VIRY.CZ

< >

< %systemroot%*.* /U /s >
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[22 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[24 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[8 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
[1 C:\windows\twain_32\*.tmp files -> C:\windows\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.08.06 18:27:07 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Adobe
[2013.04.19 22:05:44 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\AIMP
[2010.06.24 13:23:43 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\AnvSoft
[2008.12.03 19:54:12 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\ATI
[2009.08.31 08:49:14 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Automatic Photo Sorter
[2010.11.05 19:55:14 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\CompleteFCE
[2008.12.25 19:20:19 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\DAEMON Tools
[2008.12.25 19:21:07 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\DAEMON Tools Lite
[2008.12.25 19:20:19 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\DAEMON Tools Pro
[2009.04.09 22:02:39 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\DonationCoder
[2009.03.02 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\FarmingSimulator2008
[2013.01.03 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\FreeAudioPack
[2010.11.01 20:02:07 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\FS2009 Fruit-importer
[2011.04.28 18:04:17 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\GameRanger
[2012.03.26 21:24:43 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\GRETECH
[2010.10.29 18:52:53 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Hamachi
[2011.12.06 00:09:24 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Hewlett Packard
[2011.12.06 00:02:16 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Hewlett-Packard
[2011.01.06 21:53:30 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\HP
[2009.04.20 15:05:10 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\HPQLOG
[2011.01.06 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\HpUpdate
[2010.11.15 20:39:55 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\HU2011
[2012.07.23 00:16:38 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\ICQ
[2008.12.03 19:53:27 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Identities
[2009.07.14 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\ImgBurn
[2008.12.03 19:41:49 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\InstallShield
[2008.12.24 22:09:50 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\InterVideo
[2011.01.04 18:19:33 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Lavasoft
[2009.05.01 18:15:55 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Leadertech
[2008.12.03 19:52:13 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Macromedia
[2013.02.24 15:20:13 | 000,000,000 | --SD | M] -- C:\Users\notes\AppData\Roaming\Microsoft
[2009.01.26 16:14:50 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Mozilla
[2010.12.04 14:28:40 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Nero
[2008.12.26 20:47:01 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\OpenOffice.org
[2012.09.19 19:09:43 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Origin
[2008.12.28 22:42:32 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\PeerNetworking
[2009.08.31 08:02:43 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\PicaJet.Com
[2010.11.14 16:38:31 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\QIP
[2010.11.14 16:38:32 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\QipGuard
[2011.12.01 17:47:55 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Rovio
[2008.12.25 17:00:18 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Roxio
[2009.01.15 18:28:20 | 000,000,000 | RH-D | M] -- C:\Users\notes\AppData\Roaming\SecuROM
[2013.04.14 20:16:40 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Skype
[2013.04.14 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\skypePM
[2011.12.06 00:08:33 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\TMP
[2010.07.26 18:39:52 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Ubisoft
[2008.12.26 19:29:10 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Ulead Systems
[2009.03.31 21:16:46 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\uTorrent
[2010.08.06 18:03:53 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Vso
[2009.01.15 16:12:05 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\WinRAR
[2010.11.18 20:20:19 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\YoudaGames
[2009.01.24 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\notes\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2002.08.29 18:33:56 | 000,319,488 | R--- | M] () -- C:\Users\notes\AppData\Roaming\MafiaSetup.exe
[2012.03.25 13:08:13 | 001,273,568 | ---- | M] (GameRanger Technologies) -- C:\Users\notes\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
[2007.03.22 12:46:42 | 000,126,976 | ---- | M] () -- C:\Users\notes\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2009.06.12 20:15:24 | 001,878,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\notes\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.12.06 11:51:10 | 000,023,558 | R--- | M] () -- C:\Users\notes\AppData\Roaming\Microsoft\Installer\{A908E57D-71A3-4AE1-9A76-C239521BBED9}\_18be6784.exe
[2009.12.06 11:51:10 | 000,023,558 | R--- | M] () -- C:\Users\notes\AppData\Roaming\Microsoft\Installer\{A908E57D-71A3-4AE1-9A76-C239521BBED9}\_294823.exe
[2010.11.08 14:24:50 | 000,193,488 | ---- | M] () -- C:\Users\notes\AppData\Roaming\QipGuard\QipGuard.exe
[2008.01.22 11:28:00 | 017,853,808 | ---- | M] (Marvell ) -- C:\Users\notes\AppData\Roaming\TMP\setup.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013.04.29 10:58:04 | 000,000,914 | ---- | M] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2013.04.16 20:02:02 | 000,000,322 | ---- | M] () -- C:\windows\Tasks\HPCeeScheduleFornotes.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.05.14 02:36:18 | 000,108,752 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\SafeBoot.sys
[2008.12.25 19:15:04 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\windows\System32\config\DEFAULT.SAV
[2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.04.29 10:21:46 | 000,003,216 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 10:21:46 | 000,003,216 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.28 20:25:25 | 000,146,172 | ---- | M] () -- C:\windows\system32\perfc005.dat
[2013.04.28 20:25:25 | 000,128,244 | ---- | M] () -- C:\windows\system32\perfc009.dat
[2013.04.28 20:25:25 | 000,662,984 | ---- | M] () -- C:\windows\system32\perfh005.dat
[2013.04.28 20:25:25 | 000,652,758 | ---- | M] () -- C:\windows\system32\perfh009.dat
[2013.04.28 20:25:25 | 001,586,516 | ---- | M] () -- C:\windows\system32\PerfStringBackup.INI
[2013.04.29 10:22:14 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\windows\system32\rpcnet.dll
[2013.04.29 10:22:16 | 000,017,408 | ---- | M] () -- C:\windows\system32\rpcnetp.exe

