: 702264056 bytes
->Google Chrome cache emptied: 6209501 bytes
->Flash cache emptied: 156884 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1440 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8611640 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 192,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: jakub
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 01272012_165912

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#19 Příspěvek od **vyosek** » 27 led 2012 17:23

Co PC, jak se chova

-Galil- · #20 Příspěvek od **-Galil-** » 27 led 2012 17:30

V pohodě ...
Chtěl jsem se ještě zeptat než ukončíme téma zobrazilo se mi to co minule a když to dám teď znova jak předtím nestane se mi to stejné ?
Viz Obrázek:

-Galil- · #21 Příspěvek od **-Galil-** » 27 led 2012 18:42

Raději čekám na vaši odpověď než abych tohle vše musel podstupovat znova !!!

#22 Příspěvek od **vyosek** » 27 led 2012 19:21

Ja bych se toho nebal, a kdyztak to odvirujem

-Galil- · #23 Příspěvek od **-Galil-** » 27 led 2012 19:43

Tak a muzem začít od znova !!!

-Galil- · #24 Příspěvek od **-Galil-** » 27 led 2012 19:45

To mám z toho že vás poslouchám co ???
Opět tabulka se zobrazila a nejde ani potvrdit ani zruši.
Tak začnem ne !!!
Chci konečně sklidit a pro příště to nebudu mačkat !!!!

#25 Příspěvek od **vyosek** » 27 led 2012 19:46

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

-Galil- · #26 Příspěvek od **-Galil-** » 27 led 2012 21:03

OTL logfile created on: 27.1.2012 20:30:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jakub\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,93 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 62,56% Memory free
6,06 Gb Paging File | 5,00 Gb Available in Paging File | 82,49% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,54 Gb Total Space | 51,72 Gb Free Space | 36,03% Space Free | Partition Type: NTFS
Drive D: | 143,54 Gb Total Space | 122,68 Gb Free Space | 85,46% Space Free | Partition Type: NTFS

Computer Name: JAKUB-PC | User Name: jakub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.01.27 19:54:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jakub\Desktop\OTL.exe
PRC - [2012.01.27 17:11:08 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\jakub\AppData\Local\temp\RtkBtMnt.exe
PRC - [2012.01.20 19:05:12 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2012.01.15 17:44:22 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.09.01 02:17:00 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008.06.11 09:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.04.28 08:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.02.12 12:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.10.23 09:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005.01.19 16:34:16 | 000,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe

========== Modules (No Company Name) ==========

MOD - [2012.01.04 17:33:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011.12.27 08:10:36 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011.12.27 08:03:17 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.12.27 08:03:07 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.12.27 07:52:39 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.12.27 07:52:32 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.06.02 09:00:00 | 003,827,200 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2010.02.12 12:44:24 | 001,274,160 | ---- | M] () -- C:\Program Files\CentrumczToolbar\IEToolbar.dll
MOD - [2010.01.22 18:04:08 | 000,106,496 | ---- | M] () -- D:\NetSoftware\IEHelper.dll
MOD - [2009.03.12 14:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2009.01.21 10:48:06 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2009.01.21 10:48:06 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009.01.21 10:48:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.11.21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008.06.11 09:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.04.28 09:47:40 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008.03.30 15:22:42 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll
MOD - [2008.02.12 12:12:50 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.10.23 09:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) Ovladač protokolu RMCAST (Pgm)
DRV - [2009.02.03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008.07.28 08:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.22 08:46:22 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.06.05 03:01:14 | 000,146,688 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008.04.08 02:22:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.04.03 12:06:24 | 000,449,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WlanUZG.sys -- (ZY202_VS)
DRV - [2007.02.08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.07.10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.03.08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - No CLSID value found

IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\..\URLSearchHook: {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngineName: "Centrum.cz - Hledání v internetu"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.1
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\Cetrumcz@igeared: C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared [2010.03.19 14:23:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\3.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.04 08:49:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.29 09:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.20 17:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010.03.19 14:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jakub\AppData\Roaming\Mozilla\Extensions
[2012.01.06 06:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions
[2010.08.27 17:48:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.06 06:39:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.26 08:42:24 | 000,000,000 | ---D | M] (Centrum.cz nastavenĂ) -- C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.12.26 08:42:24 | 000,000,000 | ---D | M] (Centrum domĂ©novĂ˝ pomocnĂk) -- C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz
[2010.10.02 18:52:43 | 000,010,025 | ---- | M] () -- C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\mywebsearch.xml
[2011.12.26 08:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.26 08:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011.12.26 08:42:14 | 000,000,000 | ---D | M] (Centrum.cz nastavenĂ) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.12.26 08:42:14 | 000,000,000 | ---D | M] (Centrum domĂ©novĂ˝ pomocnĂk) -- C:\Program Files\Mozilla Firefox\distribution\extensions\centrumpomocnik@centrum.cz
[2011.12.04 08:49:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.12.29 09:57:14 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.02.12 00:11:32 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Cetrumcz_igeared.xml
[2011.12.17 03:57:21 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: avast! WebRep = C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Poppit = C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012.01.27 16:59:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CentrumczToolbar BHO) - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\NetSoftware\IEHelper.dll ()
O2 - BHO: (Ukazatel S-Rank) - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\..\Toolbar\WebBrowser: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [4StoryPrePatch] D:\Program Files\Gameforge4D\4Story\PrePatch.exe (Zemi Interactive Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-331922893-1769724177-3423028767-1003..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKU\S-1-5-21-331922893-1769724177-3423028767-1003..\Run: [Seznam Postak] C:\Program Files\Seznam.cz\bin\postak.exe ()
O4 - Startup: C:\Users\jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Users\jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} http://pl.recruit.netmonitor.cz/WebInstaller.dll (GWebInstallControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A907C2B-468B-4A93-B26D-5455B4C82CAA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1356E79-D5E9-4BFD-924D-9A2A268FFDAC}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\centrumcztoolbar {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.MJPG - C:\Windows\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.01.27 19:54:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jakub\Desktop\OTL.exe
[2012.01.27 16:59:12 | 000,000,000 | ---D | C] -- C:\_OTM
[2012.01.27 16:57:12 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\jakub\Desktop\OTM.exe
[2012.01.27 16:28:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.01.27 16:20:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.27 16:14:20 | 000,000,000 | ---D | C] -- C:\Users\jakub\AppData\Local\temp
[2012.01.22 19:12:52 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\jakub\Desktop\ComboFix.exe
[2012.01.22 18:20:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.01.22 18:20:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.01.22 18:20:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.01.22 18:20:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.01.22 18:20:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.22 17:51:04 | 000,000,000 | ---D | C] -- C:\Users\jakub\Desktop\2012-01-07 GÍROVÁ
[2012.01.22 10:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.01.22 10:11:46 | 000,000,000 | ---D | C] -- C:\rsit
[2009.01.21 17:50:40 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 7 Days ==========

