VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Windows fungují jen v nouzovém režimu, trojan Win32/Agent

https://forum.viry.cz:443/viewtopic.php?t=102643

Stránka 1 z 1

Windows fungují jen v nouzovém režimu, trojan Win32/Agent

Napsal: 12 črc 2010 17:27
od AjuS
Dobrý den,
mám Windows Vista 32 bit. Systém po zapnutí počítače nenaběhne, nedostane se ani k obrazovce s uživateli - místo ní se zobrazí jen černá obrazovka s myší. Tudíž PC mohu používat jen v nouzovém režimu. Online skener od Esetu mi našel vir Win32/Agent. Ten jsem pomocí Esetu odstranila, ale PC je pořád ve stejném stavu. Prosím o radu a přikládám log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:04, on 12.7.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\notepad.exe
C:\Windows\explorer.exe
C:\Users\Aja\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVGLS\avgtray.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Aja\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O20 - AppInit_DLLs: secuload.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Protector - Tenebril Inc. - C:\Program Files\Tenebril\SpyCatcher\ProtectorSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 9386 bytes


Děkuji

Re: Windows fungují jen v nouzovém režimu, trojan Win32/Agen

Napsal: 12 črc 2010 17:29
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: Windows fungují jen v nouzovém režimu, trojan Win32/Agen

Napsal: 12 črc 2010 19:17
od AjuS
Nevytvořil se mi log. ComboFix byl v momentě kdy "říkal": "Téměř hotovo..." přerušen modrou obrazovkou a PC se restartoval. Nechala jsem ho projet dvakrát, stalo se to v obou případech a log v C není. Nicméně PC už naběhne i do normálního režimu, jen reaguje trochu pomaleji. Mám ComboFix znovu zkusit?

Re: Windows fungují jen v nouzovém režimu, trojan Win32/Agen

Napsal: 12 črc 2010 19:38
od Rudy
Zkuste, pokud by se situace opakovala, udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

Re: Windows fungují jen v nouzovém režimu, trojan Win32/Agen

Napsal: 13 črc 2010 16:38
od AjuS
Tak tady je log z AVPTool:

Autoscan: completed 1 minute ago (events: 4, objects: 845481, time: 07:25:11)
12.7.2010 21:07:07 Task started
12.7.2010 21:56:53 Task stopped
13.7.2010 10:09:15 Task started
13.7.2010 17:34:26 Task completed

Re: Windows fungují jen v nouzovém režimu, trojan Win32/Agen

Napsal: 13 črc 2010 18:14
od Rudy
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Do spodního okna zkopírujte:
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
Zaškrtněte "Pro všechny uživatele" Kontrola na "LOP" a "PURITY" a klikněte na prohledat. pak sem vložte oba logy.

Re: Windows fungují jen v nouzovém režimu, trojan Win32/Agen

Napsal: 13 črc 2010 19:12
od AjuS
Tady jsou logy:

První:

OTL logfile created on: 13.7.2010 19:16:49 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Aja\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 194,87 Gb Free Space | 41,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AJA-PC
Current User Name: Aja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.13 19:15:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Aja\Downloads\OTL.exe
PRC - [2010.06.28 15:51:05 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.06.28 15:51:03 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.06.17 23:47:45 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Aja\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.12.22 04:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.12.22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2009.10.01 14:55:56 | 000,330,256 | ---- | M] (Kaspersky Lab) -- C:\Users\Aja\Desktop\Virus Removal Tool\setup_9.0.0.722_12.07.2010_21-56\setup_9.0.0.722_12.07.2010_21-56.exe
PRC - [2009.09.29 17:05:30 | 001,950,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVGLS\avgtray.exe
PRC - [2009.09.29 17:05:30 | 000,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVGLS\avgnsx.exe
PRC - [2009.09.29 17:05:29 | 000,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVGLS\avgwdsvc.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.18 16:03:17 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.03.11 18:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.12 12:42:10 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.07.13 10:00:00 | 001,435,648 | ---- | M] () -- C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
PRC - [2007.06.01 11:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 11:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.03.06 17:48:46 | 000,488,984 | ---- | M] (Labtec Inc,) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe


========== Modules (SafeList) ==========

MOD - [2010.07.13 19:15:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Aja\Downloads\OTL.exe
MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.01.23 19:13:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.12.22 04:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.12.22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2009.09.29 17:05:29 | 000,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVGLS\avgwdsvc.exe -- (avg8wd)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.06.20 03:17:50 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.02.12 12:42:09 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.06 17:55:24 | 000,105,248 | ---- | M] (Labtec Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Aja\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.05.06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.05.06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.05.06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.05.06 22:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.05.06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.01.12 06:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.01.05 23:53:44 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.12.22 04:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.12.22 04:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009.10.22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\95835872.sys -- (95835872)
DRV - [2009.10.09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\9583587.sys -- (setup_9.0.0.722_12.07.2010_21-56drv)
DRV - [2009.09.29 17:05:41 | 000,253,576 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009.09.29 17:05:38 | 000,108,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009.09.25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\95835871.sys -- (95835871)
DRV - [2009.09.19 07:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.09.19 07:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2009.09.19 07:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.09.19 07:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.11 19:55:36 | 002,077,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.09 01:24:18 | 000,023,680 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbsmodem.sys -- (lgusbsmodem)
DRV - [2007.04.20 07:34:53 | 000,674,048 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.03.06 17:54:40 | 000,041,376 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.03.06 17:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007.03.06 17:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007.03.06 17:49:20 | 000,491,168 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)


IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.364
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.1.6&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVGLS\Firefox [2009.12.19 17:26:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 15:51:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.28 15:51:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009.02.25 12:51:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010.01.23 17:17:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.15\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009.04.10 15:57:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.15\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2009.04.10 15:56:37 | 000,000,000 | ---D | M]