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe -- [2008.01.21 04:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.04.12 20:01:40 | 000,920,472 | ---- | M] (Mozilla Corporation) MD5=6F5386A655598F71BAAB2D6B63A69D6A -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013.02.22 06:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.04.29 10:43:53 | 000,000,512 | ---- | M] () MD5=FF3E41409BE30BBCB91977376D8A2880 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012.10.01 16:44:04 | 000,003,072 | ---- | M] () -- \Users\notes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_skidrowcrack.com_0.localstorage
[2012.10.01 16:44:04 | 000,003,608 | ---- | M] () -- \Users\notes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_skidrowcrack.com_0.localstorage-journal
[2012.09.22 13:45:23 | 000,003,072 | ---- | M] () -- \Users\notes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gamehacksandcracks.com_0.localstorage
[2012.09.22 13:45:23 | 000,003,608 | ---- | M] () -- \Users\notes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gamehacksandcracks.com_0.localstorage-journal
[2009.12.26 20:53:53 | 004,345,680 | ---- | M] () -- \Users\notes\AppData\Local\VirtualStore\Program Files\Valve\cstrike\maps\cs_crackhouse.bsp
[2009.02.16 16:20:26 | 000,067,756 | ---- | M] () -- \Users\notes\AppData\Local\VirtualStore\Program Files\Valve\cstrike\sound\misc\cracker1.wav
[2012.10.07 14:03:09 | 001,347,852 | ---- | M] () -- \Users\notes\Desktop\fifa\FIFA-13-Crack (1).rar
[2012.10.07 14:02:23 | 006,480,061 | ---- | M] () -- \Users\notes\Desktop\fifa\FIFA-13-Crack.rar