[2012.01.27 20:33:28 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.01.27 20:33:19 | 000,669,042 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.01.27 20:33:19 | 000,658,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.27 20:33:19 | 000,150,116 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.01.27 20:33:19 | 000,129,824 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.27 20:26:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.01.27 20:26:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 20:26:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 20:26:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.27 20:26:00 | 3146,637,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.27 20:25:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.27 19:54:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jakub\Desktop\OTL.exe
[2012.01.27 17:28:50 | 000,345,976 | ---- | M] () -- C:\Users\jakub\Desktop\jpg....jpg
[2012.01.27 16:59:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.01.27 16:57:15 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\jakub\Desktop\OTM.exe
[2012.01.27 16:25:03 | 000,000,240 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.01.23 19:00:01 | 000,133,632 | ---- | M] () -- C:\Users\jakub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.22 20:28:10 | 100,126,530 | ---- | M] () -- C:\Users\jakub\Desktop\Hodina Zeme 2012 (Ofici_lne video - SK titulky).avi
[2012.01.22 19:13:19 | 004,388,509 | R--- | M] (Swearware) -- C:\Users\jakub\Desktop\ComboFix.exe
[2012.01.22 17:29:21 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012.01.22 10:53:07 | 000,023,580 | ---- | M] () -- C:\Users\jakub\AppData\Roaming\UserTile.png

-Galil- · #27 Příspěvek od **-Galil-** » 27 led 2012 21:03

========== Files Created - No Company Name ==========

[2012.01.27 20:04:08 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.01.27 17:28:50 | 000,345,976 | ---- | C] () -- C:\Users\jakub\Desktop\jpg....jpg
[2012.01.22 20:28:45 | 100,126,530 | ---- | C] () -- C:\Users\jakub\Desktop\Hodina Zeme 2012 (Ofici_lne video - SK titulky).avi
[2012.01.22 18:20:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.01.22 18:20:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.01.22 18:20:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.22 18:20:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.22 18:20:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.22 17:06:32 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012.01.01 12:47:09 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2012.01.01 12:19:39 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.01.01 12:19:39 | 000,000,000 | ---- | C] () -- C:\Users\jakub\AppData\Roaming\Analog Sync
[2012.01.01 12:19:38 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.01.01 12:19:38 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.01.01 12:19:38 | 000,000,000 | ---- | C] () -- C:\Users\jakub\AppData\Roaming\Analog Pad
[2011.12.24 20:01:03 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.12.24 20:01:03 | 000,022,328 | ---- | C] () -- C:\Users\jakub\AppData\Roaming\PnkBstrK.sys
[2011.12.24 20:00:40 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.12.24 20:00:34 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.12.24 20:00:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2011.06.12 08:53:05 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.06.10 15:16:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.06.10 15:16:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.06.10 15:16:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.06.10 15:16:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.06.10 15:16:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.06.10 15:16:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.06.10 15:16:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.06.10 15:16:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.06.10 15:16:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.06.10 15:16:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.06.10 15:16:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.06.10 15:16:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.06.10 15:16:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.06.10 15:16:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.06.10 15:16:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.06.10 15:16:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.06.10 15:16:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.06.10 15:16:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.06.10 15:16:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.30 17:06:20 | 000,000,680 | ---- | C] () -- C:\Users\jakub\AppData\Local\d3d9caps.dat
[2010.03.19 14:24:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.03.06 13:17:26 | 000,000,913 | ---- | C] () -- C:\Windows\System32\dump.bin
[2009.12.19 09:57:34 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2009.10.01 18:57:43 | 000,000,073 | ---- | C] () -- C:\Windows\System32\SYSDRV004.SYS
[2009.10.01 18:57:40 | 000,000,324 | ---- | C] () -- C:\Users\jakub\AppData\Roaming\Karaoke-Sing-n-Burn.INI
[2009.10.01 18:57:40 | 000,000,061 | ---- | C] () -- C:\Windows\System32\SYSTMBXNDRV.SYS
[2009.09.24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.09.17 07:17:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.17 07:17:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.04 17:38:02 | 000,001,910 | ---- | C] () -- C:\Windows\CDPLAYER.INI
[2009.08.20 18:24:11 | 000,000,196 | ---- | C] () -- C:\Windows\QTW.INI
[2009.08.19 06:54:35 | 000,184,048 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.06.30 06:22:56 | 000,000,514 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.06.25 18:49:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.25 18:41:22 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2009.06.25 18:37:38 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009.06.25 18:12:47 | 000,023,580 | ---- | C] () -- C:\Users\jakub\AppData\Roaming\UserTile.png
[2009.06.20 17:24:26 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.06.19 17:41:25 | 000,000,264 | ---- | C] () -- C:\Windows\fre.INI
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.21 18:33:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD-Start.INI
[2009.05.20 15:36:39 | 000,133,632 | ---- | C] () -- C:\Users\jakub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.20 15:04:06 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.05.15 00:23:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2009.05.15 00:20:55 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.05.15 00:20:55 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.05.15 00:20:55 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.01.21 17:49:28 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.21 17:49:19 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.01.21 17:49:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009.01.21 17:49:18 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.01.21 17:49:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009.01.21 11:15:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009.01.21 11:15:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009.01.21 10:48:08 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.01.21 10:39:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.01.21 10:39:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.01.21 10:39:08 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.01.21 09:37:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 07:46:38 | 000,669,042 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2008.01.21 07:46:38 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2008.01.21 07:46:38 | 000,150,116 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2008.01.21 07:46:38 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,410,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,658,870 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,129,824 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1993.07.23 18:31:02 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll

========== LOP Check ==========

[2011.09.24 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\CocoonSoftware
[2011.06.11 09:19:12 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\EPSON
[2009.05.20 15:03:49 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\eSobi
[2011.06.02 20:38:25 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\GARMIN
[2012.01.07 22:17:36 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\ICQ
[2009.05.20 15:04:08 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\InterVideo
[2012.01.01 12:40:16 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Nikon
[2011.04.16 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\OpenCandy
[2009.10.21 20:19:47 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\OpenOffice.org
[2011.06.26 13:53:35 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\PeerNetworking
[2011.11.05 22:09:28 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Stellarium
[2010.04.27 16:31:01 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\The Bat!
[2009.10.29 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\VistaCodecs
[2009.06.25 19:00:20 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Windows Live Writer
[2009.06.20 16:59:33 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Zoner
[2012.01.27 16:25:03 | 000,000,240 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2012.01.27 20:25:12 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 07:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 07:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.21 03:24:45 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 07:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: SCECLI.DLL >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SVCHOST.EXE >
[2008.01.21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008.01.21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 09:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009.04.11 07:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011.09.20 22:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009.12.08 21:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 22:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 18:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011.06.17 21:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2010.02.18 12:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 15:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 15:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009.12.08 21:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 13:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009.12.08 21:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010.06.16 16:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 17:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011.06.17 21:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010.06.16 17:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010.06.16 16:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011.09.20 22:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\ERDNT\cache\tcpip.sys
[2011.09.20 22:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\System32\drivers\tcpip.sys
[2011.09.20 22:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008.04.26 09:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.12.08 18:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 18:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 18:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.06.16 17:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009.12.08 18:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010.02.18 15:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 21:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008.01.21 03:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 17:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< >