[2008.12.29 15:49:22 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Mozilla\Extensions
[2010.07.12 20:59:21 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Mozilla\Firefox\Profiles\m5m8btcl.default\extensions
[2010.04.28 20:02:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aja\AppData\Roaming\Mozilla\Firefox\Profiles\m5m8btcl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.28 20:02:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Aja\AppData\Roaming\Mozilla\Firefox\Profiles\m5m8btcl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.06.24 20:44:27 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Aja\AppData\Roaming\Mozilla\Firefox\Profiles\m5m8btcl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.01.04 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Mozilla\Sunbird\Profiles\oe4d93wf.default\extensions
[2010.07.09 18:29:38 | 000,001,056 | ---- | M] () -- C:\Users\Aja\AppData\Roaming\Mozilla\Firefox\Profiles\m5m8btcl.default\searchplugins\icqplugin.xml
[2010.07.11 19:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.25 19:03:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.25 19:03:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.13 01:37:38 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.13 01:37:38 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.13 01:37:38 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.13 01:37:38 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.13 01:37:38 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.07.12 19:53:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No CLSID value found.
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Burn4Free Toolbar Helper) - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVGLS\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1571987287-4207360182-302210322-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1571987287-4207360182-302210322-1000..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe ()
O4 - HKU\S-1-5-21-1571987287-4207360182-302210322-1000..\Run: [KiesTrayAgent] File not found
O4 - HKU\S-1-5-21-1571987287-4207360182-302210322-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Aja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_12.07.2010_21-56.lnk = C:\Users\Aja\Desktop\Virus Removal Tool\setup_9.0.0.722_12.07.2010_21-56\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1571987287-4207360182-302210322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll ()
O9 - Extra 'Tools' menuitem : Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\schmap-help - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\SecuLoad.dll) - C:\Windows\System32\SecuLoad.dll (Tenebril Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Aja\obrázky z nikonu\vytvory\DSCN0114zm.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aja\obrázky z nikonu\vytvory\DSCN0114zm.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Labtec Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010.07.12 21:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.07.12 21:04:12 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\9583587.sys
[2010.07.12 21:04:12 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\95835871.sys
[2010.07.12 21:04:12 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\95835872.sys
[2010.07.12 21:04:12 | 000,000,000 | ---D | C] -- C:\Users\Aja\Desktop\Virus Removal Tool
[2010.07.12 20:57:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.07.12 20:50:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.07.12 20:50:07 | 000,000,000 | ---D | C] -- C:\Users\Aja\AppData\Local\temp
[2010.07.12 20:31:36 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.07.12 18:33:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.07.12 18:33:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.07.12 18:33:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.07.12 18:33:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.07.12 18:33:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.07.12 18:33:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.12 17:57:45 | 000,000,000 | ---D | C] -- C:\Users\Aja\Desktop\Nová složka
[2010.07.12 16:59:28 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010.07.11 22:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.11 22:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.07.11 19:11:50 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2010.07.04 23:58:06 | 000,000,000 | ---D | C] -- C:\Users\Aja\Desktop\Marco Kasiske - Rammstein Orchestra
[2010.06.29 19:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Kirstens S20
[2010.06.29 19:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2010.06.27 14:37:26 | 000,000,000 | ---D | C] -- C:\Users\Aja\Documents\German Truck Simulator
[2010.06.27 14:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\German Truck Simulator
[2010.06.25 19:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.06.25 19:03:24 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.06.25 19:03:24 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.06.25 19:03:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.06.25 19:03:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.06.25 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.06.24 21:09:38 | 000,000,000 | ---D | C] -- C:\Users\Aja\AppData\Roaming\Facebook
[2010.06.24 21:09:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.06.24 20:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.06.24 20:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010.06.24 20:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.06.24 20:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.06.24 20:41:24 | 000,000,000 | ---D | C] -- C:\Users\Aja\AppData\Local\AOL
[2010.06.24 20:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2010.06.15 20:55:47 | 000,000,000 | ---D | C] -- C:\Users\Aja\Documents\Samsung
[2010.06.15 20:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010.06.15 20:55:45 | 000,000,000 | ---D | C] -- C:\Users\Aja\AppData\Roaming\PC Suite
[2010.06.15 20:42:20 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
[2010.06.15 20:42:20 | 000,100,224 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bserd.sys
[2010.06.15 20:42:20 | 000,098,432 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
[2010.06.15 20:42:20 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
[2010.06.15 20:42:20 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
[2010.06.15 20:42:20 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys
[2010.06.15 20:42:20 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
[2010.06.15 20:42:20 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys
[2010.06.15 20:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.06.15 20:30:09 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.06.15 20:27:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.06.15 20:27:30 | 000,217,088 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010.06.15 20:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.06.15 20:24:32 | 000,000,000 | ---D | C] -- C:\Users\Aja\AppData\Roaming\Samsung
[2010.06.15 20:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010.06.15 20:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010.06.15 20:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010.06.15 20:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Samsung
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.13 19:15:52 | 007,864,320 | -HS- | M] () -- C:\Users\Aja\ntuser.dat
[2010.07.13 19:03:43 | 000,003,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.13 19:03:43 | 000,003,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.13 18:52:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1571987287-4207360182-302210322-1000UA.job
[2010.07.13 17:42:33 | 000,072,192 | ---- | M] () -- C:\Users\Aja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.13 10:11:09 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.13 10:11:09 | 000,473,360 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.07.13 10:11:09 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.13 10:11:09 | 000,081,198 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.07.13 10:11:08 | 001,259,320 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.13 10:04:23 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.13 10:04:22 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.13 10:03:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.13 10:03:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.13 10:03:27 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.12 21:57:18 | 003,390,150 | -H-- | M] () -- C:\Users\Aja\AppData\Local\IconCache.db
[2010.07.12 21:05:28 | 000,002,139 | ---- | M] () -- C:\Users\Aja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_12.07.2010_21-56.lnk
[2010.07.12 20:55:23 | 341,789,553 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.12 20:50:14 | 000,000,244 | ---- | M] () -- C:\Windows\system.ini
[2010.07.12 19:53:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.07.11 22:41:43 | 000,000,444 | ---- | M] () -- C:\Users\Aja\Documents\cc_20100711_224141.reg
[2010.07.11 22:41:26 | 000,011,546 | ---- | M] () -- C:\Users\Aja\Documents\cc_20100711_224121.reg
[2010.07.11 22:04:43 | 000,001,055 | ---- | M] () -- C:\Users\Aja\Desktop\Spybot - Search & Destroy.lnk
[2010.07.07 23:52:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1571987287-4207360182-302210322-1000Core.job
[2010.07.05 23:48:02 | 000,132,855 | ---- | M] () -- C:\Users\Aja\Documents\sl_nach.odt
[2010.06.30 23:20:56 | 000,027,482 | ---- | M] () -- C:\Users\Aja\Documents\vyroky_profesoru.odt
[2010.06.30 13:36:56 | 001,751,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.29 20:15:30 | 000,114,776 | ---- | M] () -- C:\Users\Aja\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.29 19:26:13 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Kirstens S20.lnk
[2010.06.25 19:03:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.06.25 19:03:04 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.06.25 19:03:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.06.25 19:03:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.06.20 22:12:00 | 000,012,883 | ---- | M] () -- C:\Users\Aja\Documents\ctenarsky_denik.odt
[2010.06.20 22:07:00 | 000,026,620 | ---- | M] () -- C:\Users\Aja\Documents\gilgames.odt
[2010.06.20 22:02:07 | 000,024,968 | ---- | M] () -- C:\Users\Aja\Documents\Utrpeni_ml_Werthera_Goethe.odt
[2010.06.20 21:50:56 | 000,027,599 | ---- | M] () -- C:\Users\Aja\Documents\promeny-ovidius.odt
[2010.06.18 19:43:42 | 000,023,520 | ---- | M] () -- C:\Users\Aja\Documents\hamlet_shakespeare.odt
[2010.06.15 20:23:57 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.12 21:05:28 | 000,002,139 | ---- | C] () -- C:\Users\Aja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_12.07.2010_21-56.lnk
[2010.07.12 19:07:42 | 341,789,553 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.07.12 18:49:41 | 3220,496,384 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.12 18:33:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.07.12 18:33:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.07.12 18:33:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.07.12 18:33:36 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.07.12 18:33:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.07.11 22:41:42 | 000,000,444 | ---- | C] () -- C:\Users\Aja\Documents\cc_20100711_224141.reg
[2010.07.11 22:41:23 | 000,011,546 | ---- | C] () -- C:\Users\Aja\Documents\cc_20100711_224121.reg
[2010.07.11 22:04:43 | 000,001,055 | ---- | C] () -- C:\Users\Aja\Desktop\Spybot - Search & Destroy.lnk
[2010.06.29 19:26:13 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Kirstens S20.lnk
[2010.06.20 22:11:58 | 000,012,883 | ---- | C] () -- C:\Users\Aja\Documents\ctenarsky_denik.odt
[2010.06.19 19:18:51 | 000,027,599 | ---- | C] () -- C:\Users\Aja\Documents\promeny-ovidius.odt
[2010.06.18 19:45:56 | 000,026,620 | ---- | C] () -- C:\Users\Aja\Documents\gilgames.odt
[2010.06.18 18:34:40 | 000,023,520 | ---- | C] () -- C:\Users\Aja\Documents\hamlet_shakespeare.odt
[2010.06.17 21:04:27 | 000,024,968 | ---- | C] () -- C:\Users\Aja\Documents\Utrpeni_ml_Werthera_Goethe.odt
[2010.06.15 20:27:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.06.15 20:27:30 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.15 20:23:57 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010.01.30 14:55:05 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.11.09 04:08:10 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2009.11.09 04:08:10 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2009.11.09 04:08:10 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2009.11.09 04:08:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009.05.22 16:11:44 | 000,201,216 | ---- | C] () -- C:\Windows\System32\mediarcpt.dll
[2009.04.16 21:34:47 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009.02.06 20:00:16 | 000,062,976 | ---- | C] () -- C:\Windows\DTDraw.dll
[2009.01.14 18:47:39 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.01.07 20:02:39 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.01.07 20:02:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.01.07 20:02:36 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.07 20:02:36 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.07 20:02:35 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009.01.07 20:02:34 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.01.07 20:02:34 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.11.19 19:39:40 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2008.11.18 20:58:02 | 000,036,864 | ---- | C] () -- C:\Windows\System32\CSDLGE1LIB.dll
[2008.04.08 11:47:53 | 000,051,370 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008.04.08 11:40:26 | 000,001,324 | ---- | C] () -- C:\Windows\TVP3XDrv.ini
[2008.04.08 11:40:07 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.11.14 06:57:54 | 000,223,744 | ---- | C] () -- C:\Windows\System32\b4fm.dll
[2007.03.06 17:50:30 | 001,669,664 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.10.09 18:26:10 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pagesync.dll