< *keygen* /s >

< *loader* /s >
[2002.09.25 22:05:38 | 000,113,664 | ---- | M] () -- \Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2008.04.08 11:47:54 | 000,053,511 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_chapter.jpg
[2008.04.08 11:47:54 | 000,053,511 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_menu.jpg
[2008.04.17 18:29:48 | 000,007,307 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1025\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:48 | 000,007,270 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1028\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:50 | 000,007,610 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1029\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:52 | 000,007,281 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1030\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:54 | 000,007,323 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1031\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:56 | 000,007,778 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1032\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:56 | 000,007,283 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1033\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:58 | 000,007,410 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1035\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:00 | 000,007,262 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1036\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:02 | 000,007,307 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1037\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:04 | 000,007,409 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1038\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:04 | 000,007,305 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1040\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:06 | 000,007,846 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1041\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:08 | 000,007,427 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1042\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:10 | 000,007,400 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1043\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:10 | 000,007,329 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1044\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:12 | 000,007,397 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1045\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:14 | 000,007,525 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1046\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:16 | 000,007,914 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1049\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:16 | 000,007,290 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1053\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:18 | 000,007,474 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1055\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:20 | 000,007,227 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\2052\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:22 | 000,007,584 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\2070\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:22 | 000,007,654 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\3082\Strings\RCMFormatLoaderStrings.xml
[2008.04.08 14:11:52 | 000,215,536 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFileLoader.dll
[2008.04.08 14:11:54 | 000,084,464 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderBMP.dll
[2008.04.08 14:11:56 | 000,072,176 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderECDC.dll
[2008.04.08 14:11:58 | 000,092,656 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderGIF.dll
[2008.04.08 14:12:00 | 000,207,344 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderJPG2.dll
[2008.04.08 14:13:14 | 000,072,176 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderMDC.dll
[2008.04.08 14:12:02 | 000,133,616 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderPNG.dll
[2008.04.08 14:12:04 | 000,104,944 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderTIFF.dll
[2008.04.08 14:12:42 | 000,154,096 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\LeResourceLoader.dll
[2010.01.30 02:44:54 | 000,145,082 | ---- | M] () -- \Program Files\HP\Digital Imaging\HelpViewer\Resources\Loader.gif
[2009.10.22 06:29:58 | 000,030,776 | ---- | M] () -- \Program Files\HP\Digital Imaging\smart web printing\RsrcLoaderLib.dll
[2009.10.22 06:29:58 | 000,002,713 | ---- | M] () -- \Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3\xre\components\uriloader.xpt
[2010.10.29 09:00:53 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.2\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2010.10.29 09:00:53 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.2\imApp\theme\IMAGES\XtraPreloader\loader.swf
[2010.10.29 09:00:53 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.2\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2010.10.29 09:00:53 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.2\imApp\theme\MUICoreLib\xtraLoader.swf
[2011.03.19 23:57:32 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.2\Xtraz\icq\content\icq_profile\preloader.html
[2011.02.19 15:30:28 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.2\Xtraz\icq\content\profile_forms\preloader.html
[2011.02.19 15:30:28 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.2\Xtraz\icq\content\profile_lightboxs\preloader.html
[2011.12.06 21:43:16 | 000,003,830 | ---- | M] () -- \Program Files\ICQ7.2\Xtraz\icq\content\zoopaloola\preloader02.swf
[2009.05.31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2008.10.05 15:17:34 | 000,006,308 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2008.10.05 00:00:58 | 000,015,872 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2008.10.05 16:02:04 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2008.10.04 17:50:10 | 000,021,504 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2008.10.04 23:22:34 | 000,003,871 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2008.03.31 20:10:30 | 000,141,808 | ---- | M] () -- \Program Files\Roxio\VideoCore 10\VOBLoader.ax
[2008.04.01 21:01:32 | 000,170,480 | ---- | M] () -- \Program Files\Roxio\VideoUI 10\DSThemeLoader.dll
[2008.04.01 21:01:50 | 000,113,136 | ---- | M] () -- \Program Files\Roxio\VideoUI 10\DVDFormatLoaderPlugIn.dll
[2008.04.01 20:26:34 | 000,053,511 | R--- | M] () -- \Program Files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_chapter.jpg
[2008.04.01 20:26:34 | 000,053,511 | R--- | M] () -- \Program Files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_menu.jpg
[2008.04.01 20:26:34 | 000,040,000 | R--- | M] () -- \Program Files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_hourglass.jpg
[2008.06.20 20:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2009.03.28 16:24:07 | 000,001,150 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2008.04.08 11:47:54 | 000,053,511 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_chapter.jpg
[2008.04.08 11:47:54 | 000,053,511 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_menu.jpg
[2008.04.17 18:29:48 | 000,007,307 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1025\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:48 | 000,007,270 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1028\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:50 | 000,007,610 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1029\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:52 | 000,007,281 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1030\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:54 | 000,007,323 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1031\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:56 | 000,007,778 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1032\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:56 | 000,007,283 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1033\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:29:58 | 000,007,410 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1035\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:00 | 000,007,262 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1036\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:02 | 000,007,307 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1037\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:04 | 000,007,409 