< %systemroot%*.* /U /s >
[18 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[12 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.06.20 19:31:28 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Adobe
[2011.09.24 18:52:02 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Apple Computer
[2012.01.01 12:26:19 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\ArcSoft
[2011.09.24 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\CocoonSoftware
[2009.05.20 15:04:06 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Corel
[2009.10.25 10:35:12 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\dvdcss
[2011.06.11 09:19:12 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\EPSON
[2009.05.20 15:03:49 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\eSobi
[2011.06.02 20:38:25 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\GARMIN
[2009.11.14 17:37:14 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Google
[2012.01.07 22:17:36 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\ICQ
[2009.05.15 00:16:40 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Identities
[2009.05.15 00:20:44 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\InstallShield
[2009.05.20 15:04:08 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\InterVideo
[2010.04.01 17:39:34 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Macromedia
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Media Center Programs
[2011.06.02 20:34:34 | 000,000,000 | --SD | M] -- C:\Users\jakub\AppData\Roaming\Microsoft
[2010.05.22 21:44:05 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Microsoft Games
[2010.03.19 14:24:31 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Mozilla
[2010.02.20 20:49:09 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\NCH Software
[2012.01.01 12:40:16 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Nikon
[2011.04.16 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\OpenCandy
[2009.10.21 20:19:47 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\OpenOffice.org
[2012.01.22 19:44:21 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\OpenOffice.org2
[2011.06.26 13:53:35 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\PeerNetworking
[2011.10.03 17:58:31 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\PSpad
[2010.09.25 15:34:32 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Real
[2011.11.05 22:09:28 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Stellarium
[2010.04.27 16:31:01 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\The Bat!
[2010.10.15 16:06:14 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\U3
[2009.10.29 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\VistaCodecs
[2009.10.27 19:41:20 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\vlc
[2009.06.25 19:00:20 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Windows Live Writer
[2011.03.31 14:15:10 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\WinRAR
[2009.06.20 16:59:33 | 000,000,000 | ---D | M] -- C:\Users\jakub\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2009.11.06 06:04:40 | 010,377,728 | ---- | M] () -- C:\Users\jakub\AppData\Roaming\CocoonSoftware\QMC\ffmpeg.exe
[2008.04.02 11:35:18 | 007,945,216 | ---- | M] () -- C:\Users\jakub\AppData\Roaming\CocoonSoftware\QMC\ffmpegHD.exe
[2012.01.01 12:21:53 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\jakub\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2011.04.16 12:01:30 | 000,416,160 | ---- | M] () -- C:\Users\jakub\AppData\Roaming\OpenCandy\OpenCandy_9EAB268398D94F74A5A66D721DDD53C2\LatestDLMgr.exe
[2010.12.17 23:07:06 | 000,043,440 | ---- | M] () -- C:\Users\jakub\AppData\Roaming\OpenCandy\OpenCandy_9EAB268398D94F74A5A66D721DDD53C2\SpeedstarterCZ.exe
[2010.12.17 18:48:22 | 001,720,472 | ---- | M] (Speedchecker Limited ) -- C:\Users\jakub\AppData\Roaming\OpenCandy\OpenCandy_9EAB268398D94F74A5A66D721DDD53C2\ZrychleniPocitace.exe
[2011.04.16 12:01:48 | 001,842,096 | ---- | M] () -- C:\Users\jakub\AppData\Roaming\OpenCandy\OpenCandy_9EAB268398D94F74A5A66D721DDD53C2\ZrychleniPocitace_p2v1.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\jakub\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\jakub\AppData\Roaming\U3\temp\Launchpad Removal.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012.01.27 16:25:03 | 000,000,240 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.01.27 20:26:08 | 000,003,216 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 20:26:08 | 000,003,216 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 20:26:19 | 000,000,147 | ---- | M] () -- C:\Windows\system32\agent.log
[2012.01.27 20:26:22 | 000,000,000 | ---- | M] () -- C:\Windows\system32\LogConfigTemp.xml
[2012.01.27 20:33:19 | 000,150,116 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.01.27 20:33:19 | 000,129,824 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.01.27 20:33:19 | 000,669,042 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.01.27 20:33:19 | 000,658,870 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.01.27 20:33:19 | 001,604,860 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.21 03:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation)
"CursorXP" = "C:\Program Files\CursorXP\CursorXP.exe" -s -- [2005.01.19 16:34:16 | 000,128,000 | ---- | M] ( )
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
"Seznam Postak" = "C:\Program Files\Seznam.cz\bin\postak.exe" -s -- [2012.01.10 15:16:10 | 000,491,040 | ---- | M] ()

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2011.12.29 09:57:14 | 000,924,632 | ---- | M] (Mozilla Corporation) MD5=11CCA710674739E3DB8F7450A5B650B6 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012.01.20 16:48:53 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2012.01.20 06:35:36 | 001,047,024 | ---- | M] (Google Inc.) MD5=697D3B09D8883F72265DA274E0972042 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.01.27 20:33:28 | 000,000,512 | ---- | M] () MD5=480D3814AFEE61DE03A136040F20DD24 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2004.01.29 03:53:36 | 000,004,902 | ---- | M] () -- \Users\jakub\Pictures\Po fotky .... doplnky\Textures\cracked2.jpg