========== LOP Check ==========

Re: Windows fungují jen v nouzovém režimu, trojan Win32/Agen

Napsal: 13 črc 2010 19:13
od AjuS
[2009.03.19 19:54:30 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\.BitTornado
[2009.01.04 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Alawar
[2009.10.24 14:38:32 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Ancestry
[2010.06.11 22:17:18 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Any Video Converter
[2009.08.25 17:52:51 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Artweaver
[2009.08.28 13:19:27 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Ashampoo
[2010.07.05 19:10:37 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Audacity
[2009.10.31 20:50:07 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\DAEMON Tools Lite
[2009.08.28 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\DAZ 3D
[2008.11.28 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\DeepBurner
[2009.12.18 19:33:04 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\DeskSoft
[2010.06.24 21:09:41 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Facebook
[2009.10.25 17:33:58 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\flightgear.org
[2009.11.20 22:19:13 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\FreeVideoConverter
[2009.05.01 17:49:51 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\gtk-2.0
[2010.06.30 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\ICQ
[2008.11.28 20:53:57 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\ICQ Toolbar
[2009.01.06 21:27:14 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\IrfanView
[2009.08.05 15:43:09 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Kecal
[2010.05.20 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Kirstens S19
[2010.05.21 19:27:11 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Kirstens S20
[2008.11.20 19:34:42 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\KWorld Multimedia
[2010.07.11 18:58:03 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Launchy
[2008.11.18 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\LGSync
[2009.02.28 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Megane-Navigator
[2008.12.03 18:24:02 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Mp3tag
[2008.11.19 19:47:03 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\MyHeritage
[2009.10.10 20:36:21 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\NASA
[2008.11.19 17:52:21 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Nikon
[2008.11.19 19:44:04 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\OpenOffice.org
[2009.04.10 15:48:21 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Opera
[2010.06.15 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\PC Suite
[2009.02.08 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\PeerNetworking
[2009.02.28 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Renault
[2010.06.15 20:24:32 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Samsung
[2009.11.18 17:18:18 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Schmap
[2010.01.29 21:00:48 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\SecondLife
[2009.04.24 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Stellarium
[2008.11.20 19:16:03 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Student dog
[2008.11.19 19:39:40 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010.07.11 18:58:04 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\uTorrent
[2008.12.06 18:54:08 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Zoner
[2010.07.12 21:57:41 | 000,032,518 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2006.11.02 14:35:32 | 000,125,440 | ---- | M] (Microsoft Corporation)
"Center Agent" = C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe -- [2007.07.13 10:00:00 | 001,435,648 | ---- | M] ()
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.01 11:21:08 | 000,153,136 | ---- | M] (Nero AG)
"Google Update" = "C:\Users\Aja\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2009.04.10 15:39:28 | 000,133,104 | ---- | M] (Google Inc.)
"KiesTrayAgent" =
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)

< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.03.19 19:54:30 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\.BitTornado
[2010.01.27 21:57:52 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Adobe
[2009.04.17 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Ahead
[2009.01.04 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Alawar
[2009.10.24 14:38:32 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Ancestry
[2010.06.11 22:17:18 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Any Video Converter
[2008.12.27 15:15:27 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\ArcSoft
[2009.08.25 17:52:51 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Artweaver
[2009.08.28 13:19:27 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Ashampoo
[2010.07.05 19:10:37 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Audacity
[2010.01.29 16:54:56 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\CyberLink
[2009.10.31 20:50:07 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\DAEMON Tools Lite
[2009.08.28 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\DAZ 3D
[2008.11.28 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\DeepBurner
[2009.12.18 19:33:04 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\DeskSoft
[2010.06.11 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\dvdcss
[2010.06.24 21:09:41 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Facebook
[2009.10.25 17:33:58 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\flightgear.org
[2009.11.20 22:19:13 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\FreeVideoConverter
[2009.01.04 14:24:17 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Google
[2009.05.01 17:49:51 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\gtk-2.0
[2008.11.20 18:24:23 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\HP
[2009.10.12 20:07:20 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\HpUpdate
[2010.06.30 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\ICQ
[2008.11.28 20:53:57 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\ICQ Toolbar
[2008.11.18 20:17:54 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Identities
[2010.01.17 22:17:47 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\InstallShield
[2009.01.06 21:27:14 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\IrfanView
[2009.08.05 15:43:09 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Kecal
[2010.05.20 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Kirstens S19
[2010.05.21 19:27:11 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Kirstens S20
[2008.11.20 19:34:42 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\KWorld Multimedia
[2010.07.11 18:58:03 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Launchy
[2008.11.18 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\LGSync
[2008.11.27 18:47:13 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Media Center Programs
[2009.01.07 20:04:17 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Media Player Classic
[2009.02.28 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Megane-Navigator
[2010.06.15 20:56:21 | 000,000,000 | --SD | M] -- C:\Users\Aja\AppData\Roaming\Microsoft
[2009.04.10 15:57:09 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Mozilla
[2008.12.03 18:24:02 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Mp3tag
[2008.11.19 19:47:03 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\MyHeritage
[2009.10.10 20:36:21 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\NASA
[2008.11.19 17:52:21 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Nikon
[2008.11.19 19:44:04 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\OpenOffice.org
[2009.04.10 15:48:21 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Opera
[2010.06.15 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\PC Suite
[2009.02.08 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\PeerNetworking
[2009.02.28 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Renault
[2010.06.15 20:24:32 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Samsung
[2009.11.18 17:18:18 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Schmap
[2010.01.29 21:00:48 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\SecondLife
[2010.01.17 22:34:45 | 000,000,000 | RH-D | M] -- C:\Users\Aja\AppData\Roaming\SecuROM
[2009.04.24 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Stellarium
[2008.11.20 19:16:03 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Student dog
[2009.01.04 14:29:16 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Talkback
[2008.11.19 19:39:40 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010.07.11 18:58:04 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\uTorrent
[2010.06.19 23:04:33 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\vlc
[2009.04.14 21:27:14 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\WinRAR
[2008.12.06 18:54:08 | 000,000,000 | ---D | M] -- C:\Users\Aja\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2009.05.11 20:38:21 | 002,341,923 | ---- | M] () -- C:\Users\Aja\AppData\Roaming\DAZ 3D\Studio3\DAZ Built-in Content\Runtime\libraries\!DAZ\DzCreateExPFiles.exe
[2009.05.11 20:38:21 | 000,004,608 | ---- | M] () -- C:\Users\Aja\AppData\Roaming\DAZ 3D\Studio3\DAZ Built-in Content\Runtime\libraries\!DAZ\w9xpopen.exe
[2010.06.24 21:09:41 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Aja\AppData\Roaming\Facebook\uninstall.exe
[2003.09.01 18:59:46 | 000,471,040 | ---- | M] (Virtools SA) -- C:\Users\Aja\AppData\Roaming\Megane-Navigator\megane.exe
[2009.02.28 23:52:10 | 000,018,432 | R--- | M] () -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{65257D5D-49CD-41CD-836A-FDE3D0365804}\Icon65257D5D.exe
[2009.05.22 15:45:17 | 000,007,168 | R--- | M] () -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{913A7D09-EC8B-49D2-8A58-00D004FD0CFD}\Icon913A7D09.exe
[2008.11.19 20:24:01 | 000,007,168 | R--- | M] () -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{953E4CAF-B57F-43BD-B1C1-E53D4B361B1F}\Icon9B52747C.exe
[2008.11.19 17:46:25 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
[2009.12.21 21:34:00 | 000,010,134 | R--- | M] () -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.01.29 16:26:01 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\ARPPRODUCTICON.exe
[2010.01.29 16:26:01 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\control711_48F4211F9E554440B05B06095A831C0E.exe
[2010.01.29 16:26:01 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\EC111_AA3A22F8E7544F6FAD918B9B63C337A0.exe
[2010.01.29 16:26:01 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\EC112_70A92A4E510F46D493E8CC2C417F701A.exe
[2010.01.29 16:26:01 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\EC11_F308E9E4D2CC484A9EDC18D90DFD4B61.exe
[2010.01.29 16:26:01 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\EC1_5BBC82EB80A4441584D82AFE3E9A466F.exe
[2010.01.29 16:26:01 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\NC_20DBAFE4C9624D5392E377CE18CEE872.exe
[2010.01.29 16:26:01 | 000,045,056 | R--- | M] (Acresso Software Inc.) -- C:\Users\Aja\AppData\Roaming\Microsoft\Installer\{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}\NewShortcut6_B794D369B2624859AEF7E3A2CABB3DFF.exe
[2010.03.29 08:53:22 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Aja\AppData\Roaming\Mozilla\Firefox\Profiles\m5m8btcl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2010.05.12 02:13:48 | 000,265,016 | ---- | M] (ml) -- C:\Users\Aja\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
[2010.07.01 19:18:01 | 000,000,000 | ---- | M] () -- C:\Users\Aja\AppData\Roaming\SecondLife\logs\SecondLife.exec_marker


< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.04.08 12:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\ERDNT\cache\atapi.sys
[2008.04.08 12:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008.04.08 12:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.04.08 12:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.04.08 12:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.01.19 09:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\System32\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\drivers\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\System32\cryptsvc.dll
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 09:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.02.18 16:03:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\ERDNT\cache\explorer.exe
[2009.02.18 16:03:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2009.02.18 16:03:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.02.18 16:03:16 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.02.18 16:03:16 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.02.12 12:44:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.02.12 12:44:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.02.18 16:03:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2008.02.12 13:30:31 | 000,160,872 | ---- | M] (Microsoft Corporation) MD5=779D32272A54384807A4424D90293378 -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\drivers\isapnp.sys
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.19 09:42:15 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.06.15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\ERDNT\cache\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\System32\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2009.02.13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\ERDNT\cache\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\ERDNT\cache\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2007.01.05 22:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) MD5=6F785DB62A6D8F3FAFD3E5695277E849 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\ERDNT\cache\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.01.19 09:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\System32\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\ERDNT\cache\svchost.exe
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.02.12 12:41:44 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=028061C7F6D2D03068C72E2A27E4228A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
[2009.12.08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2008.02.12 12:41:44 | 000,804,352 | ---- | M] (Microsoft Corporation) MD5=43EAE40B50FE3E60D194DD9C97EBB1FD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
[2009.12.08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\ERDNT\cache\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\System32\drivers\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2008.04.08 12:47:25 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2009.12.08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2009.03.21 14:02:48 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=82C4070707D100FEBC3D25CF00B77A4C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2009.12.08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2009.12.08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006.11.02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008.01.19 09:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\ERDNT\cache\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\ERDNT\cache\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SoftwareDistribution\Download\ed4622e5538dd0902b6f6f3592a40a49\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\ERDNT\cache\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006.11.02 11:46:10 | 001,376,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.02.12 12:36:11 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[2006.11.02 11:46:10 | 001,376,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.02.12 12:36:11 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.07.13 19:03:43 | 000,003,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.13 19:03:43 | 000,003,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.13 10:11:09 | 000,081,198 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.07.13 10:11:09 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.13 10:11:09 | 000,473,360 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.07.13 10:11:09 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.13 10:11:08 | 001,259,320 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Aja\Documents\Ice-Age2.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Aja\Documents\Bohové musí být šílení.avi:TOC.WMV
< End of report >

Re: Windows fungují jen v nouzovém režimu, trojan Win32/Agen

Napsal: 13 črc 2010 19:14
od AjuS
A druhý:

OTL Extras logfile created on: 13.7.2010 19:16:49 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Aja\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 194,87 Gb Free Space | 41,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AJA-PC
Current User Name: Aja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1571987287-4207360182-302210322-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1571987287-4207360182-302210322-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A8B2F5CD-6D1F-4B1C-BF41-5794B388909E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01708338-81F1-424C-9C53-D95A16EB7286}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{0660D593-C65E-4A24-AD42-0132BBC4736A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{165618D7-8A22-49AE-A94C-B7ACA882C070}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{340C36C0-23A2-4C87-960F-B164741D8671}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{342C0C69-194A-415F-8AAE-9742103A162C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3A467F46-57A6-4742-BBD1-839E23157C33}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{52C426A9-5FF7-45FA-AD5F-D532C17AAB03}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{56BA3AED-7373-4648-A55B-2FC2ADDFC3C0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{56FB8206-1C47-4C55-9D2E-5296477062C0}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{57E56A0F-0D4D-4548-A87C-2C74587B3433}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{5B25DCB8-2CC9-4393-B76D-555AC82932E0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{62FB577A-EBDD-48B0-AD31-528D86DC33E3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{791CE26B-597F-46F6-B767-E26309653A57}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{7EDBD314-494D-460A-A3AC-FD77FD7F8CB5}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{80B54C1A-E639-4187-9B0B-8ECF47A7D1C7}" = dir=in | app=c:\program files\avg\avgls\avgupd.exe |
"{8540B73B-9A3C-44A2-B734-A2101A2E01EB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{8AE743AE-CFCD-436F-A1E2-C90B7A6DD0C1}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{8F0B73DE-6F32-4EBD-A232-7A46FBF01A83}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9B6AF7AB-BE2C-4EA1-96B5-614C8C500E91}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{9C0A1593-E153-4F68-8CAD-A6FCCC59ADA8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9DACE8C2-5880-43A4-93A4-D3B3934281C5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A0139B04-579D-43DE-9230-ACB42C2B2E32}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A884DA98-BEC6-49F2-A617-4060EDEC4A7D}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{ACDDAEE7-83EE-48B0-BC3D-70C8AA94E0E0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{B16E3305-D88F-4622-A552-F062EDBF78A9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B3BA7271-D9CD-45DB-8869-0C82114EDF09}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BB00AEC8-3E69-4C68-B3EB-5BF81DE62FFF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{BC8E714F-D03D-4141-B636-29D14FFF36A0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{C762FA1B-CDE5-4CAE-A354-F9040209682E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{CBD7B82C-56CB-4DAC-BD32-26321215BDB0}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{CC57EB16-22F4-4DAC-B20C-D4D403F45A1B}" = dir=in | app=c:\program files\avg\avgls\avgnsx.exe |
"{D6C19D06-1BD4-42FA-A5CF-F9808999D477}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D6EAE314-56C0-40ED-B678-C6D65CC3CF5C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E0710BC1-8D3E-4D1E-94B2-7E56E07BAA5B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{0986307F-A56B-4687-8C66-FC7711E56442}C:\program files\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files\trackmania united\tmunited.exe |
"TCP Query User{16607ED5-2AA8-4BC6-92BF-55B517C6A89B}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{21FAE4AD-CD22-4905-9882-2B0FB6462D57}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2B3C6ED0-6E42-4DCE-A903-32B6015E4442}C:\users\aja\desktop\hry_atd\age of empires 2 the age of kings-the conquerors\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\aja\desktop\hry_atd\age of empires 2 the age of kings-the conquerors\age2_x1.exe |
"TCP Query User{2FC82C25-B97A-4FB0-B58D-51601BE7611E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{3E290112-9459-4462-A03A-B07002625D23}C:\users\aja\desktop\age of empires 2 the age of kings-the conquerors\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\aja\desktop\age of empires 2 the age of kings-the conquerors\age2_x1.exe |
"TCP Query User{48F9E15D-04E5-4AEB-B07F-FDADA2141A01}C:\program files\game over in machinimation\go.exe" = protocol=6 | dir=in | app=c:\program files\game over in machinimation\go.exe |
"TCP Query User{4A98C47A-A590-4622-8894-78673804316A}C:\program files\culinatix\sql anywhere 7\win32\rteng7.exe" = protocol=6 | dir=in | app=c:\program files\culinatix\sql anywhere 7\win32\rteng7.exe |
"TCP Query User{54140B0C-AB81-42B9-8C5C-8F93988858C8}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{5C65C330-BC1D-460C-9DFA-FCB9DE359399}C:\program files\kirstens s20\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\kirstens s20\slvoice.exe |
"TCP Query User{65EB0603-FAEF-4D30-949F-1468CB8A3DA0}C:\program files\secondlife\secondlife.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\secondlife.exe |
"TCP Query User{772B8B76-1B27-4E3D-AFD0-9ECDB4F677FD}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{82427454-C696-44C0-93DE-FE14BFAE01E2}C:\program files\rocketracer\rocketracer.exe" = protocol=6 | dir=in | app=c:\program files\rocketracer\rocketracer.exe |
"TCP Query User{920A0E0D-50F0-492A-870A-E5BC46D7C1DA}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=6 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe |
"TCP Query User{9A1DF968-B587-486C-AB16-FF234B182A62}C:\program files\drivingspeed2\drivingspeed.exe" = protocol=6 | dir=in | app=c:\program files\drivingspeed2\drivingspeed.exe |
"TCP Query User{A7CC2585-6983-4FE2-A951-B91D4ABE68DD}C:\program files\gmx media\osmý div světa\game.exe" = protocol=6 | dir=in | app=c:\program files\gmx media\osmý div světa\game.exe |
"TCP Query User{B91540D0-F09C-4EBF-8DE0-70B12EFDB304}C:\program files\rally championship\ral.exe" = protocol=6 | dir=in | app=c:\program files\rally championship\ral.exe |
"TCP Query User{B9BC17B0-E8BA-4AB2-867E-4386CC6FB7BC}C:\program files\truck_racing_by_renault_trucks\bin\rtr.exe" = protocol=6 | dir=in | app=c:\program files\truck_racing_by_renault_trucks\bin\rtr.exe |
"TCP Query User{C4278EE6-3193-4171-BA67-4E22326ED185}C:\program files\snowglobe\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\snowglobe\slvoice.exe |
"TCP Query User{CDC77A98-B539-40F7-8708-3A3DADA9825C}C:\program files\kirstens s19\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\kirstens s19\slvoice.exe |
"TCP Query User{DF7C420E-C1DB-453E-BDBA-DB4DD9033561}C:\program files\wolfquest\wolfquest.exe" = protocol=6 | dir=in | app=c:\program files\wolfquest\wolfquest.exe |
"TCP Query User{E01EDA38-BDB5-47BE-8820-5D00CAC44108}C:\sims\racer\racer.exe" = protocol=6 | dir=in | app=c:\sims\racer\racer.exe |
"TCP Query User{E0B0EC54-7B1A-4D3A-8A7B-155332262A47}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{E93B0760-0BCA-4040-992B-80B01C358E65}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{0058DFDC-2053-412A-AA30-225FED50EC84}C:\program files\rocketracer\rocketracer.exe" = protocol=17 | dir=in | app=c:\program files\rocketracer\rocketracer.exe |
"UDP Query User{16E7C36A-14C0-42B9-92B4-AB5FBFD71C2C}C:\program files\drivingspeed2\drivingspeed.exe" = protocol=17 | dir=in | app=c:\program files\drivingspeed2\drivingspeed.exe |
"UDP Query User{20097929-8B5F-47BB-BE05-FE10DF7FC797}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{2022EB0C-F465-4D38-A766-22BBEE3C6825}C:\program files\kirstens s20\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\kirstens s20\slvoice.exe |
"UDP Query User{320E003B-C29E-4967-A7BF-8E776527D0E0}C:\program files\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files\trackmania united\tmunited.exe |
"UDP Query User{3799C80C-3C82-4EC4-B786-92314519C044}C:\program files\kirstens s19\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\kirstens s19\slvoice.exe |
"UDP Query User{3AB99833-534A-4D9C-BEF7-92E4C7D9A6BC}C:\users\aja\desktop\hry_atd\age of empires 2 the age of kings-the conquerors\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\aja\desktop\hry_atd\age of empires 2 the age of kings-the conquerors\age2_x1.exe |
"UDP Query User{40A38991-E17D-44B6-ADB3-4EEE4DE93081}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=17 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe |
"UDP Query User{51D68AC4-4A0E-47AC-9270-AA1BBF17D230}C:\program files\rally championship\ral.exe" = protocol=17 | dir=in | app=c:\program files\rally championship\ral.exe |
"UDP Query User{6113C161-0A18-4935-BA91-6DDE1AFB5DA6}C:\program files\game over in machinimation\go.exe" = protocol=17 | dir=in | app=c:\program files\game over in machinimation\go.exe |
"UDP Query User{65D31C6E-5C8F-4528-9B94-1456A7E055F4}C:\program files\truck_racing_by_renault_trucks\bin\rtr.exe" = protocol=17 | dir=in | app=c:\program files\truck_racing_by_renault_trucks\bin\rtr.exe |
"UDP Query User{7E60AB47-D546-4680-8B6A-0FEE1E212AEE}C:\program files\snowglobe\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\snowglobe\slvoice.exe |
"UDP Query User{7E79A2E9-136A-4688-9C11-C19F9B8FCDD5}C:\users\aja\desktop\age of empires 2 the age of kings-the conquerors\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\aja\desktop\age of empires 2 the age of kings-the conquerors\age2_x1.exe |
"UDP Query User{8332B493-A436-44E6-BEC7-D0180E089EC3}C:\program files\secondlife\secondlife.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\secondlife.exe |
"UDP Query User{893082D3-E314-4E52-8C56-176D258C9850}C:\program files\wolfquest\wolfquest.exe" = protocol=17 | dir=in | app=c:\program files\wolfquest\wolfquest.exe |
"UDP Query User{910D68EC-3A01-449C-9146-3E14BDBD686A}C:\program files\gmx media\osmý div světa\game.exe" = protocol=17 | dir=in | app=c:\program files\gmx media\osmý div světa\game.exe |
"UDP Query User{9F153AFD-109C-4327-8E1E-C15E5D33C635}C:\sims\racer\racer.exe" = protocol=17 | dir=in | app=c:\sims\racer\racer.exe |
"UDP Query User{B1867E53-1A0E-4360-B753-C23BF67EA2D0}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{B5CCF8F0-30F0-4648-96ED-203A6347A4E5}C:\program files\culinatix\sql anywhere 7\win32\rteng7.exe" = protocol=17 | dir=in | app=c:\program files\culinatix\sql anywhere 7\win32\rteng7.exe |
"UDP Query User{CB9DCA9C-9770-46D4-A1FC-AC122466BF5A}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{CC1549A4-E68B-46BA-9B22-EF6CB3611EF9}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{D7E6EA82-FB30-4DAB-8A45-9233AC6905A6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{E411ADC6-5856-43FC-A185-26C032EA234B}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{F10BB205-B741-4350-8959-254615F6E31D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0849D456-B588-4A8A-B00F-896C419638F5}" = Kirstens S20 2.1.0.27
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{094F4DDB-68C0-483F-8FD1-5FDED48D1F82}" = SymbolCopy for FloorPlan 3D v8
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}" = LG_MobileSync
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12803180-9CAD-11DE-B804-005056806466}" = Google Earth
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.5
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{1E9E4260-772D-4527-B8F3-EC13279417F8}" = WolfQuest Amethyst Mtn
"{1F0337D1-0809-4DC1-9265-EB063C3C6841}" = Zoner Photo Print
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23B806E8-BA3C-4FC2-AAB8-116FC8514697}" = Agatha Christie - Evil Under the Sun
"{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2F7749ED-44A0-4EB1-8D64-C1FB5F73B48B}" = WolfQuest
"{2F8EF67B-4B95-409B-A4BB-4DF8B5C71AA2}_is1" = My Day 1.0
"{31CB0D80-1866-462A-9455-88614410971F}" = Driver: Parallel Lines
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Mazlíčci
"{49F864F5-1A85-4E69-8764-C7E4EABD8BA0}" = KWorld TV Tuner Card Utilities
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B141C08-51E5-4224-81BD-5FC967195734}" = LG USB Modem Driver-MDMS
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DE71D48-01EB-4BF2-A643-50FE6C9B6AC9}" = OpenOffice.org 3.2
"{65257D5D-49CD-41CD-836A-FDE3D0365804}" = Renault Mégane Navigator
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = The Sims™ 3 Nástroj Tvoření světa – Beta-verze
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66EBD70F-A42C-475F-AEDF-277378151029}" = Nero 7 Essentials
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AE9A059-6372-435D-A5FE-0568A3B67F19}" = HyperMediaCenter
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6BFD9013-BA6D-44DA-9FDB-8009289B2AC1}" = Uforia
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{72F9F82C-0A0D-44a7-9FBD-3804D2EEA9ED}" = The Sims™ 2 Vyzkoušejte si
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{773C485E-B148-45CB-BF38-84FC208D960A}" = TSR Merlin
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Ve světě podnikání
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROHYBRIDR_{3C3813E1-C370-4F32-9639-8B43C7C780CD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROHYBRIDR_{F67648A4-713E-4298-BBAD-A83D8283B0F3}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROHYBRIDR_{2659571A-3405-4486-B7D8-2F125BC0E3B2}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{913A7D09-EC8B-49D2-8A58-00D004FD0CFD}" = InfoMapa - Home Edition - mapa Prahy a ČR 2009 pro PPK
"{93538CBE-F87E-4B79-872C-D0D098EB42EE}" = FloorPlan 3D v8
"{953E4CAF-B57F-43BD-B1C1-E53D4B361B1F}" = Mapa Prahy a ČR - InfoMapa - Home Edition 2007
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9617BEC2-A487-40E7-94FB-AC699F1B360B}" = Walaber's Trampoline
"{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A21470CE-352F-4152-A2A1-B231CF0CED78}" = theHunter
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1029-7B44-A81000000003}" = Adobe Reader 8.1.0 - Czech
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7165C37-8577-4BE5-A661-E2F44A0E8C66}_is1" = CulinatiX
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 Cestovní horečka
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Demo
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC5DDD2F-4461-4EF5-9EF6-76BF49F64C7A}" = Kirstens S19
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims 2 Seasons
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4C6A629-7D55-4AF9-BED0-B3800C2B3952}" = Magnus™ 2009
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{F0137EB8-1B6E-480B-8676-CE8A293F9FB8}" = SpyCatcher Express 5.1.2
"{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}" = Trainz
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F65BF289-6174-4081-A9AC-5C60CEACD457}_is1" = Rally Championship
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Noční život
"µTorrent CZ_is1" = µTorrent CZ 1.8.2 (build 14153)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8thWonder" = Osmý div světa
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Any Video Converter_is1" = Any Video Converter 2.6.7
"ArcAetherAnomalies" = Arc Aether Anomalies
"Ashampoo Burning Studio 2009 Advanced_is1" = Ashampoo Burning Studio 2009 Advanced
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"avast5" = avast! Free Antivirus
"Avg8LsUninstall" = AVG LinkScanner® 8.5
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"Cactus" = Cactus
"Cartoonist_is1" = Cartoonist 1.3
"CCleaner" = CCleaner (remove only)
"Cestina pro SL" = Čeština pro klienta Second Life
"City Racing_is1" = City Racing
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"Dostihy 3000 deluxe" = Dostihy 3000 deluxe 1.1
"Driving Speed 2_is1" = Driving Speed 2.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Family Tree Builder" = MyHeritage Family Tree Builder
"FlightGear_is1" = FlightGear v0.9.10
"FMS 2.0 Beta 6" = FMS 2.0 Beta 6
"Foxit Reader" = Foxit Reader
"Free Video Converter_is1" = Free Video Converter V 2.6
"Free YouTube Download_is1" = Free YouTube Download 2.2
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"German Truck Simulator" = German Truck Simulator 1.00
"GoldenEyeDoom2_is1" = GoldenEye Doom2 Beta 2 (October 2006)
"Grand Touring" = Grand Touring
"Hair Studio - Vlasové studio_is1" = Hair Studio - Vlasové studio 1.0 LITE
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Championsheep Rally" = Championsheep Rally
"ICQToolbar" = ICQ Toolbar
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}" = Trainz
"IrfanView" = IrfanView (remove only)
"Kecal_is1" = Kecal 2.3
"KGBHunter_is1" = KGB Hunter
"Kirstens S19" = Kirstens S19
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.5 (Full)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Light Artist_is1" = Light Artist 1.5
"Light Driver 2" = Light Driver 2
"MapCreator 2" = MapCreator 2
"Mapy krajských měst_is1" = Mapy krajských měst - příloha časopisu Počítač pro každého č. 8
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mp3tag" = Mp3tag v2.41
"NASA World Wind 1.4" = NASA World Wind 1.4
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Odmaturuj z IVT_is1" = Odmaturuj z IVT 0.4.8.9
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 0.6.0
"OurGardenV3.0 che" = Moje zahrada - 3D
"PhotoFiltre" = PhotoFiltre
"PhotoScape" = PhotoScape
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Labtec® Camera Driver
"Quintessential Media Player" = Quintessential Media Player
"Recepty doma_is1" = Recepty doma
"Roboball" = Roboball
"Scorpions WinCheater 2.07 (s databází 101)_is1" = Scorpions WinCheater
"SeaMonkey (1.1.15)" = SeaMonkey (1.1.15)
"SecondLife" = SecondLife (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"SmartMaps Guide - Středojižní Evropa_is1" = SmartMaps Guide - Středojižní Evropa, příloha časopisu Počítač
"SmartMaps Router - Evropa_is1" = SmartMaps Router - Evropa 1.6.4.7
"Snowglobe" = Snowglobe (remove only)
"Stellarium_is1" = Stellarium 0.10.2
"Sweet Home 3D_is1" = Sweet Home 3D version 1.6
"SystemRequirementsLab" = System Requirements Lab
"TmUnited_is1" = TrackMania United 0.2.0.8
"Traffic City: Eco City" = Traffic City: Eco City
"Truck Racing" = Truck Racing by Renault Trucks
"TVP3XDrv" = KWorld TV713X BDA Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USA 2008" = USA 2008
"Virtual Breckenridge" = Virtual Breckenridge (remove only)
"VLC media player" = VLC media player 1.0.1
"Web Photo Album_is1" = Web Photo Album 1.1
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR
"WT019004" = Final Drive Fury
"XairRacer" = XairRacer
"Ziva kamera 2.0" = Živá kamera 2.0
"ZonerPhotoStudio10_CZ_is1" = Zoner Photo Studio 10
"Zoo Empire_is1" = Zoo Empire 1.21
"Život na koleji v.0.96B_is1" = Život na koleji v.0.96B