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1038\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:04 | 000,007,305 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1040\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:06 | 000,007,846 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1041\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:08 | 000,007,427 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1042\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:10 | 000,007,400 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1043\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:10 | 000,007,329 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1044\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:12 | 000,007,397 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1045\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:14 | 000,007,525 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1046\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:16 | 000,007,914 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1049\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:16 | 000,007,290 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1053\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:18 | 000,007,474 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1055\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:20 | 000,007,227 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\2052\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:22 | 000,007,584 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\2070\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 18:30:22 | 000,007,654 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\3082\Strings\RCMFormatLoaderStrings.xml
[2008.04.08 14:11:52 | 000,215,536 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFileLoader.dll
[2008.04.08 14:11:54 | 000,084,464 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderBMP.dll
[2008.04.08 14:11:56 | 000,072,176 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderECDC.dll
[2008.04.08 14:11:58 | 000,092,656 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderGIF.dll
[2008.04.08 14:12:00 | 000,207,344 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderJPG2.dll
[2008.04.08 14:13:14 | 000,072,176 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderMDC.dll
[2008.04.08 14:12:02 | 000,133,616 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderPNG.dll
[2008.04.08 14:12:04 | 000,104,944 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderTIFF.dll
[2008.04.08 14:12:42 | 000,154,096 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\LeResourceLoader.dll
[2008.03.31 20:10:30 | 000,141,808 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoCore 10\VOBLoader.ax
[2008.04.01 21:01:32 | 000,170,480 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoUI 10\DSThemeLoader.dll
[2008.04.01 21:01:50 | 000,113,136 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoUI 10\DVDFormatLoaderPlugIn.dll
[2008.04.01 20:26:34 | 000,053,511 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_chapter.jpg
[2008.04.01 20:26:34 | 000,053,511 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_menu.jpg
[2008.04.01 20:26:34 | 000,040,000 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_hourglass.jpg
[2009.03.28 16:24:07 | 000,001,150 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2013.04.17 19:38:43 | 000,004,361 | ---- | M] () -- \Users\notes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.15.2.523_0\js\chromeBackstageLoader.js
[2013.04.17 19:38:43 | 000,003,100 | ---- | M] () -- \Users\notes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.15.2.523_0\js\pluginLoader.js
[2013.04.17 19:38:39 | 000,000,847 | ---- | M] () -- \Users\notes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.15.2.523_0\tb\al\ac\img\ajax-loader.gif
[2013.04.17 19:38:39 | 000,001,135 | ---- | M] () -- \Users\notes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.15.2.523_0\tb\al\ac\img\loader-icon.png
[2013.04.17 19:38:38 | 000,003,208 | ---- | M] () -- \Users\notes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.15.2.523_0\tb\al\ui\gf\img\loader.gif
[2013.04.17 19:38:33 | 000,001,849 | ---- | M] () -- \Users\notes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.15.2.523_0\tb\al\wa\TWITTER\resources\ajax-loader.gif
[2009.04.22 16:22:55 | 000,006,687 | ---- | M] () -- \Users\notes\AppData\Local\VirtualStore\Program Files\OpenOffice.org 3\Basis\program\pythonloader.pyc
[2012.07.16 12:05:19 | 000,000,121 | ---- | M] () -- \Users\notes\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UAQG2QAT\fr-advideum.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
[2008.01.21 04:33:05 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.01.15 10:38:08 | 000,003,208 | ---- | M] () -- \Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KTHZWXH\ajax-loader[1].gif
[2007.04.30 15:43:12 | 000,009,622 | ---- | M] () -- \Windows\System32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
[2008.04.17 11:59:57 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2008.04.17 11:59:57 | 000,027,648 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winload.exe.mui_3bc5b827
[2008.04.17 11:59:57 | 000,019,968 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winresume.exe.mui_ff8b5358
[2010.01.05 11:08:20 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2010.01.05 11:08:20 | 000,986,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winload.exe_75835076
[2010.01.05 11:08:20 | 000,926,184 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winresume.exe_85cd1215
[2008.01.21 04:36:35 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 04:36:35 | 000,021,048 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2_spldr.sys_98bd87a0
[2008.02.29 09:26:23 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_de-de_cb9c6772f81a418b.manifest
[2008.02.29 09:19:08 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_en-us_748d3d6be6f84d50.manifest
[2008.02.29 12:05:29 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_es-es_74589a4fe71f3ef5.manifest
[2008.02.29 12:07:01 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_fr-fr_1710104ed9f15557.manifest
[2008.02.29 12:05:17 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_it-it_01380695b1233ad5.manifest
[2008.02.29 10:14:00 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_ja-jp_a35d85a2a43e4cb0.manifest
[2008.02.29 12:02:51 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_nl-nl_2d992eca70004957.manifest
[2008.02.29 09:19:24 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_de-de_cbf6c366115bebbd.manifest
[2008.02.29 09:21:05 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_en-us_74e7995f0039f782.manifest
[2008.02.29 11:56:53 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_es-es_74b2f6430060e927.manifest
[2008.02.29 12:12:24 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_fr-fr_176a6c41f332ff89.manifest
[2008.02.29 12:01:15 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_it-it_01926288ca64e507.manifest
[2008.02.29 09:46:06 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_ja-jp_a3b7e195bd7ff6e2.manifest
[2008.02.29 11:17:45 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_nl-nl_2df38abd8941f389.manifest
[2008.04.17 11:46:13 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2008.02.29 09:17:27 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725.manifest
[2008.02.29 09:13:09 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157.manifest
[2008.01.21 04:29:34 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048.manifest
[2008.02.29 10:08:07 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b.manifest
[2008.02.29 09:37:27 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7.manifest
[2009.04.11 00:12:44 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2006.11.02 12:13:06 | 000,003,970 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6000.16386_none_68fc663d5430d3de.manifest
[2008.01.21 04:27:10 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 04:33:05 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmloader.dll
[2008.01.21 04:33:05 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6002.18005_none_47df94fd8cc49aa6\dmloader.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 5384 bytes -> C:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 5384 bytes -> C:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 5384 bytes -> C:\windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 500 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:059167AF