< *keygen* /s >

< *loader* /s >
[2010.02.12 00:10:46 | 000,003,754 | ---- | M] () -- \Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared\chrome\content\libs\loader.js
[2007.10.23 16:52:22 | 000,114,688 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\APFLoaderV13.dll
[2007.10.23 16:52:22 | 000,069,632 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader.dll
[2007.10.23 16:52:22 | 000,102,400 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader2006.dll
[2011.10.28 07:24:51 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.6\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011.10.28 07:24:52 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.6\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011.10.28 07:24:51 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.6\imApp\theme\MUICoreLib\xtraLoader.swf
[2011.10.28 07:25:25 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.6\Xtraz\icq\content\profile_lightboxs\preloader.html
[2012.01.01 13:24:51 | 000,000,665 | ---- | M] () -- \Program Files\Internet Explorer\Favorites\Děkujeme za stažení YouTube Downloader ze serveru CNET Download.url
[2006.08.16 03:25:58 | 000,174,888 | ---- | M] () -- \Program Files\Microsoft Games\Microsoft Flight Simulator X Demo\Scenery\Global\texture\VEH_Air_BagLoaderBlue.dds
[2006.08.16 03:25:58 | 000,262,272 | ---- | M] () -- \Program Files\Microsoft Games\Microsoft Flight Simulator X Demo\Scenery\Global\texture\VEH_Air_BagLoaderBlue_bump.dds
[2006.08.16 03:26:00 | 000,174,888 | ---- | M] () -- \Program Files\Microsoft Games\Microsoft Flight Simulator X Demo\Scenery\Global\texture\VEH_Air_BagLoaderBlue_lm.dds
[2006.08.16 03:26:00 | 000,349,648 | ---- | M] () -- \Program Files\Microsoft Games\Microsoft Flight Simulator X Demo\Scenery\Global\texture\VEH_Air_BagLoaderBlue_specular.dds
[2006.08.16 03:26:04 | 000,174,888 | ---- | M] () -- \Program Files\Microsoft Games\Microsoft Flight Simulator X Demo\Scenery\Global\texture\VEH_Air_BagLoaderGrey.dds
[2006.08.16 03:26:04 | 000,174,888 | ---- | M] () -- \Program Files\Microsoft Games\Microsoft Flight Simulator X Demo\Scenery\Global\texture\VEH_Air_BagLoaderGrey_lm.dds
[2006.09.04 20:21:30 | 000,301,815 | ---- | M] () -- \Program Files\Microsoft Games\Microsoft Flight Simulator X Demo\SimObjects\GroundVehicles\VEH_Air_BagLoaderGrey\model\VEH_Air_BagLoaderGrey.mdl
[2007.09.10 23:28:40 | 000,021,504 | ---- | M] () -- \Program Files\OpenOffice.org 2.3\program\javaloader.uno.dll
[2007.09.11 16:06:22 | 000,005,226 | ---- | M] () -- \Program Files\OpenOffice.org 2.3\program\pythonloader.py
[2007.09.11 04:36:04 | 000,015,360 | ---- | M] () -- \Program Files\OpenOffice.org 2.3\program\pythonloader.uno.dll
[2007.09.11 16:51:36 | 000,000,145 | ---- | M] () -- \Program Files\OpenOffice.org 2.3\program\pythonloader.uno.ini
[2007.09.10 23:28:40 | 000,016,384 | ---- | M] () -- \Program Files\OpenOffice.org 2.3\program\shlibloader.uno.dll
[2007.09.11 04:18:20 | 000,004,063 | ---- | M] () -- \Program Files\OpenOffice.org 2.3\program\classes\unoloader.jar
[2003.09.26 07:15:26 | 000,169,384 | ---- | M] () -- \Program Files\Valve\cstrike\models\qloader.mdl
[2003.09.26 13:19:52 | 000,352,548 | ---- | M] () -- \Program Files\Valve\valve\models\loader.mdl
[2003.09.26 13:24:16 | 000,012,764 | ---- | M] () -- \Program Files\Valve\valve\sound\ambience\loader_hydra1.wav
[2003.09.26 13:24:16 | 000,012,164 | ---- | M] () -- \Program Files\Valve\valve\sound\ambience\loader_step1.wav
[2011.11.29 16:48:38 | 001,275,808 | ---- | M] () -- \Program Files\YouTube Song Downloader\YouTubeSongDownloader.exe
[2010.06.02 08:40:56 | 000,000,144 | ---- | M] () -- \Program Files\YouTube Song Downloader\YouTubeSongDownloader.exe.config
[2011.12.26 21:32:03 | 000,000,996 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Song Downloader\YouTube Song Downloader.lnk
[2012.01.01 13:41:24 | 000,000,665 | ---- | M] () -- \Qoobox\Quarantine\C\Users\jakub\AppData\Roaming\Microsoft\Windows\Recent\Děkujeme za stažení YouTube Downloader ze serveru CNET Download.url.vir
[2011.12.26 21:32:03 | 000,000,996 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\YouTube Song Downloader\YouTube Song Downloader.lnk
[2011.12.30 16:27:47 | 000,001,619 | ---- | M] () -- \Users\jakub\AppData\Local\Abelssoft\YouTube Song Downloader\YouTube Song Downloader.settings.xml
[2010.04.01 17:39:51 | 000,191,469 | ---- | M] () -- \Users\jakub\AppData\Local\Macromedia\Flash 8\en\Configuration\Classes\aso\mx\controls\mx.controls.Loader.aso
[2005.06.20 14:45:24 | 000,000,544 | ---- | M] () -- \Users\jakub\AppData\Local\Macromedia\Flash 8\en\Configuration\Classes\FP7\MovieClipLoader.as
[2005.06.20 14:45:26 | 000,000,544 | ---- | M] () -- \Users\jakub\AppData\Local\Macromedia\Flash 8\en\Configuration\Classes\FP8\MovieClipLoader.as
[2005.07.13 11:06:52 | 000,010,454 | ---- | M] () -- \Users\jakub\AppData\Local\Macromedia\Flash 8\en\Configuration\Classes\mx\controls\Loader.as
[2012.01.27 17:50:49 | 000,000,336 | ---- | M] () -- \Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05A98KP6\11738-1-loader[1].js
[2012.01.27 17:44:43 | 000,000,905 | ---- | M] () -- \Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\05A98KP6\TooltipLoader[1].css
[2012.01.27 19:42:11 | 000,001,849 | ---- | M] () -- \Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\32FE4ID0\loader-white-bg[1].gif
[2012.01.27 19:40:39 | 000,010,819 | ---- | M] () -- \Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OER155E0\ajax-loader[1].gif
[2012.01.27 19:46:10 | 000,010,819 | ---- | M] () -- \Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OER155E0\ajax-loader[3].gif
[2012.01.27 19:42:12 | 000,002,110 | ---- | M] () -- \Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OER155E0\loader[1].gif
[2012.01.27 17:44:42 | 000,014,290 | ---- | M] () -- \Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RB2B54VC\TooltipLoader[1].js
[2012.01.27 17:14:18 | 000,006,353 | ---- | M] () -- \Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S9QJGOYJ\ajax-loader1[1].gif
[2012.01.27 19:42:11 | 000,004,012 | ---- | M] () -- \Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TA1T1X5B\loader[1].js
[2012.01.27 19:42:50 | 000,004,012 | ---- | M] () -- \Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TA1T1X5B\loader[2].js
[2012.01.27 19:40:50 | 000,074,870 | ---- | M] () -- \Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TA1T1X5B\preloader[1].swf
[2012.01.20 18:29:11 | 000,005,218 | ---- | M] () -- \Users\jakub\AppData\Local\VirtualStore\Program Files\OpenOffice.org 2.3\program\pythonloader.pyc
[2010.05.13 05:54:21 | 000,006,687 | ---- | M] () -- \Users\jakub\AppData\Local\VirtualStore\Program Files\OpenOffice.org 3\Basis\program\pythonloader.pyc
[2011.12.26 21:09:00 | 000,000,593 | ---- | M] () -- \Users\jakub\AppData\Roaming\Microsoft\Windows\Recent\chrome-youtube-downloader-2.6.1.crx.lnk
[2011.01.28 23:08:15 | 000,344,848 | ---- | M] () -- \Users\jakub\Downloads\Downloader_4Story_CZ_3.4.53.exe
[2012.01.22 10:08:46 | 000,000,665 | ---- | M] () -- \Users\jakub\Pictures\Geo\Favorites\Děkujeme za stažení YouTube Downloader ze serveru CNET Download.url
[2011.12.26 21:32:03 | 000,000,978 | ---- | M] () -- \Users\Public\Desktop\YouTube Song Downloader.lnk
[2012.01.22 20:23:22 | 000,156,794 | ---- | M] () -- \Windows\Prefetch\YOUTUBESONGDOWNLOADER.EXE-A16A9E2C.pf
[2008.01.21 03:23:37 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011.06.10 15:23:06 | 000,002,774 | ---- | M] () -- \Windows\System32\Tasks\Epson Printer Software Downloader
[2012.01.27 16:25:03 | 000,000,240 | ---- | M] () -- \Windows\Tasks\Epson Printer Software Downloader.job
[2008.01.21 07:45:35 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2008.01.21 07:45:35 | 000,027,648 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winload.exe.mui_3bc5b827
[2008.01.21 07:45:35 | 000,019,968 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winresume.exe.mui_ff8b5358
[2009.09.17 16:42:12 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2009.09.17 16:42:13 | 000,986,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winload.exe_75835076
[2009.09.17 16:42:14 | 000,926,184 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winresume.exe_85cd1215
[2008.01.21 03:26:48 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 03:26:48 | 000,021,048 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2_spldr.sys_98bd87a0
[2008.02.29 08:26:23 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_de-de_cb9c6772f81a418b.manifest
[2008.02.29 08:19:08 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_en-us_748d3d6be6f84d50.manifest
[2008.02.29 11:05:29 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_es-es_74589a4fe71f3ef5.manifest
[2008.02.29 11:07:01 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_fr-fr_1710104ed9f15557.manifest
[2008.02.29 11:05:17 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_it-it_01380695b1233ad5.manifest
[2008.02.29 09:14:00 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_ja-jp_a35d85a2a43e4cb0.manifest
[2008.02.29 11:02:51 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_nl-nl_2d992eca70004957.manifest
[2008.02.29 08:19:24 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_de-de_cbf6c366115bebbd.manifest
[2008.02.29 08:21:05 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_en-us_74e7995f0039f782.manifest
[2008.02.29 10:56:53 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_es-es_74b2f6430060e927.manifest
[2008.02.29 11:12:24 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_fr-fr_176a6c41f332ff89.manifest
[2008.02.29 11:01:15 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_it-it_01926288ca64e507.manifest
[2008.02.29 08:46:06 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_ja-jp_a3b7e195bd7ff6e2.manifest
[2008.02.29 10:17:45 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_nl-nl_2df38abd8941f389.manifest
[2008.01.21 07:38:38 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2008.02.29 08:17:27 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725.manifest
[2008.02.29 08:13:09 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157.manifest
[2008.01.21 03:20:53 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048.manifest
[2008.02.29 09:08:07 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b.manifest
[2008.02.29 08:37:27 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7.manifest
[2009.04.10 23:12:44 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2006.11.02 11:13:06 | 000,003,970 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6000.16386_none_68fc663d5430d3de.manifest
[2008.01.21 03:19:11 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 03:23:37 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmloader.dll
[2008.01.21 03:23:37 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6002.18005_none_47df94fd8cc49aa6\dmloader.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\jakub\Desktop\TV NOVA - Prave dnes (1994-1997).mp4:TOC.WMV
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:D282699C

< End of report >

-Galil- · #28 Příspěvek od **-Galil-** » 27 led 2012 21:06

OTL Extras logfile created on: 27.1.2012 20:30:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jakub\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,93 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 62,56% Memory free
6,06 Gb Paging File | 5,00 Gb Available in Paging File | 82,49% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,54 Gb Total Space | 51,72 Gb Free Space | 36,03% Space Free | Partition Type: NTFS
Drive D: | 143,54 Gb Total Space | 122,68 Gb Free Space | 85,46% Space Free | Partition Type: NTFS

Computer Name: JAKUB-PC | User Name: jakub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07050835-64EC-44AE-ADF2-CCB29431DCFB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0B5CD17E-C196-485E-B048-CEAC5F3F57D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0F8C7946-D3EE-441B-A511-188729F27271}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{11126584-61C6-430A-ADFB-5EE90F30F904}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{189EEE3C-BACD-4EB3-BFDF-C5EE5DD5CE0D}" = rport=5357 | protocol=6 | dir=out | app=system |
"{1ACACE26-69DE-428D-B782-94BDC3005D92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2451A38D-5D4E-49D8-B543-EC4BD2BBC96C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2737990D-A4D3-4B4E-9FA5-FCA436A4D45F}" = rport=138 | protocol=17 | dir=out | app=system |
"{2AEB3113-FC50-4BBF-8F1D-CC42FF876F9C}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{2B33B572-DC85-4DCE-BD79-AF656BFDBF69}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{2E0210BA-4959-4607-A8F5-3BEE19C1D21E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{2FA8ADEB-3BD0-43F1-9EB9-FFBF13354B8D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{30FF1C02-DF7D-4914-A253-4DF3D0E8233E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{35177F06-EC50-4705-BA28-D71F4EDD753C}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{38B47D07-5200-4E8F-BA17-B0447A1DEB4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41299667-F9FF-437B-A94D-7EECD08BEA04}" = lport=445 | protocol=6 | dir=in | app=system |
"{45F3D5E3-11EE-4821-BD20-2FB502B1FCA5}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{58AF3BF9-639A-4FCF-82D8-88E4B7FF5340}" = rport=5358 | protocol=6 | dir=out | app=system |
"{5B206EC9-38B2-408D-896E-02772CAD0229}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{5FC6EBC9-7319-4313-9281-E5946FE9E5A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EC1A580-0ACF-4013-B681-5F86A0C17AE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80B13E6B-D11A-4374-9B83-A805FE4DE3BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{87AB7804-2BDC-42D1-B964-C1322DE61C75}" = lport=5357 | protocol=6 | dir=in | app=system |
"{88549259-9744-4900-A321-049275459FCC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9079D9F8-C7D6-4CF8-AB09-BC3CE8E0604C}" = lport=138 | protocol=17 | dir=in | app=system |
"{96E5548F-07C4-4C6F-972A-4AAD9A856492}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9787B0E7-87F0-4364-8E90-8E4564EAB5D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{989B4C9D-86E7-42A8-9605-04E3B9A4ACCC}" = lport=5358 | protocol=6 | dir=in | app=system |
"{A6B1ECCE-1EA2-453D-B64B-52477C74AD5B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A9A47A71-2618-4030-AF62-4A24B2F6497D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{AAB2F318-BB32-4BEC-9B53-9F888712E3D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{ABA7D800-62D7-49F3-A9DB-EA53A79DCEED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1A6090B-BE70-4697-9245-1F05B875AF59}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{BEE5B04E-3892-466E-BA09-B5FE69853019}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{C0C120F5-1ED3-4D8D-BACA-3990C641E51A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{C0C583F9-FBEA-4A20-B34B-4BF317BA43D2}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{C4EAAB6A-1201-4EC1-B78C-4002DD9B2501}" = rport=445 | protocol=6 | dir=out | app=system |
"{C6D67D16-3C30-473B-BCAC-70C36FA67F7D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CE8B2F10-DA35-4253-A325-A6F4827B85DB}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{D02F15CE-92BC-4E54-9A22-492EB1ADD989}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EC6C8E42-271B-43D0-B847-FB6E9BAE719D}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{ECF5729B-B298-4EB6-B701-9954E5ED4E86}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{F23CEA66-69C1-4BD4-B0FE-A946AEBED79B}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{F8D00252-B21D-46C1-B9B2-648959802495}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA577FD3-DD55-4D4E-B184-5A2C790BBEA1}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{FA65EAB0-FD66-44C5-BC8C-EC2D830F8B08}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA61511-F58F-48A4-B74E-324E34B373A9}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{1218FDC7-AA9E-4F54-B2FD-5ECA5A4556C4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{126ED8BB-E72A-450F-BE47-F60F82CF58A9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{19964822-DA54-4A09-BCE2-0A51AFF58BA9}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{1E1D35F0-7A97-45E5-AA8B-6F5C18D208B0}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{215E671D-BD95-488D-B6C7-D0E77758670E}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{21DCE5DB-EE5E-43E9-9EDC-5AD4BB6B4691}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{287B5F3E-0F11-4072-AC8D-3B43BCBB8A7E}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{2F9E20B8-0BA9-4E56-83F3-70F9CAC0FE68}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{347FC49A-DE5D-4D2E-8606-782AD1AF7727}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{37DC5472-DAE0-4EB3-BCBF-EABF134C2598}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{3B6B2FC0-5873-43B6-B42E-651A5DABCC0B}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{4AE96D1C-62D9-4C0F-BDE6-4EAC582823B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BD2A8A1-00F2-49EA-B27F-D999C7C9C5EA}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{5479D134-3F1D-4D6A-B9BA-1968CDA642AE}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{556D2C89-F5BE-4B8A-A51B-8182A5D40108}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{58169D5A-5436-426C-9BD0-9EA06A85F55D}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{6355CCFB-5B56-451F-99A3-72F34291536C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{63DB9677-2C54-4BAB-AF1C-98C17C4529B6}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{66949D5B-1907-467C-940F-F0378C030C5C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{68ABA302-537F-4716-89C9-8D2126D90824}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{71D2CCF1-B897-4237-BA09-A2AFE71605FA}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{72421DD9-3156-4BE6-882B-F3704C50E7EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{77834B3B-2E86-499B-B543-DE8B2D53DC12}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7BA25522-F5D3-418F-916C-2476827A8B79}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{8117DC2E-3759-4A5E-8F0E-09AC3E84F7E6}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{9143EFC8-A0E2-4569-A840-1FBE6FF62E07}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{91D454F2-8958-4FEF-A2B2-DFE7D7F29085}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{96CDF5CC-AFBD-47B7-9FCD-BFE7827D0E71}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{A9D9F7DB-D528-4A54-9F46-7C93074BF1A9}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{AA6D5110-779B-4A74-9370-E373D1BFD7B5}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{AE36E5B6-B5F0-4078-A892-8913C159EC9C}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{B675904E-7260-4CFD-9041-069A9427E27C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B7420DFF-2645-4BCF-8B1B-5DEA2C2A239E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{C527BE41-EDDA-4624-B5EB-5D372145AC91}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{D623C9F4-6DCA-4A7D-AD7B-76ED0BF9F070}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{D9312F00-13FE-4795-B5B3-738E6B051FA9}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DD03D77A-F6EE-4D1E-948C-9D02BA78B213}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{E2EA14F7-6F27-417E-974B-3E1BA696EB2B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{EA35DC22-3570-4A62-91D1-52F68E48436B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{EE958D2B-3B14-4627-BB35-4B44986C200D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{F0A0EC99-EF01-4C00-825C-73159759ED70}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{FC3D9E8A-4919-42B8-BEE0-1700EC4F76C2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{09C34D85-9DD4-46D8-A0B3-3A23DBE354DA}C:\users\jakub\desktop\rct.exe" = protocol=6 | dir=in | app=c:\users\jakub\desktop\rct.exe |
"TCP Query User{11AD8E42-9E3B-4AB1-8133-6F63F0194B73}C:\users\jakub\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\jakub\desktop\warcraft iii\war3.exe |
"TCP Query User{22BEF6B2-0A70-407C-A0F1-A2A0EA0F55B1}C:\q3ademo\quake3.exe" = protocol=6 | dir=in | app=c:\q3ademo\quake3.exe |
"TCP Query User{300553AE-E0B6-4508-B4E2-A93279A44834}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{35B7746C-7B58-47BA-8A04-8E16A988DEAB}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{4393CBCC-8215-4457-B7B9-C3EC4FC933FF}D:\program files\valve\hl.exe" = protocol=6 | dir=in | app=d:\program files\valve\hl.exe |
"TCP Query User{447E97BC-7D80-4913-906F-ACDF9322950B}D:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=d:\program files\rockstar games\gta2\gta2.exe |
"TCP Query User{4AA0D861-0C09-4A1C-AA1F-73D81E24DF5C}D:\program files\topcd\zachranari\emergency 4\em4.exe" = protocol=6 | dir=in | app=d:\program files\topcd\zachranari\emergency 4\em4.exe |
"TCP Query User{4BDB979E-7013-49CA-8A1E-3AB75EEC4C48}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{60E9FB22-20AD-470C-A046-567DAF6D39DF}C:\users\jakub\desktop\rct - cz.exe" = protocol=6 | dir=in | app=c:\users\jakub\desktop\rct - cz.exe |
"TCP Query User{641F6A6D-8CD1-454E-944D-7F3FEA0AF656}D:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=d:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"TCP Query User{7119FDA1-534A-4979-A042-EE3CE48CA7D8}D:\program files\mockba to berlin\m2b.exe" = protocol=6 | dir=in | app=d:\program files\mockba to berlin\m2b.exe |
"TCP Query User{7B2C4B77-1007-4386-BFE5-0AB576BD03FD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8500A709-7401-4BBB-BD89-3A8AA4040D41}D:\games\cs dog 1.6 final 2008\hl.exe" = protocol=6 | dir=in | app=d:\games\cs dog 1.6 final 2008\hl.exe |
"TCP Query User{9BA483B8-110A-42D4-BF72-8B06494227D9}F:\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=f:\stronghold crusader\stronghold crusader.exe |
"TCP Query User{9ED2FE0F-B424-4D29-97B7-FB4E020E009E}C:\users\jakub\appdata\local\temp\temp2_rollerct.zip\rct.exe" = protocol=6 | dir=in | app=c:\users\jakub\appdata\local\temp\temp2_rollerct.zip\rct.exe |
"TCP Query User{A2A692E0-1A91-47F4-9C52-59A38A98639A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{AD5AFD47-08B9-47BD-8EA2-9C8901B5E60B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{AFDCD445-265F-4367-B93C-DACA3AA97A11}C:\program files\topcd\křižáci - království nebeské\warrior kings\warrior_kings.exe" = protocol=6 | dir=in | app=c:\program files\topcd\křižáci - království nebeské\warrior kings\warrior_kings.exe |
"TCP Query User{B136ED15-B4CB-4099-BD42-66202C2EE903}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{B48C4A75-C954-4969-9438-1D8244E6C3E5}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{BBD40A1F-5963-4B6D-B7BF-29C947DA1C0B}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"TCP Query User{C5677D45-DDFD-4D1C-AEE2-A84D812B48E6}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{CDF9700F-5E8A-4D34-9BDB-07E36EAA95D8}D:\program files\hasbro interactive\rollercoaster tycoon\rct.exe" = protocol=6 | dir=in | app=d:\program files\hasbro interactive\rollercoaster tycoon\rct.exe |
"TCP Query User{D73A31F0-3396-4DA9-A07C-E3D74F42C43B}D:\q3ademo\quake3.exe" = protocol=6 | dir=in | app=d:\q3ademo\quake3.exe |
"TCP Query User{D976FF33-3972-4BD4-98B1-EB3364F9EF57}D:\users\jakub\contacts\music\kubova mp3\čeština do her\rollerct\rct.exe" = protocol=6 | dir=in | app=d:\users\jakub\contacts\music\kubova mp3\čeština do her\rollerct\rct.exe |
"TCP Query User{FB84E2DE-9BBC-490E-A88C-E8569D5E12AE}D:\topcd\zachranari\emergency 4\em4.exe" = protocol=6 | dir=in | app=d:\topcd\zachranari\emergency 4\em4.exe |
"UDP Query User{04D867B4-5636-4EF3-8E51-11991F66D831}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{084BC306-B2E9-410B-8FF2-7A33E6DE0010}D:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=d:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"UDP Query User{1A3EBD81-12DD-465F-B828-301C79FC00D1}C:\users\jakub\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\jakub\desktop\warcraft iii\war3.exe |
"UDP Query User{20207EDA-C9AD-4BC9-9494-001125513A43}D:\program files\topcd\zachranari\emergency 4\em4.exe" = protocol=17 | dir=in | app=d:\program files\topcd\zachranari\emergency 4\em4.exe |
"UDP Query User{2DB3E6C8-FAF8-48EB-B2B7-45F386C24A4C}D:\program files\hasbro interactive\rollercoaster tycoon\rct.exe" = protocol=17 | dir=in | app=d:\program files\hasbro interactive\rollercoaster tycoon\rct.exe |
"UDP Query User{2E168179-70DB-413A-842B-3A8284CA96EB}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3BEB4B4B-6ECD-4E91-8DA4-1A71159F0B79}C:\program files\topcd\křižáci - království nebeské\warrior kings\warrior_kings.exe" = protocol=17 | dir=in | app=c:\program files\topcd\křižáci - království nebeské\warrior kings\warrior_kings.exe |
"UDP Query User{3DB3A4D3-E72D-46FC-800A-890F098B6484}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{54DE466E-6CB0-4B57-944D-2791C55F3D04}C:\users\jakub\desktop\rct - cz.exe" = protocol=17 | dir=in | app=c:\users\jakub\desktop\rct - cz.exe |
"UDP Query User{5E480A52-B049-4E04-9A85-C18FAA331B46}C:\users\jakub\desktop\rct.exe" = protocol=17 | dir=in | app=c:\users\jakub\desktop\rct.exe |
"UDP Query User{79291D42-8198-4A31-912A-FCBEEC4F753F}D:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=d:\program files\rockstar games\gta2\gta2.exe |
"UDP Query User{809FD226-0233-4459-B00F-7809A6BEE57A}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{8DE9B143-6174-463C-B6B1-178EF2F710AA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{91C0688F-4104-4D96-B75E-80ED25AD41AE}D:\program files\mockba to berlin\m2b.exe" = protocol=17 | dir=in | app=d:\program files\mockba to berlin\m2b.exe |
"UDP Query User{991C3A6F-FE28-4746-B0E3-010757F1E595}D:\games\cs dog 1.6 final 2008\hl.exe" = protocol=17 | dir=in | app=d:\games\cs dog 1.6 final 2008\hl.exe |
"UDP Query User{A411C6EA-0D3A-4584-B38D-52A543C0FCD4}D:\users\jakub\contacts\music\kubova mp3\čeština do her\rollerct\rct.exe" = protocol=17 | dir=in | app=d:\users\jakub\contacts\music\kubova mp3\čeština do her\rollerct\rct.exe |
"UDP Query User{A7C42776-C1D1-4B04-BF07-55C8D35455C8}C:\users\jakub\appdata\local\temp\temp2_rollerct.zip\rct.exe" = protocol=17 | dir=in | app=c:\users\jakub\appdata\local\temp\temp2_rollerct.zip\rct.exe |
"UDP Query User{B1F772B5-FF63-4070-927C-A5B09B8C3F10}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{B2E2991F-EEDF-4BB4-8A32-1B512C0B330E}D:\topcd\zachranari\emergency 4\em4.exe" = protocol=17 | dir=in | app=d:\topcd\zachranari\emergency 4\em4.exe |
"UDP Query User{C3858CA1-0EC9-42C5-9AA0-5C1CB07CDC77}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{CA67BCB6-2150-4976-B1CF-48C9C42F87BA}D:\q3ademo\quake3.exe" = protocol=17 | dir=in | app=d:\q3ademo\quake3.exe |
"UDP Query User{CFC5CD0E-02C6-4693-8A2F-F95D5F4DF740}F:\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=f:\stronghold crusader\stronghold crusader.exe |
"UDP Query User{D407EFE0-EBB3-4421-911E-5C61E000ED16}C:\q3ademo\quake3.exe" = protocol=17 | dir=in | app=c:\q3ademo\quake3.exe |
"UDP Query User{ECB214E7-09AE-4020-9306-12AC99CE3311}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F16ABA07-CFB2-42AF-BE46-AECBFA6C77EE}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{F1B6CFB2-703E-4448-AA41-8E76E92F30E5}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"UDP Query User{F8CB8BC8-8C3F-48CE-B40C-89842D553153}D:\program files\valve\hl.exe" = protocol=17 | dir=in | app=d:\program files\valve\hl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{20D0CDB1-5F03-4A5D-86EB-7C218053B157}" = Windows Live Messenger
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2C82E097-694E-44ea-A947-2750679469CF}" = The Sims™ 2
"{3C19E918-13AF-4C57-B50D-8C3738EFCABF}" = TOPO Czech 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B4451CE-D1E6-4BDE-B4B2-59F03BB83B7C}" = Windows Live Sync
"{4EA44BA4-A708-4223-BC1A-22B6DA9E7D1C}" = Windows Live Essentials
"{4F62B1AE-E778-49E2-9C57-C1C65A122098}" = Zoner Callisto 5 - zkušební verze
"{519556CC-4382-4B35-80F5-DD8E9460EEAC}" = OpenOffice.org 2.3
"{54FEAF1A-8F2A-44C1-95CA-5C1C21F4F934}" = Windows Live Mail
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AAA952E-B15E-47E0-94E4-DD6DC7B9C796}_is1" = Kobra 11 Nitro
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = TRS2006
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E5EEE1B-3907-44C3-83BA-AD4B8CE40F76}" = Windows Live Writer
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A13DE9CB-8C84-4889-B114-C5A9661F844E}" = Windows Live Fotogalerie
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BD86C297-41C7-4DB5-82C4-98DE3399A2EF}" = Asistent pro přihlášení ke službě Windows Live
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D02220CE-1475-4F0F-9F12-251161999D53}" = Garmin MapSource
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"4StoryCZ_is1" = 4Story 3.4.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Centrum.cz Toolbar_is1" = Centrum.cz Toolbar 1.202.012.001
"CursorXP" = CursorXP
"EAX Unified" = EAX Unified
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 Uživatelská příručka" = Epson Stylus SX110_TX110 Manuál
"EPSON SX110 Series" = Odinstalace tiskárny EPSON SX110 Series
"Fx Text Talker" = Fx Text Talker
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InnoGames_International Toolbar" = InnoGames International Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Mozilla Firefox 9.0.1 (x86 cs)" = Mozilla Firefox 9.0.1 (x86 cs)
"PSPad editor_is1" = PSPad editor
"RollerCoaster Tycoon Setup" = Roll
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"szn-software-postak" = Seznam Pošťák 2 (Všichni uživatelé tohoto počítače.)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = QMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3.11.2010 13:10:31 | Computer Name = jakub-PC | Source = WinMgmt | ID = 10
Description =

Error - 5.11.2010 10:49:57 | Computer Name = jakub-PC | Source = WinMgmt | ID = 10
Description =

Error - 6.11.2010 6:54:56 | Computer Name = jakub-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18975, časové razítko
0x4c8710a6, chybující modul ICQToolBar.dll_unloaded, verze 0.0.0.0, časové razítko
0x4baf5dc6, kód výjimky 0xc0000005, posun chyby 0x044e6d70, ID procesu 0xf30, čas
spuštění aplikace 0x01cb7da107ce5b10.

Error - 6.11.2010 12:00:42 | Computer Name = jakub-PC | Source = WinMgmt | ID = 10
Description =

Error - 6.11.2010 12:42:31 | Computer Name = jakub-PC | Source = System Restore | ID = 8193
Description =

Error - 10.11.2010 11:12:27 | Computer Name = jakub-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.11.2010 10:56:16 | Computer Name = jakub-PC | Source = WinMgmt | ID = 10
Description =

Error - 13.11.2010 3:22:20 | Computer Name = jakub-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.11.2010 3:28:01 | Computer Name = jakub-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.11.2010 11:50:40 | Computer Name = jakub-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 23.9.2009 11:47:00 | Computer Name = jakub-PC | Source = MCUpdate | ID = 0
Description = Čekání na objekt mutex MCUpdate se nezdařilo s výjimkou: Čekání bylo
dokončeno díky zrušenému objektu mutex..

[ System Events ]
Error - 27.1.2012 11:06:52 | Computer Name = jakub-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 27.1.2012 11:06:52 | Computer Name = jakub-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 27.1.2012 11:06:52 | Computer Name = jakub-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 27.1.2012 11:06:52 | Computer Name = jakub-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 27.1.2012 11:06:52 | Computer Name = jakub-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 27.1.2012 11:07:22 | Computer Name = jakub-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 27.1.2012 11:11:00 | Computer Name = jakub-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 27.1.2012 11:14:33 | Computer Name = jakub-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 27.1.2012 11:14:52 | Computer Name = jakub-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 27.1.2012 11:24:23 | Computer Name = jakub-PC | Source = DCOM | ID = 10010
Description =

< End of report >

#29 Příspěvek od **vyosek** » 27 led 2012 21:32

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\..\URLSearchHook: {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
FF - prefs.js..browser.search.defaultEngineName: "Centrum.cz - Hledání v internetu"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.1
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\3.bin
[2012.01.06 06:39:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.26 08:42:24 | 000,000,000 | ---D | M] (Centrum.cz nastavenĂ) -- C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.12.26 08:42:24 | 000,000,000 | ---D | M] (Centrum domĂ©novĂ˝ pomocnĂk) -- C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz
[2010.10.02 18:52:43 | 000,010,025 | ---- | M] () -- C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\mywebsearch.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB (Reg Error: Key error.)
[18 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[12 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
@Alternate Data Stream - 64 bytes -> C:\Users\jakub\Desktop\TV NOVA - Prave dnes (1994-1997).mp4:TOC.WMV
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:D282699C

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

-Galil- · #30 Příspěvek od **-Galil-** » 27 led 2012 23:21

All processes killed
========== OTL ==========
Service ACDaemon stopped successfully!
Service ACDaemon deleted successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-331922893-1769724177-3423028767-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-331922893-1769724177-3423028767-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}\ deleted successfully.
C:\Program Files\CentrumczToolbar\IEToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-331922893-1769724177-3423028767-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Prefs.js: "Centrum.cz - Hledání v internetu" removed from browser.search.defaultEngineName
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.1 removed from extensions.enabledItems
Prefs.js: m3ffxtbr@mywebsearch.com:1.2 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\3.bin not found.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\searchplugins folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\defaults\preferences folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\defaults folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\components folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\skin\classic folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\skin folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\locale\cs folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\locale folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\content folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz\defaults\preferences folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz\defaults folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz\chrome\skin\classic folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz\chrome\skin folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz\chrome\locale\en-US folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz\chrome\locale\cs folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz\chrome\locale folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz\chrome\content\images folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz\chrome\content folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz\chrome folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\extensions\centrumpomocnik@centrum.cz folder moved successfully.
C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\45euejyp.default\searchplugins\mywebsearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-331922893-1769724177-3423028767-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-331922893-1769724177-3423028767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportovat do aplikace Microsoft Excel\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D57.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C82.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP743.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP78B8.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7DD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP98AA.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9C9C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA2A8.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0F8.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBA88.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCBF6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDE98.tmp\WindowsLive.Writer.CoreServices.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDE98.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF7D5.tmp folder deleted successfully.
C:\Windows\Installer\MSIC9C5.tmp deleted successfully.
C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltDCAB.tmp deleted successfully.
C:\Windows\temp\Cab2B72.tmp deleted successfully.
C:\Windows\temp\Cab30A0.tmp deleted successfully.
C:\Windows\temp\Cab54D3.tmp deleted successfully.
C:\Windows\temp\Cab5F9C.tmp deleted successfully.
C:\Windows\temp\Cab86FA.tmp deleted successfully.
C:\Windows\temp\Cab96E1.tmp deleted successfully.
C:\Windows\temp\Tar2B73.tmp deleted successfully.
C:\Windows\temp\Tar30A1.tmp deleted successfully.
C:\Windows\temp\Tar54D4.tmp deleted successfully.
C:\Windows\temp\Tar5F9D.tmp deleted successfully.
C:\Windows\temp\Tar86FB.tmp deleted successfully.
C:\Windows\temp\Tar9711.tmp deleted successfully.
ADS C:\Users\jakub\Desktop\TV NOVA - Prave dnes (1994-1997).mp4:TOC.WMV deleted successfully.
ADS C:\ProgramData\TEMP:D282699C deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jakub
->Temp folder emptied: 26508347 bytes
->Temporary Internet Files folder emptied: 66129158 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 17878 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 822 bytes

Total Files Cleaned = 88,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: jakub
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01272012_230347

Files\Folders moved on Reboot...
C:\Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TA1T1X5B\afr[1].htm moved successfully.
C:\Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TA1T1X5B\viewtopic[1].htm moved successfully.
C:\Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

VIRY.CZ

Adobe Reader

Re: Adobe Reader

Re: Adobe Reader

Re: Adobe Reader

Re: Adobe Reader

Re: Adobe Reader

Re: Adobe Reader

Re: Adobe Reader

Re: Adobe Reader

Re: Adobe Reader

Re: Adobe Reader

OTL.txt I.Část

OTL.Txt II.Část

Extras.Txt

Re: Adobe Reader

log