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1571987287-4207360182-302210322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bc-CZ_IW" = Interwetten Moto Race Challenge 08
"Facebook Plug-In" = Facebook Plug-In
"Free Realms Installer" = Free Realms Installer
"Google Chrome" = Google Chrome
"polo-AT_MAIN" = Polo Cup (AT)
"sc09-ORF_MAIN" = ORF-Ski Challenge 2009
"sc10-DE_SEVENONE_MAIN" = Big Pizza Ski Challenge 2010
"SOE-Free Realms" = Free Realms
"tc09-DE_SEVENONE_MAIN" = Big Pizza Mountainbike Challenge 09 (SevenOne)
"Territory" = Territory
"Verdict Free" = Slovník Verdict Free (a internetový překladač)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.7.2010 15:04:26 | Computer Name = Aja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.7.2010 15:04:27 | Computer Name = Aja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.7.2010 15:04:33 | Computer Name = Aja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.7.2010 15:04:38 | Computer Name = Aja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.7.2010 15:05:33 | Computer Name = Aja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.7.2010 15:05:34 | Computer Name = Aja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.7.2010 15:08:19 | Computer Name = Aja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.7.2010 15:08:19 | Computer Name = Aja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.7.2010 15:08:19 | Computer Name = Aja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.7.2010 15:08:19 | Computer Name = Aja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 12.7.2010 14:35:44 | Computer Name = Aja-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12.7.2010 14:39:52 | Computer Name = Aja-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12.7.2010 14:50:12 | Computer Name = Aja-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12.7.2010 14:55:34 | Computer Name = Aja-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (20:53:42, 12.7.2010) bylo neočekávané.