< End of report >

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (avrv2pli)
IE - HKLM\..\SearchScopes\{14B5EBED-2FBD-4041-AC18-FEE772CA5281}: "URL" = http://slirsredirect.search.aol.com/sli ... 632&query={searchTerms}&invocationType=tb50hpcmnbie7-cs-cz
IE - HKLM\..\SearchScopes\{77B2E3DF-604F-40C4-8883-A0757D4931B0}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKU\S-1-5-21-2848065421-3097137326-288730009-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2848065421-3097137326-288730009-1004\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKU\S-1-5-21-2848065421-3097137326-288730009-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2848065421-3097137326-288730009-1004\..\SearchScopes\{06350396-61A0-4120-ACB1-3B235DF8EB92}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =867034&p={searchTerms}
IE - HKU\S-1-5-21-2848065421-3097137326-288730009-1004\..\SearchScopes\{14B5EBED-2FBD-4041-AC18-FEE772CA5281}: "URL" = http://slirsredirect.search.aol.com/sli ... 632&query={searchTerms}&invocationType=tb50hpcmnbie7-cs-cz
IE - HKU\S-1-5-21-2848065421-3097137326-288730009-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
[2010.11.14 16:38:31 | 000,000,000 | ---D | M] ("QipCounter") -- C:\Users\notes\AppData\Roaming\Mozilla\Firefox\Profiles\101fu9cx.default\extensions\QipCounter@qip.ru
[2013.04.12 20:01:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[22 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[24 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[8 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
[1 C:\windows\twain_32\*.tmp files -> C:\windows\twain_32\*.tmp -> ]
[2009.12.06 11:51:10 | 000,023,558 | R--- | M] () -- C:\Users\notes\AppData\Roaming\Microsoft\Installer\{A908E57D-71A3-4AE1-9A76-C239521BBED9}\_18be6784.exe
[2009.12.06 11:51:10 | 000,023,558 | R--- | M] () -- C:\Users\notes\AppData\Roaming\Microsoft\Installer\{A908E57D-71A3-4AE1-9A76-C239521BBED9}\_294823.exe
[2010.11.08 14:24:50 | 000,193,488 | ---- | M] () -- C:\Users\notes\AppData\Roaming\QipGuard\QipGuard.exe
[2013.04.29 10:58:04 | 000,000,914 | ---- | M] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2013.04.16 20:02:02 | 000,000,322 | ---- | M] () -- C:\windows\Tasks\HPCeeScheduleFornotes.job
@Alternate Data Stream - 5384 bytes -> C:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 5384 bytes -> C:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 5384 bytes -> C:\windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 500 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:059167AF

:services
QipGuard

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

All processes killed
========== OTL ==========
Service UIUSys stopped successfully!
Service UIUSys deleted successfully!
File system32\DRIVERS\UIUSYS.SYS not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service EagleXNt stopped successfully!
Service EagleXNt deleted successfully!
File C:\windows\system32\drivers\EagleXNt.sys not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\windows\system32\drivers\EagleNT.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Error: No service named avrv2pli was found to stop!
Service\Driver key avrv2pli not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{14B5EBED-2FBD-4041-AC18-FEE772CA5281}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14B5EBED-2FBD-4041-AC18-FEE772CA5281}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77B2E3DF-604F-40C4-8883-A0757D4931B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B2E3DF-604F-40C4-8883-A0757D4931B0}\ not found.
Registry value HKEY_USERS\S-1-5-21-2848065421-3097137326-288730009-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-2848065421-3097137326-288730009-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2848065421-3097137326-288730009-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2848065421-3097137326-288730009-1004\Software\Microsoft\Internet Explorer\SearchScopes\{06350396-61A0-4120-ACB1-3B235DF8EB92}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06350396-61A0-4120-ACB1-3B235DF8EB92}\ not found.
Registry key HKEY_USERS\S-1-5-21-2848065421-3097137326-288730009-1004\Software\Microsoft\Internet Explorer\SearchScopes\{14B5EBED-2FBD-4041-AC18-FEE772CA5281}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14B5EBED-2FBD-4041-AC18-FEE772CA5281}\ not found.
Registry key HKEY_USERS\S-1-5-21-2848065421-3097137326-288730009-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Prefs.js: "chr-greentree_ff&type=867034" removed from browser.search.param.yahoo-fr
C:\Users\notes\AppData\Roaming\Mozilla\Firefox\Profiles\101fu9cx.default\extensions\QipCounter@qip.ru\chrome\content folder moved successfully.
C:\Users\notes\AppData\Roaming\Mozilla\Firefox\Profiles\101fu9cx.default\extensions\QipCounter@qip.ru\chrome folder moved successfully.
C:\Users\notes\AppData\Roaming\Mozilla\Firefox\Profiles\101fu9cx.default\extensions\QipCounter@qip.ru folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
C:\windows\msdownld.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21DB.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2387.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29E2.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E60.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2EBD.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3205.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3AA4.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4F16.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP562A.tmp\MMCEx.dll deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP562A.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP58EA.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP817F.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8AE1.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8E48.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP96A4.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9AF7.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9B0.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA5B0.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB057.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0D7.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB869.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC45A.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFF9.tmp folder deleted successfully.
C:\windows\Installer\MSI185B.tmp deleted successfully.
C:\windows\Installer\MSI21DB.tmp deleted successfully.
C:\windows\Installer\MSI225A.tmp deleted successfully.
C:\windows\Installer\MSI3002.tmp deleted successfully.
C:\windows\Installer\MSI474F.tmp deleted successfully.
C:\windows\Installer\MSI5DA9.tmp deleted successfully.
C:\windows\Installer\MSI6610.tmp deleted successfully.
C:\windows\Installer\MSI680A.tmp deleted successfully.
C:\windows\Installer\MSI6844.tmp deleted successfully.
C:\windows\Installer\MSI6D16.tmp deleted successfully.
C:\windows\Installer\MSI6DFD.tmp deleted successfully.
C:\windows\Installer\MSI6FB6.tmp deleted successfully.
C:\windows\Installer\MSI7030.tmp deleted successfully.
C:\windows\Installer\MSI738B.tmp deleted successfully.
C:\windows\Installer\MSI76CF.tmp deleted successfully.
C:\windows\Installer\MSIAFDE.tmp deleted successfully.
C:\windows\Installer\MSIB4C6.tmp deleted successfully.
C:\windows\Installer\MSIBA72.tmp deleted successfully.
C:\windows\Installer\MSIBB38.tmp deleted successfully.
C:\windows\Installer\MSIBD41.tmp deleted successfully.
C:\windows\Installer\MSIBDE5.tmp deleted successfully.
C:\windows\Installer\MSIC30C.tmp deleted successfully.
C:\windows\Installer\MSIC5AC.tmp deleted successfully.
C:\windows\Installer\MSIF506.tmp deleted successfully.
C:\windows\Temp\HPV6FC8.tmp deleted successfully.
C:\windows\Temp\HPV6FE9.tmp deleted successfully.
C:\windows\Temp\HPV71FC.tmp deleted successfully.
C:\windows\Temp\HPV720D.tmp deleted successfully.
C:\windows\Temp\HPVD740.tmp deleted successfully.
C:\windows\Temp\HPVD760.tmp deleted successfully.
C:\windows\Temp\HPVDB76.tmp deleted successfully.
C:\windows\Temp\HPVDB77.tmp deleted successfully.
C:\windows\twain_32\hpqgnds2.tmp deleted successfully.
C:\Users\notes\AppData\Roaming\Microsoft\Installer\{A908E57D-71A3-4AE1-9A76-C239521BBED9}\_18be6784.exe moved successfully.
C:\Users\notes\AppData\Roaming\Microsoft\Installer\{A908E57D-71A3-4AE1-9A76-C239521BBED9}\_294823.exe moved successfully.
C:\Users\notes\AppData\Roaming\QipGuard\QipGuard.exe moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\HPCeeScheduleFornotes.job moved successfully.
ADS C:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh deleted successfully.
Unable to delete ADS C:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh .
Unable to delete ADS C:\windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh .
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
ADS C:\ProgramData\TEMP:E1F04E8D deleted successfully.
ADS C:\ProgramData\TEMP:059167AF deleted successfully.
========== SERVICES/DRIVERS ==========
Service QipGuard stopped successfully!
Service QipGuard deleted successfully!
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: notes
->Temp folder emptied: 25400283 bytes
->Temporary Internet Files folder emptied: 92665483 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 197513973 bytes
->Google Chrome cache emptied: 153385924 bytes
->Flash cache emptied: 1992722 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24389176 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 61711204 bytes

Total Files Cleaned = 531,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: notes
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: notes
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05042013_095821

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Fajn, jak se chova ntb?

Je to o něco lepší, ale při zapnutí se objevuje tabulka (MSVCR70.dll nelze najít..), při načtení se objevují tyto dvě

: Bez názvu.jpg (25.9 KiB) Zobrazeno 557 x

Notebook prý nejde uložit do režimu spánku.

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

Ulozte nejlepe na Plochu
Spustte tradicne dvouklikem a postupujte dle pokynu utility
Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

Dejte novy log z RSIT

Results of screen317's Security Check version 0.99.63
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
HP JavaCard for HP ProtectTools
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Logfile of random's system information tool 1.09 (written by random/random)
Run by notes at 2013-05-18 10:50:12
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 122 GB (42%) free of 295 GB
Total RAM: 3066 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:11, on 18.5.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\System32\mobsync.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\sdclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\system32\conime.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\notes\Desktop\čistění\RSIT.exe
C:\Program Files\trend micro\notes.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Monitor] C:\windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\notes\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11530 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2848065421-3097137326-288730009-1004Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2848065421-3097137326-288730009-1004UA.job
C:\windows\tasks\HPCeeScheduleFornotes.job

=========Mozilla firefox=========

ProfilePath - C:\Users\notes\AppData\Roaming\Mozilla\Firefox\Profiles\101fu9cx.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, QipCounter@qip.ru:1.0, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
np32dsw.dll
nppdf32.dll
ShockwavePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
ICQSearchober92109386.gif
ICQSearchober92109386.src
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\notes\AppData\Roaming\Mozilla\Firefox\Profiles\101fu9cx.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

C:\Users\notes\AppData\Roaming\Mozilla\Firefox\Profiles\101fu9cx.default\searchplugins\
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
BHO_Startup Class - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2008-05-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-31 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-31 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2008-05-21 58128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-16 293168]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2008-05-08 238984]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2008-05-21 24848]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"File Sanitizer"=C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2008-05-02 10244096]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"Monitor"=C:\windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1314816]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Google Update"=C:\Users\notes\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-20 136176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\APSHook.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"vidc.VP60"=C:\windows\system32\vp6vfw.dll
"vidc.VP61"=C:\windows\system32\vp6vfw.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.FPS1"=frapsvid.dll
"vidc.XVID"=xvidvfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm

======File associations======

.js - edit - C:\windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-05-16 18:16:23 ----A---- C:\windows\system32\mshtml.dll
2013-05-16 18:04:34 ----A---- C:\windows\system32\vbscript.dll
2013-05-16 18:04:34 ----A---- C:\windows\system32\mshtmled.dll
2013-05-16 18:04:32 ----A---- C:\windows\system32\ieui.dll
2013-05-16 18:04:31 ----A---- C:\windows\system32\msfeeds.dll
2013-05-16 18:04:31 ----A---- C:\windows\system32\jsproxy.dll
2013-05-16 18:04:31 ----A---- C:\windows\system32\ieUnatt.exe
2013-05-16 18:04:30 ----A---- C:\windows\system32\wininet.dll
2013-05-16 18:04:30 ----A---- C:\windows\system32\jscript.dll
2013-05-16 18:04:29 ----A---- C:\windows\system32\url.dll
2013-05-16 18:04:29 ----A---- C:\windows\system32\jscript9.dll
2013-05-16 18:04:28 ----A---- C:\windows\system32\iertutil.dll
2013-05-16 18:04:25 ----A---- C:\windows\system32\urlmon.dll
2013-05-16 18:04:22 ----A---- C:\windows\system32\ieframe.dll
2013-05-15 15:25:13 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 15:25:13 ----A---- C:\windows\system32\cdd.dll
2013-05-15 15:25:04 ----A---- C:\windows\system32\win32k.sys
2013-05-13 22:09:19 ----A---- C:\windows\system32\NTAgent.exe
2013-05-13 22:07:36 ----A---- C:\ProgramData\qmjfl.js
2013-05-13 18:09:03 ----A---- C:\ProgramData\as98213.txt
2013-05-13 18:08:34 ----A---- C:\ProgramData\rundll32.exe
2013-05-04 09:58:21 ----D---- C:\_OTL
2013-04-30 16:05:53 ----D---- C:\ece5e2af18f70ebf22cb245d7e

======List of files/folders modified in the last 1 month======

2013-05-18 10:50:24 ----D---- C:\windows\Prefetch
2013-05-18 10:50:15 ----D---- C:\Program Files\trend micro
2013-05-18 10:50:08 ----D---- C:\windows\Temp
2013-05-18 09:11:38 ----A---- C:\windows\system32\rpcnetp.exe
2013-05-18 09:11:36 ----A---- C:\windows\system32\rpcnet.dll
2013-05-18 09:11:34 ----D---- C:\ProgramData\hpqLog
2013-05-17 06:41:09 ----D---- C:\windows\Microsoft.NET
2013-05-17 06:40:43 ----RSD---- C:\windows\assembly
2013-05-17 06:25:11 ----D---- C:\windows\System32
2013-05-17 06:25:11 ----A---- C:\windows\system32\PerfStringBackup.INI
2013-05-17 06:25:10 ----D---- C:\windows\inf
2013-05-16 21:06:21 ----D---- C:\windows\system32\drivers
2013-05-16 21:06:20 ----D---- C:\windows\system32\migration
2013-05-16 21:06:20 ----D---- C:\Program Files\Internet Explorer
2013-05-16 20:02:02 ----D---- C:\windows\Tasks
2013-05-16 18:58:33 ----A---- C:\windows\system32\FlashPlayerApp.exe
2013-05-16 18:16:31 ----D---- C:\windows\winsxs
2013-05-16 18:16:30 ----D---- C:\windows\system32\catroot
2013-05-16 18:15:51 ----SHD---- C:\windows\Installer
2013-05-16 18:06:42 ----A---- C:\windows\system32\mrt.exe
2013-05-16 18:05:37 ----D---- C:\windows\system32\catroot2
2013-05-16 18:04:04 ----SHD---- C:\System Volume Information
2013-05-13 23:46:39 ----A---- C:\windows\system32\rpcnetp.dll
2013-05-13 23:40:04 ----D---- C:\ProgramData
2013-05-12 13:44:53 ----RD---- C:\Program Files
2013-05-04 09:58:52 ----D---- C:\windows\system32\drivers\etc
2013-05-04 09:58:30 ----D---- C:\windows\twain_32
2013-05-04 09:58:30 ----D---- C:\Users\notes\AppData\Roaming\QipGuard
2013-05-04 09:58:29 ----D---- C:\Windows
2013-05-04 09:58:28 ----SD---- C:\windows\Downloaded Program Files
2013-05-02 02:06:08 ----N---- C:\windows\system32\MpSigStub.exe
2013-04-19 22:05:44 ----D---- C:\Users\notes\AppData\Roaming\AIMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2008-04-07 25448]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\drivers\iastor.sys [2008-04-15 312344]
R0 MegaSR;MegaSR; C:\windows\system32\drivers\megasr.sys [2008-01-21 386616]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2008-04-08 44944]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2008-05-14 108752]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2008-05-14 51376]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2008-05-14 12928]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2008-12-25 717296]
R1 AswRdr;aswRdr; C:\windows\system32\drivers\AswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2008-05-14 12496]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2013-03-07 66336]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2008-04-07 34664]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2008-04-11 382464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2008-05-08 3552256]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2008-03-21 1207288]
R3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2008-02-01 80424]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2008-02-01 80936]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2008-02-01 16168]
R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2008-04-14 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2008-04-10 1804160]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2008-03-27 199472]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk60x86.sys [2008-01-17 298496]
S3 a4j2dqkj;a4j2dqkj; C:\windows\system32\drivers\a4j2dqkj.sys []
S3 aswVmm;aswVmm; C:\windows\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2010-10-19 25280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576]
R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2007-10-19 86016]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Ati External Event Utility;Ati External Event Utility; C:\windows\system32\Ati2evxx.exe [2008-05-08 671744]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2008-04-07 24936]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT; C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\windows\system32\rpcnet.exe [2012-12-16 58288]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2008-01-21 21504]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-04-16 165192]
S2 ASBroker;Logon Session Broker; C:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel; C:\windows\System32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-10 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-16 256904]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-10 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-12 115608]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT; C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 311872]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WPFFontCache_v0400;@c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=-
"Google Update"=-

:files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
C:\ProgramData\qmjfl.js
C:\ProgramData\as98213.txt
C:\ProgramData\rundll32.exe
C:\Users\notes\AppData\Roaming\Mozilla\Firefox\Profiles\101fu9cx.default\searchplugins\icqplugin-*.xml
C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2848065421-3097137326-288730009-1004Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2848065421-3097137326-288730009-1004UA.job
C:\windows\tasks\HPCeeScheduleFornotes.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.
========== FILES ==========
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk not found.
File\Folder C:\ProgramData\qmjfl.js not found.
File\Folder C:\ProgramData\as98213.txt not found.
File\Folder C:\ProgramData\rundll32.exe not found.
File\Folder C:\Users\notes\AppData\Roaming\Mozilla\Firefox\Profiles\101fu9cx.default\searchplugins\icqplugin-*.xml not found.
File\Folder C:\windows\tasks\Adobe Flash Player Updater.job not found.
File\Folder C:\windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File\Folder C:\windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File\Folder C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2848065421-3097137326-288730009-1004Core.job not found.
File\Folder C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2848065421-3097137326-288730009-1004UA.job not found.
File\Folder C:\windows\tasks\HPCeeScheduleFornotes.job not found.
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: notes
->Temp folder emptied: 2251982 bytes
->Temporary Internet Files folder emptied: 1248454 bytes
->Java cache emptied: 167469 bytes
->FireFox cache emptied: 81762924 bytes
->Google Chrome cache emptied: 377079468 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20974466 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1060164804 bytes

Total Files Cleaned = 1 472,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: notes
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: notes
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05192013_162811

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

kontrola notebooku

Re: kontrola notebooku

Re: kontrola notebooku

Re: kontrola notebooku

Re: kontrola notebooku

Re: kontrola notebooku

Re: kontrola notebooku

Re: kontrola notebooku

Re: kontrola notebooku

Re: kontrola notebooku

Re: kontrola notebooku

Re: kontrola notebooku