Error - 12.7.2010 14:55:45 | Computer Name = Aja-PC | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{0A39CADF-F42A-48AD-99BB-2DD5943E26F2},
protože jiný počítač v síti má stejný název. Server nelze spustit.

Error - 12.7.2010 14:55:44 | Computer Name = Aja-PC | Source = netbt | ID = 4321
Description = Název AJA-PC :0 nelze zaregistrovat v rozhraní s adresou IP
192.168.2.4. Počítač s adresou IP 192.168.2.3 nepovolil získání názvu tímto počítačem.

Error - 12.7.2010 14:55:45 | Computer Name = Aja-PC | Source = netbt | ID = 4321
Description = Název AJA-PC :20 nelze zaregistrovat v rozhraní s adresou
IP 192.168.2.4. Počítač s adresou IP 192.168.2.3 nepovolil získání názvu tímto počítačem.

Error - 12.7.2010 14:57:23 | Computer Name = Aja-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 13.7.2010 4:03:26 | Computer Name = Aja-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 12
Description =

Error - 13.7.2010 4:05:28 | Computer Name = Aja-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

Re: Windows fungují jen v nouzovém režimu, trojan Win32/Agen

Napsal: 13 črc 2010 19:44
od Rudy
Oba logy jsou čisté. Kromě toho trojáka, který odstranil NOD, žádný další v systému není. Zkuste obnovu systému k datu, kdy korektně fungoval.

Re: Windows fungují jen v nouzovém režimu, trojan Win32/Agen

Napsal: 13 črc 2010 20:14
od AjuS
Ok, děkuji Vám.

Re: Windows fungují jen v nouzovém režimu, trojan Win32/Agen

Napsal: 13 črc 2010 20:36
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz