VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosim o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=113301

Stránka 1 z 3

Prosim o kontrolu logu

Napsal: 19 črc 2011 10:37
od JaaTaky
Zdravicko, chtel bych poprosit o kontrolu logu. Notebook cas od casu totalne zamrzne. Zaclo to delat zhruba tak pred 14 dnima. Predem dekuji :)

Logfile of random's system information tool 1.09 (written by random/random)
Run by Honza at 2011-07-19 11:13:03
Microsoft Windows 7 Home Premium
System drive C: has 24 GB (24%) free of 102 GB
Total RAM: 3767 MB (54% free)


======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 24405536
\??\C:\Windows\system32\conhost.exe "10174514191616729127-109556776013480696872789767991982306747291765142-1223555182
C:\Windows\System32\spoolsv.exe
atieclxx
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe"
C:\Windows\system32\locator.exe
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe"
C:\Windows\SysWOW64\vmnat.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe"
"C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe"
WLIDSvcM.exe 2464
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe"
"C:\Program Files\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\PLFSetI.exe"
"C:\Windows\System32\GfxUI.exe" /startup:silent
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Kalendář\Rainlendar2\Rainlendar2.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe"
"C:\Program Files\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\QIP Infium\infium.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5280.10ad20c0.1422748539 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.5.0" -omnijar C:\Program Files (x86)\Mozilla Firefox\omni.jar 5280 \\.\pipe\gecko-crash-server-pipe.5280 plugin
"C:\Program Files\trend micro\Honza.exe" /silentautolog
taskeng.exe {77B8B79E-ADC5-4E6C-8E0E-5940A338700F}
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888138403-4158281134-2122410301-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888138403-4158281134-2122410301-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3, easygtranslate@wrlf.com.br:2.2, My-Translator@eugenche.com:0.2.3, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6, {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://www.google.com/search?ie=UTF-8&o ... &gfns=1&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
nppdf32.CZE
nppdf32.dll
nppdf32.HRV
nppdf32.HUN
nppdf32.POL
nppdf32.SKY
nppdf32.SLV

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\
easygtranslate@wrlf.com.br
My-Translator@eugenche.com
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{6AC85730-7D0F-4de0-B3FA-21142DD85326}

C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\searchplugins\
daemon-search.xml
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-02-03 141184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06 339872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06 339872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06 339872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ODDPwr"=C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [2010-04-22 223264]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2010-04-23 496160]
"egui"=C:\Program Files\ESET Smart Security\egui.exe [2010-08-12 2916584]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-10-21 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-10-21 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-10-21 414744]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-22 10081312]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-02-22 877600]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]
"PLFSetI"=C:\Windows\PLFSetI.exe [2010-01-13 206208]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-11 2107176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"AdobeBridge"= []
"Rainlendar2"=C:\Program Files (x86)\Kalendář\Rainlendar2\Rainlendar2.exe [2011-02-04 2346496]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-03-08 17037704]
"ISUSPM Startup"=c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-08-09 221184]
"Google Update"=C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-23 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2011-06-06 2903448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2011-06-06 36760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16 497648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2010-03-09 260608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-23 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files (x86)\Launch Manager\LManager.exe [2010-03-03 1300560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [2009-07-25 588648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\Honza\AppData\Roaming\QipGuard\QipGuard.exe [2011-02-03 191360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\Hry\Steam\steam.exe [2011-02-15 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [2009-10-22 129584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~2\Acer\ACERVC~1\AcerVCM.exe [2010-02-09 704032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2010-03-26 1125152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Honza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
C:\PROGRA~2\Hamachi\hamachi.exe [2010-09-19 624416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Honza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KN StrongDC.lnk]
C:\PROGRA~1\KN_STR~1\StrongDC.exe [2008-07-15 3361792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Honza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Honza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Users\Honza\AppData\Local\Temp\{6D5B2854-A2A1-4ACD-8841-505FDA6EA2B5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-04 284696]
""= []
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-19 336384]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2011-06-06 36760]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2011-06-06 2903448]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-10-21 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\Windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 month======

2011-07-19 11:06:20 ----D---- C:\rsit
2011-07-19 11:06:20 ----D---- C:\Program Files\trend micro
2011-07-13 09:02:28 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 09:02:28 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 09:02:28 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 09:02:28 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 09:02:28 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 09:02:27 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 09:02:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 09:02:26 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 09:02:26 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 09:02:26 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 09:02:26 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 09:02:26 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 09:02:26 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 09:02:26 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 09:02:26 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 09:02:26 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 09:02:24 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 09:02:23 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 09:02:22 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-13 09:02:16 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 09:02:09 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-13 09:02:09 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-06-29 09:20:41 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 09:20:40 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-06-29 09:20:40 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-06-29 09:20:39 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-06-29 09:20:39 ----A---- C:\Windows\SYSWOW64\devobj.dll

======List of files/folders modified in the last 1 month======

2011-07-19 11:13:00 ----D---- C:\Windows\Temp
2011-07-19 11:11:58 ----D---- C:\Windows\Prefetch
2011-07-19 11:06:20 ----RD---- C:\Program Files
2011-07-19 11:06:02 ----D---- C:\Downloads
2011-07-19 10:55:07 ----D---- C:\Program Files (x86)\QIP Infium
2011-07-19 10:54:17 ----D---- C:\Users\Honza\AppData\Roaming\Skype
2011-07-19 10:53:51 ----D---- C:\Windows\system32\config
2011-07-19 10:53:42 ----D---- C:\ProgramData\VMware
2011-07-19 10:53:37 ----A---- C:\Windows\SYSWOW64\log.txt
2011-07-19 09:58:26 ----SHD---- C:\System Volume Information
2011-07-16 20:44:31 ----D---- C:\Windows\System32
2011-07-16 20:44:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-16 20:44:30 ----D---- C:\Windows\inf
2011-07-13 10:05:52 ----D---- C:\Windows\winsxs
2011-07-13 10:03:53 ----D---- C:\Windows\SysWOW64
2011-07-13 10:03:52 ----D---- C:\Windows\system32\DriverStore
2011-07-13 10:03:52 ----D---- C:\Windows\system32\drivers
2011-07-13 10:03:52 ----D---- C:\Windows\AppPatch
2011-07-13 09:42:28 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 09:42:24 ----SHD---- C:\Windows\Installer
2011-07-13 09:42:13 ----D---- C:\ProgramData\Microsoft Help
2011-07-13 09:02:04 ----D---- C:\Windows\system32\catroot
2011-07-13 09:00:38 ----D---- C:\Windows\system32\catroot2
2011-07-11 22:16:57 ----D---- C:\Program Files (x86)\SpeedFan
2011-07-06 09:40:52 ----A---- C:\Windows\NeroDigital.ini
2011-06-29 12:20:31 ----D---- C:\Program Files (x86)\JDownloader
2011-06-25 10:19:06 ----HD---- C:\ProgramData
2011-06-24 13:22:27 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-09-01 276576]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-01 834544]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2009-10-22 38960]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 47632]
R2 vmci;VMware vmci; \??\C:\Windows\system32\drivers\vmci.sys [2009-10-22 80944]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2009-10-22 45104]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2009-10-22 30256]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2009-10-22 68144]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [2009-10-12 32816]
R2 XilinxPC4Driver;XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [2011-02-04 27384]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-10-21 6856704]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-10-21 264704]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-04-07 124944]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-04-01 3060800]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-22 2271648]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-10-21 10331840]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 18432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-11 316464]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 16896]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2009-10-22 29744]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [2011-02-04 254976]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-04-07 2216960]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-03-05 335400]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-02-14 102440]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-13 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-13 21544]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files (x86)\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-31 26752]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-02-28 74120]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-02-28 85384]
S3 giveio;giveio; \??\C:\Windows\giveio.sys [2008-06-20 5248]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-09-19 33344]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2009-10-22 20016]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-10-21 203264]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-03-26 920352]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
R2 ekrn;ESET Service; C:\Program Files\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-04-23 820768]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-10-01 262144]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-09 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
R2 OS Selector;Acronis OS Selector activator; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139400]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [2009-10-22 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2009-10-22 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2009-10-22 395824]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 .EsetTrialReset;Eset Trial Reset; C:\Windows\reset.exe [2009-03-20 357182]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-30 403240]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 ufad-ws60;VMware Agent Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [2009-10-12 191024]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-28 1255736]

-----------------EOF-----------------

Re: Prosim o kontrolu logu

Napsal: 20 črc 2011 12:47
od Danstahr
:arrow: Stáhněte OTL.
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
*crack* /s
*keygen* /s
CREATERESTOREPOINT
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Re: Prosim o kontrolu logu

Napsal: 20 črc 2011 15:21
od JaaTaky
OTL_1.txt

OTL logfile created on: 7/20/2011 3:50:23 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.68 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 47.06% Memory free
7.35 Gb Paging File | 4.76 Gb Available in Paging File | 64.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 23.67 Gb Free Space | 23.67% Space Free | Partition Type: NTFS
Drive E: | 483.07 Gb Total Space | 110.04 Gb Free Space | 22.78% Space Free | Partition Type: NTFS

Computer Name: A02-0826A | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 15:47:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2011/06/24 13:22:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 21:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/05/11 14:58:40 | 006,848,384 | ---- | M] () -- C:\Program Files (x86)\QIP Infium\infium.exe
PRC - [2011/02/04 15:24:32 | 002,346,496 | ---- | M] () -- C:\Program Files (x86)\Kalendář\Rainlendar2\Rainlendar2.exe
PRC - [2010/10/18 22:15:53 | 004,432,264 | ---- | M] (ZONER software) -- C:\Program Files (x86)\Zoner\Photo Studio 12\Program\Zps.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET Smart Security\x86\ekrn.exe
PRC - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/02/15 22:17:08 | 001,260,544 | ---- | M] (AIMP DevTeam) -- C:\Program Files\AIMP2\AIMP2.exe
PRC - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 19:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (SafeList) ==========

MOD - [2011/07/20 15:47:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/21 06:26:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/12 14:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/04/23 19:46:04 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/04/22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2010/03/26 20:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/03/30 09:05:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/20 15:56:57 | 000,357,182 | ---- | M] () [Auto | Stopped] -- C:\Windows\reset.exe -- (.EsetTrialReset)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/28 10:27:06 | 000,074,120 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/02/28 10:26:50 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/02/04 00:28:20 | 000,254,976 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2011/02/04 00:28:20 | 000,027,384 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV:64bit: - [2010/10/21 07:02:30 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/21 06:10:52 | 010,331,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/10/21 05:52:08 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/19 09:48:10 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/09/01 19:39:11 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/01 18:44:07 | 000,276,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/07/29 13:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/07/29 13:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 13:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/07/29 13:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/04/07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/05 12:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/01 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/14 22:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/02/10 09:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/13 17:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/13 17:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/12/22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/10/22 05:01:10 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/10/22 05:01:04 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009/10/22 05:00:58 | 000,068,144 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/10/22 05:00:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/10/22 03:47:50 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/10/22 00:13:28 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/10/22 00:13:28 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/10/20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/02/13 13:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/03/31 01:00:00 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver)
DRV - [2009/10/12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/06/20 01:33:58 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\giveio.sys -- (giveio)
DRV - [2007/02/07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: easygtranslate@wrlf.com.br:2.2
FF - prefs.js..extensions.enabledItems: My-Translator@eugenche.com:0.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&o ... &gfns=1&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Honza\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Honza\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2010/08/31 11:40:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/23 11:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/24 13:22:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/23 11:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET Smart Security\Mozilla Thunderbird [2010/08/31 11:40:32 | 000,000,000 | ---D | M]

[2010/08/26 21:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Extensions
[2011/07/03 18:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions
[2011/06/25 19:56:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/03/02 08:14:37 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2011/04/21 15:27:58 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/03/27 16:56:40 | 000,000,000 | ---D | M] (Easy Google Translate) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\easygtranslate@wrlf.com.br
[2010/11/02 12:54:02 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\My-Translator@eugenche.com
[2010/09/19 08:46:24 | 000,002,059 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\searchplugins\daemon-search.xml
[2011/03/02 08:14:47 | 000,002,062 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\searchplugins\qip-search.xml
[2011/05/06 09:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/14 17:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\HONZA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JDQ019XR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/24 13:22:06 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/12/14 17:43:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/06 09:21:47 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2011/05/06 09:21:47 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2010/09/17 15:33:26 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2011/05/06 09:21:47 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2011/05/06 09:21:47 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011/05/06 09:21:48 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010/08/31 11:24:32 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000..\Run: [Rainlendar2] C:\Program Files (x86)\Kalendář\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = a02-0826a.kn.vutbr.cz
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1d21312a-f4bb-11df-98b4-c80aa9c5fd8b}\Shell - "" = AutoRun
O33 - MountPoints2\{1d21312a-f4bb-11df-98b4-c80aa9c5fd8b}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{24da31c8-c377-11df-aac3-c80aa9c5fd8b}\Shell - "" = AutoRun
O33 - MountPoints2\{24da31c8-c377-11df-aac3-c80aa9c5fd8b}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{343a422e-668a-11e0-aced-96597fda126d}\Shell - "" = AutoRun
O33 - MountPoints2\{343a422e-668a-11e0-aced-96597fda126d}\Shell\AutoRun\command - "" = D:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 11:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/07/19 11:06:20 | 000,000,000 | ---D | C] -- C:\rsit
[2011/07/13 09:02:28 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 09:02:28 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 09:02:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/13 09:02:28 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/13 09:02:27 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 09:02:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/13 09:02:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/13 09:02:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/13 09:02:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 09:02:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/13 09:02:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/13 09:02:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/13 09:02:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 09:02:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 09:02:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 09:02:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 09:02:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 09:02:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 09:02:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/06/29 09:20:40 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 09:20:39 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/03/15 22:07:46 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Honza\AppData\Roaming\pcouffin.sys
[2010/08/06 18:34:32 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/20 15:52:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888138403-4158281134-2122410301-1000UA.job
[2011/07/20 12:12:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/20 08:52:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888138403-4158281134-2122410301-1000Core.job
[2011/07/19 13:27:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 13:27:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 10:53:22 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/16 20:44:31 | 001,514,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/16 20:44:31 | 000,645,924 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011/07/16 20:44:31 | 000,630,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/16 20:44:31 | 000,129,266 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011/07/16 20:44:31 | 000,112,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/15 03:53:14 | 000,002,406 | ---- | M] () -- C:\Users\Honza\Desktop\Google Chrome.lnk
[2011/07/13 10:05:21 | 005,062,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/06 09:40:52 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/07/04 12:19:43 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/06/30 11:50:44 | 000,007,599 | ---- | M] () -- C:\Users\Honza\AppData\Local\resmon.resmoncfg
[2011/06/25 10:13:22 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/01 17:02:02 | 000,000,132 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2011/05/03 23:06:46 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/05/03 22:57:07 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/07 15:59:24 | 000,005,248 | ---- | C] () -- C:\Windows\giveio.sys
[2011/04/05 12:02:43 | 000,000,041 | ---- | C] () -- C:\Windows\OPML8WP.INI
[2011/03/15 22:07:46 | 000,099,384 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\inst.exe
[2011/03/15 22:07:46 | 000,007,859 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\pcouffin.cat
[2011/03/15 22:07:46 | 000,001,167 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\pcouffin.inf
[2011/03/15 18:57:59 | 000,000,600 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\winscp.rnd
[2011/03/15 13:25:54 | 000,001,057 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\vso_ts_preview.xml
[2011/02/08 16:58:25 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/16 19:36:02 | 000,000,093 | ---- | C] () -- C:\Users\Honza\AppData\Local\fusioncache.dat
[2010/12/16 15:46:36 | 000,006,144 | ---- | C] () -- C:\Users\Honza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/18 20:18:17 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/10/13 22:04:21 | 000,000,944 | ---- | C] () -- C:\Users\Honza\AppData\Local\SRDownloader(2).nast
[2010/10/12 09:51:33 | 000,001,480 | ---- | C] () -- C:\Users\Honza\AppData\Local\Adobe Uložit pro web 12.0 Prefs
[2010/10/08 21:18:09 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/10/08 19:50:26 | 000,000,792 | ---- | C] () -- C:\Users\Honza\AppData\Local\SRDownloader.nast
[2010/10/05 19:42:41 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/10/04 08:13:51 | 001,513,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/19 22:18:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/01 16:17:27 | 000,007,599 | ---- | C] () -- C:\Users\Honza\AppData\Local\resmon.resmoncfg
[2010/09/01 11:36:52 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/08/31 11:23:48 | 000,000,000 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\chrtmp
[2010/08/26 21:25:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/06 18:34:33 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/06 18:34:33 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/08/06 18:34:33 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/08/06 18:34:32 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010/08/06 18:34:32 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/08/06 18:30:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/06 18:27:23 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/05/14 07:22:42 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/05/14 07:22:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/05/14 07:22:42 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/05/14 07:22:41 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/05/14 07:22:41 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/05/14 06:57:51 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/13 16:06:30 | 000,357,182 | ---- | C] () -- C:\Windows\reset.exe

========== LOP Check ==========

[2011/05/03 23:01:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Atari
[2011/01/01 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Autodesk
[2010/10/09 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\BinarySense
[2010/10/12 19:03:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Bradsoft.com
[2011/03/15 08:31:16 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\COWON
[2010/09/01 20:40:23 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2010/08/31 11:41:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\ESET
[2010/10/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Games
[2010/09/27 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GARMIN
[2011/02/09 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GHISLER
[2011/04/07 18:42:34 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\hte
[2011/05/03 23:06:51 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Leadertech
[2010/08/27 12:38:52 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\PlayFirst
[2010/08/31 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QIP
[2011/03/02 08:14:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QipGuard
[2011/05/01 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Rovio
[2011/03/30 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sony
[2010/11/16 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sparx Systems
[2010/10/12 09:19:24 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/07 15:56:56 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Subversion
[2010/11/16 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\uTorrent
[2011/03/15 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Vso
[2011/04/07 20:28:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Xilinx
[2011/05/08 16:43:02 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\yWorks
[2010/10/18 22:20:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Zoner
[2011/07/11 16:31:48 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"AdobeBridge" =
"Rainlendar2" = C:\Program Files (x86)\Kalendář\Rainlendar2\Rainlendar2.exe -- [2011/02/04 15:24:32 | 002,346,496 | ---- | M] ()
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011/03/08 12:02:28 | 017,037,704 | R--- | M] (Skype Technologies S.A.)
"ISUSPM Startup" = c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup -- [2004/08/09 06:03:58 | 000,221,184 | ---- | M] (InstallShield Software Corporation)
"Google Update" = "C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010/09/23 18:47:01 | 000,136,176 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/10/12 09:50:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Adobe
[2010/10/12 09:19:25 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Adobe Mini Bridge CS5
[2011/05/03 23:01:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Atari
[2010/08/26 16:13:03 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\ATI
[2011/01/01 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Autodesk
[2010/10/09 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\BinarySense
[2010/10/12 19:03:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Bradsoft.com
[2011/03/15 08:31:16 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\COWON
[2010/08/26 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\CyberLink
[2010/09/01 20:40:23 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2011/04/07 17:05:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Download Manager
[2010/08/31 11:41:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\ESET
[2010/10/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Games
[2010/09/27 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GARMIN
[2011/02/09 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GHISLER
[2010/09/08 15:58:31 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Google
[2011/04/20 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Hamachi
[2011/04/07 18:42:34 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\hte
[2010/08/26 16:11:08 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Identities
[2011/03/15 08:28:35 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\InstallShield
[2010/09/19 08:58:09 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\InstallShield Installation Information
[2010/08/26 16:12:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Intel Corporation
[2011/05/03 23:06:51 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Leadertech
[2010/08/26 16:11:42 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Macromedia
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Media Center Programs
[2011/05/13 09:05:10 | 000,000,000 | --SD | M] -- C:\Users\Honza\AppData\Roaming\Microsoft
[2010/08/26 21:25:52 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Mozilla
[2010/10/08 21:22:42 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Nero
[2010/08/27 12:38:52 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\PlayFirst
[2010/10/12 10:14:01 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\PSpad
[2010/08/31 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QIP
[2011/03/02 08:14:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QipGuard
[2011/05/01 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Rovio
[2011/07/19 10:54:17 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Skype
[2011/03/08 10:22:25 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\skypePM
[2011/03/30 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sony
[2010/11/16 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sparx Systems
[2010/10/12 09:19:24 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/07 15:56:56 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Subversion
[2010/11/16 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\uTorrent
[2011/05/25 12:31:39 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\vlc
[2010/12/14 00:42:31 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\VMware
[2011/03/15 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Vso
[2010/08/27 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\WinRAR
[2011/04/07 20:28:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Xilinx
[2011/05/08 16:43:02 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\yWorks
[2010/10/18 22:20:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2011/03/15 22:07:46 | 000,099,384 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\inst.exe
[2010/09/19 08:49:55 | 000,331,776 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
[2011/03/14 21:36:07 | 000,029,926 | R--- | M] () -- C:\Users\Honza\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2011/01/28 18:53:59 | 000,010,134 | R--- | M] () -- C:\Users\Honza\AppData\Roaming\Microsoft\Installer\{AAB17558-7189-1415-2370-D689FDD44B33}\ARPPRODUCTICON.exe
[2010/11/04 21:58:54 | 003,773,760 | ---- | M] (Power Technology) -- C:\Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\dfxSetup-WMP64.exe
[2010/11/04 21:59:02 | 000,166,400 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\keygen.exe
[2010/11/10 14:25:25 | 000,961,736 | ---- | M] (Microsoft Corporation) -- C:\Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\SaveAsPDFandXPS.exe
[2011/02/03 14:42:56 | 000,191,360 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\QipGuard\QipGuard.exe

Re: Prosim o kontrolu logu

Napsal: 20 črc 2011 15:24
od JaaTaky
OTL_2.txt

< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009/07/14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009/07/14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/02/04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTOR.SYS >
[2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys

< MD5 for: IASTORV.SYS >
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011/03/11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009/07/14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2011/03/11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011/03/11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\drivers\nvraid.sys
[2011/03/11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
[2011/03/11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011/03/11 08:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/04/25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/04/25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009/07/14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009/07/14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[12 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[12 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011/07/19 10:53:37 | 000,000,018 | ---- | M] () -- C:\Windows\system32\log.txt
[12 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< *crack* /s >
[2011/05/30 14:32:33 | 009,721,307 | ---- | M] () -- \Downloads\dirt-3-crack-only-netshow.rar
[2011/05/30 14:30:56 | 000,000,320 | ---- | M] () -- \Downloads\DIRT.3.Crack.Only-SKIDROW.rar
[2011/05/30 14:30:52 | 001,743,536 | ---- | M] () -- \Downloads\DIRT.3.Crack.Only-SKIDROW.rar.part
[2011/02/02 17:46:47 | 000,004,328 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\CrackedCom.class
[2011/05/14 11:50:42 | 045,258,822 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\crack_last.rar
[2010/10/25 09:15:24 | 000,940,610 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\Crack.rar
[2010/12/09 20:17:04 | 005,359,107 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\crack.zip

< *keygen* /s >
[2010/11/04 21:59:02 | 000,166,400 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\keygen.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:2BE9FEFC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >

Re: Prosim o kontrolu logu

Napsal: 20 črc 2011 15:24
od JaaTaky
Extras.txt

OTL Extras logfile created on: 7/20/2011 3:50:23 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.68 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 47.06% Memory free
7.35 Gb Paging File | 4.76 Gb Available in Paging File | 64.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 23.67 Gb Free Space | 23.67% Space Free | Partition Type: NTFS
Drive E: | 483.07 Gb Total Space | 110.04 Gb Free Space | 22.78% Space Free | Partition Type: NTFS

Computer Name: A02-0826A | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F870E-BCF6-F19F-A154-B3488407F467}" = ccc-utility64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C30F9EF-5032-925C-1905-D87E8472EB85}" = ATI Catalyst Install Manager
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8D7B92C1-E4DD-42CC-816C-0955DBF1E430}" = ESET Smart Security
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Maple 13" = Maple 13
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{008CA161-E080-8630-47B4-9205A0E45573}" = CCC Help Thai
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{068B46A0-8858-4CEB-80BC-A4AE787A05FC}" = Windows Live Sync
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{11951952-9640-92E5-4C47-E38C6C7E9265}" = CCC Help Czech
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1D097338-B4FA-4F29-9C43-8D7A970A007E}" = Windows Live Fotogalerie
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EAA000F-8FC0-47AF-B665-CDF54EB75D5F}" = Drákula 2: Poslední útočiště
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{258203F7-1FDC-CD40-D409-01993D2DFC8F}" = CCC Help Swedish
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{35A0C956-ACF1-41AB-89DE-1772C8A27ACB}" = Drákula - Zrození
"{35E2427E-C52B-2C23-044E-36F83B90A3EE}" = CCC Help Norwegian
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{479A749B-1684-4881-8266-BF8DD22251E7}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.2
"{53EBE8C0-A9E6-45BD-87AF-AFDE0A477477}" = Drákula: Zmrtvýchvstání
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595639AF-26D3-BF56-6A73-A09F1D4BD3AE}" = CCC Help Hungarian
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5AFBC2F3-D3F5-660A-A2AD-CAD3E8EDA1D7}" = CCC Help English
"{5CD9E471-E03C-70A5-E5CA-217088BB2541}" = CCC Help Finnish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63953BA4-7F92-98F7-B99D-FEB4B7BF6905}" = Catalyst Control Center Localization All
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6F5BFDFA-57A6-0CAC-EC50-67B4D8B7B725}" = CCC Help Italian
"{6F8A555E-F2E1-415D-AD8A-67C0A7671029}" = Nero 8
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E40B32-5173-4538-8996-5822DD18E8D4}" = Windows Live Messenger
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{73F4842A-ACED-7EDD-0A96-99A8A97F4815}" = CCC Help German
"{74CEA7F6-2E4B-FE86-E72F-ADAEAAF28880}" = CCC Help Japanese
"{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}" = FEARCombat
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7753A3B2-E858-F0B3-3DD9-C027B16CBB81}" = Catalyst Control Center InstallProxy
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{855201BD-9C9A-2E33-C3E8-41EB1647F14A}" = CCC Help Greek
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5CF580-699D-821F-0FD1-A12CA9FE36C1}" = CCC Help Russian
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0405-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Czech) 2007
"{90120000-0017-0405-0000-0000000FF1CE}_OMUI.cs-cz_{10545811-A0FE-4F20-AF19-7F85937E9E59}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_OMUI.cs-cz_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.cs-cz_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_OMUI.cs-cz_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_OMUI.cs-cz_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_OMUI.cs-cz_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0405-0000-0000000FF1CE}" = Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0405-0000-0000000FF1CE}" = Microsoft Office O MUI (Czech) 2007
"{90120000-0100-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0405-0000-0000000FF1CE}" = Microsoft Office X MUI (Czech) 2007
"{90120000-0101-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Czech)
"{99CDAAD6-6D21-194D-91CF-A04C373A9F98}" = CCC Help French
"{99D7DE4C-2775-4B16-B155-7F09AE939E8E}" = Microsoft Works
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis Disk Director Home
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA2DC9ED-518D-E669-FFA5-7C757C33F040}" = CCC Help Dutch
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1029-4770-7760-000000000005}" = Adobe Acrobat X Pro - Eastern European (Group 1)
"{AC76BA86-1033-0000-0000-000000000005}" = Adobe Customization Wizard X
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF9DF4B7-5BDE-42F5-94EF-53311B55566B}" = Project IGI2 - Covert Strike
"{B0490CEE-D5ED-431A-88EB-772D9DB70C0C}" = Windows Live Movie Maker
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B619787F-8796-6ED6-5934-25EAF9F1E688}" = CCC Help Portuguese
"{B8EB9EF8-BA86-8858-E913-0A8011E5A824}" = CCC Help Chinese Traditional
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C818D485-2098-0125-35AF-FEC52F35670E}" = CCC Help Turkish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}" = Enterprise Architect 7.0
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB8C3EE5-4DE7-B7C7-0437-14A41DB85230}" = CCC Help Chinese Standard
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
"{E18F4B3D-1743-174B-E0C4-4D9FD084FB5C}" = CCC Help Polish
"{E2616F7B-9E5B-7B21-EDB0-5659A5A4DDA1}" = Catalyst Control Center Graphics Previews Common
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5A10EF8-DBF3-4251-A9CA-423311DBBFC8}" = Windows Live Mail
"{E9AA51F1-5B79-B303-2997-F15DE38344D2}" = CCC Help Spanish
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2AFB6AA-D2B8-92B9-5CAB-50107D14D9FB}" = CCC Help Danish
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FEF90494-3911-A844-2622-545BD4008231}" = Catalyst Control Center
"{FF30D03D-5C21-60EF-8735-C5FEE80D9DA6}" = CCC Help Korean
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"3309-7404-0599-8908" = yEd Graph Editor 3.7
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArtCursors" = ArtCursors
"ATnotes_is1" = ATnotes Version 9.5
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DFX for Windows Media Player" = DFX for Windows Media Player
"Easy Editor_is1" = Easy Editor 1.0.24
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FITkit" = QDevKit
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Hamachi" = Hamachi 1.0.2.5
"HospitalTycoon" = Hospital Tycoon
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{1EAA000F-8FC0-47AF-B665-CDF54EB75D5F}" = Drákula 2: Poslední útočiště
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{53EBE8C0-A9E6-45BD-87AF-AFDE0A477477}" = Drákula: Zmrtvýchvstání
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{AF9DF4B7-5BDE-42F5-94EF-53311B55566B}" = Project IGI2 - Covert Strike
"JDownloader" = JDownloader
"jetAudio 7.1.x Czech Language Pack" = jetAudio 7.1.x Czech Language Pack
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LManager" = Launch Manager
"Machinarium" = Machinarium
"Mafia II_is1" = Mafia II
"Maple 13" = Maple 13
"Mozilla Firefox 5.0 (x86 cs)" = Mozilla Firefox 5.0 (x86 cs)
"mspgcc" = mspgcc - The GNU tools for the MSP430
"MTI ModelSim PE Student Edition 10.0a Deinstall Key" = ModelSim PE Student Edition 10.0a
"OMUI.cs-cz" = Microsoft Office Language Pack 2007 - Czech/èeština
"OpenAL" = OpenAL
"Postal 2_is1" = Portal 2
"Project IGI" = Project IGI
"PSPad editor_is1" = PSPad editor
"Rainlendar2" = Rainlendar2 (remove only)
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"SpeedFan" = SpeedFan (remove only)
"ST5UNST #1" = Formulky aneb Závody na papíře
"Star Wars: Jedi Knight - Jedi Academy CZ" = Star Wars: Jedi Knight - Jedi Academy CZ
"stax-Pinnacle_is1" = SureThing Express Labeler
"Steam App 31500" = Coil
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"The KMPlayer" = The KMPlayer (remove only)
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"TopStyle4_is1" = TopStyle 4
"Totalcmd" = Total Commander (Remove or Repair)
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"VMware_Workstation" = VMware Workstation
"Vypínač na dobrou noc_is1" = Vypínač na dobrou noc verze 2.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"winscp3_is1" = WinSCP 4.3.2
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"QIP Infium" = QIP Infium 3.0.9044
"QipGuard" = QIP Internet Guardian

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Re: Prosim o kontrolu logu

Napsal: 20 črc 2011 16:02
od Danstahr
EsetTrialReset

Ale ale... Počítač s nelegálním antivirem tu řešit nebudeme. Takže buď dejte nový log s free bezpečnostním řešením (Avast, Avira, MSE...), nebo :lock: .

Re: Prosim o kontrolu logu

Napsal: 20 črc 2011 19:30
od JaaTaky
ESET odinstalovan.Misto toho MSE.Ale nedari se mi znovu vygenerovat log z OTL skonci to chybou Cannot create file C:\Download\cmd.bat. V ceste C:\Windows\system32\zipfldr.dll

Re: Prosim o kontrolu logu

Napsal: 20 črc 2011 19:56
od Danstahr
Zkuste spustit OTL v nouzovém režimu.

Re: Prosim o kontrolu logu

Napsal: 20 črc 2011 19:58
od JaaTaky
Tak do tretice se mi podarilo vygenerovat pouze OTL.txt

OTL_1.txt
OTL logfile created on: 7/20/2011 8:37:20 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.68 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 42.57% Memory free
7.35 Gb Paging File | 5.05 Gb Available in Paging File | 68.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 22.61 Gb Free Space | 22.61% Space Free | Partition Type: NTFS
Drive E: | 483.07 Gb Total Space | 110.04 Gb Free Space | 22.78% Space Free | Partition Type: NTFS

Computer Name: A02-0826A | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 20:36:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL(1).exe
PRC - [2011/06/24 13:22:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 21:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/05/11 14:58:40 | 006,848,384 | ---- | M] () -- C:\Program Files (x86)\QIP Infium\infium.exe
PRC - [2011/02/04 15:24:32 | 002,346,496 | ---- | M] () -- C:\Program Files (x86)\Kalendář\Rainlendar2\Rainlendar2.exe
PRC - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 19:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (SafeList) ==========

MOD - [2011/07/20 20:36:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL(1).exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/21 06:26:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/23 19:46:04 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/04/22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2010/03/26 20:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/03/30 09:05:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/20 15:56:57 | 000,357,182 | ---- | M] () [Auto | Stopped] -- C:\Windows\reset.exe -- (.EsetTrialReset)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/28 10:27:06 | 000,074,120 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/02/28 10:26:50 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/02/04 00:28:20 | 000,254,976 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2011/02/04 00:28:20 | 000,027,384 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV:64bit: - [2010/10/21 07:02:30 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/21 06:10:52 | 010,331,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/10/21 05:52:08 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/19 09:48:10 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/09/01 19:39:11 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/01 18:44:07 | 000,276,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/04/07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/05 12:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/01 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/14 22:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/02/10 09:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/13 17:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/13 17:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/12/22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/10/22 05:01:10 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/10/22 05:01:04 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009/10/22 05:00:58 | 000,068,144 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/10/22 05:00:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/10/22 03:47:50 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/10/22 00:13:28 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/10/22 00:13:28 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/10/20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/02/13 13:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/03/31 01:00:00 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver)
DRV - [2009/10/12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/06/20 01:33:58 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\giveio.sys -- (giveio)
DRV - [2007/02/07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: easygtranslate@wrlf.com.br:2.2
FF - prefs.js..extensions.enabledItems: My-Translator@eugenche.com:0.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&o ... &gfns=1&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Honza\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Honza\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/23 11:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/24 13:22:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/23 11:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET Smart Security\Mozilla Thunderbird

[2010/08/26 21:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Extensions
[2011/07/03 18:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions
[2011/06/25 19:56:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/03/02 08:14:37 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2011/04/21 15:27:58 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/03/27 16:56:40 | 000,000,000 | ---D | M] (Easy Google Translate) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\easygtranslate@wrlf.com.br
[2010/11/02 12:54:02 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\My-Translator@eugenche.com
[2010/09/19 08:46:24 | 000,002,059 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\searchplugins\daemon-search.xml
[2011/03/02 08:14:47 | 000,002,062 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\searchplugins\qip-search.xml
[2011/05/06 09:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/14 17:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\HONZA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JDQ019XR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/24 13:22:06 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/12/14 17:43:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/06 09:21:47 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2011/05/06 09:21:47 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2010/09/17 15:33:26 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2011/05/06 09:21:47 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2011/05/06 09:21:47 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011/05/06 09:21:48 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010/08/31 11:24:32 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000..\Run: [Rainlendar2] C:\Program Files (x86)\Kalendář\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = a02-0826a.kn.vutbr.cz
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1d21312a-f4bb-11df-98b4-c80aa9c5fd8b}\Shell - "" = AutoRun
O33 - MountPoints2\{1d21312a-f4bb-11df-98b4-c80aa9c5fd8b}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{24da31c8-c377-11df-aac3-c80aa9c5fd8b}\Shell - "" = AutoRun
O33 - MountPoints2\{24da31c8-c377-11df-aac3-c80aa9c5fd8b}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{343a422e-668a-11e0-aced-96597fda126d}\Shell - "" = AutoRun
O33 - MountPoints2\{343a422e-668a-11e0-aced-96597fda126d}\Shell\AutoRun\command - "" = D:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/20 17:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/20 17:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/20 17:34:00 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/07/19 11:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/07/19 11:06:20 | 000,000,000 | ---D | C] -- C:\rsit
[2011/07/13 09:02:28 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 09:02:28 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 09:02:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/13 09:02:28 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/13 09:02:27 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 09:02:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/13 09:02:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/13 09:02:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/13 09:02:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 09:02:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/13 09:02:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/13 09:02:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/13 09:02:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 09:02:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 09:02:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 09:02:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 09:02:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 09:02:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 09:02:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/06/29 09:20:40 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 09:20:39 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/03/15 22:07:46 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Honza\AppData\Roaming\pcouffin.sys
[2010/08/06 18:34:32 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/20 19:52:02 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888138403-4158281134-2122410301-1000UA.job
[2011/07/20 17:43:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/20 17:43:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/20 17:36:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/20 17:35:53 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/20 17:35:03 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/20 17:34:38 | 001,540,036 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/20 17:34:38 | 000,648,024 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011/07/20 17:34:38 | 000,632,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/20 17:34:38 | 000,130,266 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011/07/20 17:34:38 | 000,113,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/20 08:52:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888138403-4158281134-2122410301-1000Core.job
[2011/07/16 20:44:31 | 001,514,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/15 03:53:14 | 000,002,406 | ---- | M] () -- C:\Users\Honza\Desktop\Google Chrome.lnk
[2011/07/13 10:05:21 | 005,062,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/06 09:40:52 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/07/04 12:19:43 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/06/30 11:50:44 | 000,007,599 | ---- | M] () -- C:\Users\Honza\AppData\Local\resmon.resmoncfg
[2011/06/25 10:13:22 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/20 17:35:03 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/20 17:34:29 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/01 17:02:02 | 000,000,132 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2011/05/03 23:06:46 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/05/03 22:57:07 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/07 15:59:24 | 000,005,248 | ---- | C] () -- C:\Windows\giveio.sys
[2011/04/05 12:02:43 | 000,000,041 | ---- | C] () -- C:\Windows\OPML8WP.INI
[2011/03/15 22:07:46 | 000,099,384 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\inst.exe
[2011/03/15 22:07:46 | 000,007,859 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\pcouffin.cat
[2011/03/15 22:07:46 | 000,001,167 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\pcouffin.inf
[2011/03/15 18:57:59 | 000,000,600 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\winscp.rnd
[2011/03/15 13:25:54 | 000,001,057 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\vso_ts_preview.xml
[2011/02/08 16:58:25 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/16 19:36:02 | 000,000,093 | ---- | C] () -- C:\Users\Honza\AppData\Local\fusioncache.dat
[2010/12/16 15:46:36 | 000,006,144 | ---- | C] () -- C:\Users\Honza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/18 20:18:17 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/10/13 22:04:21 | 000,000,944 | ---- | C] () -- C:\Users\Honza\AppData\Local\SRDownloader(2).nast
[2010/10/12 09:51:33 | 000,001,480 | ---- | C] () -- C:\Users\Honza\AppData\Local\Adobe Uložit pro web 12.0 Prefs
[2010/10/08 21:18:09 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/10/08 19:50:26 | 000,000,792 | ---- | C] () -- C:\Users\Honza\AppData\Local\SRDownloader.nast
[2010/10/05 19:42:41 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/10/04 08:13:51 | 001,540,036 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/19 22:18:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/01 16:17:27 | 000,007,599 | ---- | C] () -- C:\Users\Honza\AppData\Local\resmon.resmoncfg
[2010/09/01 11:36:52 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/08/31 11:23:48 | 000,000,000 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\chrtmp
[2010/08/26 21:25:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/06 18:34:33 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/06 18:34:33 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/08/06 18:34:33 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/08/06 18:34:32 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010/08/06 18:34:32 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/08/06 18:30:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/06 18:27:23 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/05/14 07:22:42 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/05/14 07:22:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/05/14 07:22:42 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/05/14 07:22:41 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/05/14 07:22:41 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/05/14 06:57:51 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/13 16:06:30 | 000,357,182 | ---- | C] () -- C:\Windows\reset.exe

========== LOP Check ==========

[2011/05/03 23:01:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Atari
[2011/01/01 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Autodesk
[2010/10/09 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\BinarySense
[2010/10/12 19:03:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Bradsoft.com
[2011/03/15 08:31:16 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\COWON
[2010/09/01 20:40:23 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2010/08/31 11:41:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\ESET
[2010/10/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Games
[2010/09/27 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GARMIN
[2011/02/09 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GHISLER
[2011/04/07 18:42:34 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\hte
[2011/05/03 23:06:51 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Leadertech
[2010/08/27 12:38:52 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\PlayFirst
[2010/08/31 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QIP
[2011/03/02 08:14:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QipGuard
[2011/05/01 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Rovio
[2011/03/30 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sony
[2010/11/16 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sparx Systems
[2010/10/12 09:19:24 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/07 15:56:56 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Subversion
[2010/11/16 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\uTorrent
[2011/03/15 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Vso
[2011/04/07 20:28:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Xilinx
[2011/05/08 16:43:02 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\yWorks
[2010/10/18 22:20:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Zoner
[2011/07/11 16:31:48 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"AdobeBridge" =
"Rainlendar2" = C:\Program Files (x86)\Kalendář\Rainlendar2\Rainlendar2.exe -- [2011/02/04 15:24:32 | 002,346,496 | ---- | M] ()
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011/03/08 12:02:28 | 017,037,704 | R--- | M] (Skype Technologies S.A.)
"ISUSPM Startup" = c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup -- [2004/08/09 06:03:58 | 000,221,184 | ---- | M] (InstallShield Software Corporation)
"Google Update" = "C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010/09/23 18:47:01 | 000,136,176 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

Re: Prosim o kontrolu logu

Napsal: 20 črc 2011 19:58
od JaaTaky
OTL_2.txt

< %APPDATA%\*. >
[2010/10/12 09:50:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Adobe
[2010/10/12 09:19:25 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Adobe Mini Bridge CS5
[2011/05/03 23:01:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Atari
[2010/08/26 16:13:03 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\ATI
[2011/01/01 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Autodesk
[2010/10/09 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\BinarySense
[2010/10/12 19:03:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Bradsoft.com
[2011/03/15 08:31:16 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\COWON
[2010/08/26 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\CyberLink
[2010/09/01 20:40:23 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2011/04/07 17:05:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Download Manager
[2010/08/31 11:41:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\ESET
[2010/10/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Games
[2010/09/27 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GARMIN
[2011/02/09 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GHISLER
[2010/09/08 15:58:31 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Google
[2011/04/20 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Hamachi
[2011/04/07 18:42:34 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\hte
[2010/08/26 16:11:08 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Identities
[2011/03/15 08:28:35 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\InstallShield
[2010/09/19 08:58:09 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\InstallShield Installation Information
[2010/08/26 16:12:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Intel Corporation
[2011/05/03 23:06:51 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Leadertech
[2010/08/26 16:11:42 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Macromedia
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Media Center Programs
[2011/05/13 09:05:10 | 000,000,000 | --SD | M] -- C:\Users\Honza\AppData\Roaming\Microsoft
[2010/08/26 21:25:52 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Mozilla
[2010/10/08 21:22:42 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Nero
[2010/08/27 12:38:52 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\PlayFirst
[2010/10/12 10:14:01 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\PSpad
[2010/08/31 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QIP
[2011/03/02 08:14:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QipGuard
[2011/05/01 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Rovio
[2011/07/20 17:37:59 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Skype
[2011/03/08 10:22:25 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\skypePM
[2011/03/30 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sony
[2010/11/16 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sparx Systems
[2010/10/12 09:19:24 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/07 15:56:56 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Subversion
[2010/11/16 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\uTorrent
[2011/05/25 12:31:39 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\vlc
[2010/12/14 00:42:31 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\VMware
[2011/03/15 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Vso
[2010/08/27 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\WinRAR
[2011/04/07 20:28:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Xilinx
[2011/05/08 16:43:02 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\yWorks
[2010/10/18 22:20:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2011/03/15 22:07:46 | 000,099,384 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\inst.exe
[2010/09/19 08:49:55 | 000,331,776 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
[2011/03/14 21:36:07 | 000,029,926 | R--- | M] () -- C:\Users\Honza\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2011/01/28 18:53:59 | 000,010,134 | R--- | M] () -- C:\Users\Honza\AppData\Roaming\Microsoft\Installer\{AAB17558-7189-1415-2370-D689FDD44B33}\ARPPRODUCTICON.exe
[2010/11/04 21:58:54 | 003,773,760 | ---- | M] (Power Technology) -- C:\Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\dfxSetup-WMP64.exe
[2010/11/10 14:25:25 | 000,961,736 | ---- | M] (Microsoft Corporation) -- C:\Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\SaveAsPDFandXPS.exe
[2011/02/03 14:42:56 | 000,191,360 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\QipGuard\QipGuard.exe


< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009/07/14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009/07/14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/02/04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTOR.SYS >
[2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys

< MD5 for: IASTORV.SYS >
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011/03/11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009/07/14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2011/03/11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011/03/11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\drivers\nvraid.sys
[2011/03/11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
[2011/03/11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011/03/11 08:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/04/25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/04/09 13:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2010/04/09 09:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[2011/04/25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009/07/14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009/07/14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[12 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[12 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011/07/20 17:36:20 | 000,000,018 | ---- | M] () -- C:\Windows\system32\log.txt
[2011/07/20 17:34:38 | 001,540,036 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[12 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< *crack* /s >
[2011/05/30 14:32:33 | 009,721,307 | ---- | M] () -- \Downloads\dirt-3-crack-only-netshow.rar
[2011/05/30 14:30:56 | 000,000,320 | ---- | M] () -- \Downloads\DIRT.3.Crack.Only-SKIDROW.rar
[2011/05/30 14:30:52 | 001,743,536 | ---- | M] () -- \Downloads\DIRT.3.Crack.Only-SKIDROW.rar.part
[2011/02/02 17:46:47 | 000,004,328 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\CrackedCom.class
[2011/05/14 11:50:42 | 045,258,822 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\crack_last.rar
[2010/10/25 09:15:24 | 000,940,610 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\Crack.rar
[2010/12/09 20:17:04 | 005,359,107 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\crack.zip

< *keygen* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:2BE9FEFC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >

Re: Prosim o kontrolu logu

Napsal: 21 črc 2011 13:32
od Danstahr
Při opakovaném skenu už se soubor Extras netvoří, to je v pořádku.

:arrow: Spusťte znovu OTL, do spodního okna vložte následující skript a klikněte na tlačítko Opravit. Po restartu se otevře okno s logem, ten sem prosím vložte spolu s novým logem podle postupu výše.

Kód: Vybrat vše

:OTL
SRV - [2009/03/20 15:56:57 | 000,357,182 | ---- | M] () [Auto | Stopped] -- C:\Windows\reset.exe -- (.EsetTrialReset)
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1d21312a-f4bb-11df-98b4-c80aa9c5fd8b}\Shell - "" = AutoRun
O33 - MountPoints2\{1d21312a-f4bb-11df-98b4-c80aa9c5fd8b}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{24da31c8-c377-11df-aac3-c80aa9c5fd8b}\Shell - "" = AutoRun
O33 - MountPoints2\{24da31c8-c377-11df-aac3-c80aa9c5fd8b}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{343a422e-668a-11e0-aced-96597fda126d}\Shell - "" = AutoRun
O33 - MountPoints2\{343a422e-668a-11e0-aced-96597fda126d}\Shell\AutoRun\command - "" = D:\unlock.exe autoplay=true
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2011/07/16 20:44:31 | 000,645,924 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011/07/16 20:44:31 | 000,630,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/16 20:44:31 | 000,129,266 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011/07/16 20:44:31 | 000,112,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/30 14:32:33 | 009,721,307 | ---- | M] () -- \Downloads\dirt-3-crack-only-netshow.rar
[2011/05/30 14:30:56 | 000,000,320 | ---- | M] () -- \Downloads\DIRT.3.Crack.Only-SKIDROW.rar
[2011/05/30 14:30:52 | 001,743,536 | ---- | M] () -- \Downloads\DIRT.3.Crack.Only-SKIDROW.rar.part
[2011/05/14 11:50:42 | 045,258,822 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\crack_last.rar
[2010/10/25 09:15:24 | 000,940,610 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\Crack.rar
[2010/12/09 20:17:04 | 005,359,107 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\crack.zip
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:2BE9FEFC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"=-
"Persistence"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"=-
"ISUSPM Startup"=-
"Google Update"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Honza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KN StrongDC.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Honza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""=-
"StartCCC"=-
"Adobe ARM"=-
"Adobe Acrobat Speed Launcher"=-
"Acrobat Assistant 8.0"=-
"Adobe Reader Speed Launcher"=-

:Files
C:\Windows\patchw32.dll
C:\Users\Honza\AppData\Roaming\inst.exe
C:\ProgramData\FullRemove.exe
C:\Users\Honza\AppData\Roaming\ESET
C:\Users\Honza\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
C:\Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\keygen.exe
C:\Users\Honza\AppData\Roaming\Microsoft\Installer\{AAB17558-7189-1415-2370-D689FDD44B33}\ARPPRODUCTICON.exe
C:\Users\Honza\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
C:\Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\SaveAsPDFandXPS.exe


:Commans
[EmptyTemp]
[ResetHosts]
[EmptyFlash]

Re: Prosim o kontrolu logu

Napsal: 21 črc 2011 13:48
od JaaTaky
Log po restartu

All processes killed
========== OTL ==========
Service .EsetTrialReset stopped successfully!
Service .EsetTrialReset deleted successfully!
C:\Windows\reset.exe moved successfully.
HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3888138403-4158281134-2122410301-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3888138403-4158281134-2122410301-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3888138403-4158281134-2122410301-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3888138403-4158281134-2122410301-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d21312a-f4bb-11df-98b4-c80aa9c5fd8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d21312a-f4bb-11df-98b4-c80aa9c5fd8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d21312a-f4bb-11df-98b4-c80aa9c5fd8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d21312a-f4bb-11df-98b4-c80aa9c5fd8b}\ not found.
File F:\unlock.exe autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24da31c8-c377-11df-aac3-c80aa9c5fd8b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24da31c8-c377-11df-aac3-c80aa9c5fd8b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24da31c8-c377-11df-aac3-c80aa9c5fd8b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24da31c8-c377-11df-aac3-c80aa9c5fd8b}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{343a422e-668a-11e0-aced-96597fda126d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343a422e-668a-11e0-aced-96597fda126d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{343a422e-668a-11e0-aced-96597fda126d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343a422e-668a-11e0-aced-96597fda126d}\ not found.
File D:\unlock.exe autoplay=true not found.
C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP folder deleted successfully.
C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.
C:\Windows\SysWow64\is-MIQ2O.tmp deleted successfully.
C:\Windows\SysWow64\tmp3D20.tmp deleted successfully.
C:\Windows\SysWow64\tmp3D40.tmp deleted successfully.
C:\Windows\SysWow64\tmp600C.tmp deleted successfully.
C:\Windows\SysWow64\tmp601D.tmp deleted successfully.
C:\Windows\SysWow64\tmp664.tmp deleted successfully.
C:\Windows\SysWow64\tmp68D2.tmp deleted successfully.
C:\Windows\SysWow64\tmp68E3.tmp deleted successfully.
C:\Windows\SysWow64\tmp85D9.tmp deleted successfully.
C:\Windows\SysWow64\tmp8618.tmp deleted successfully.
C:\Windows\SysWow64\tmpBECC.tmp deleted successfully.
C:\Windows\SysWow64\tmpBEDC.tmp deleted successfully.
C:\Windows\SysNative\perfh005.dat moved successfully.
C:\Windows\SysNative\perfh009.dat moved successfully.
C:\Windows\SysNative\perfc005.dat moved successfully.
C:\Windows\SysNative\perfc009.dat moved successfully.
File move failed. \Downloads\dirt-3-crack-only-netshow.rar scheduled to be moved on reboot.
File move failed. \Downloads\DIRT.3.Crack.Only-SKIDROW.rar scheduled to be moved on reboot.
File move failed. \Downloads\DIRT.3.Crack.Only-SKIDROW.rar.part scheduled to be moved on reboot.
File move failed. \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\crack_last.rar scheduled to be moved on reboot.
File move failed. \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\Crack.rar scheduled to be moved on reboot.
File move failed. \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\crack.zip scheduled to be moved on reboot.
ADS C:\ProgramData\Temp:2BE9FEFC deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:93EB7685 deleted successfully.
ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PLFSetI not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Honza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KN StrongDC.lnk\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Honza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
========== FILES ==========
C:\Windows\patchw32.dll moved successfully.
C:\Users\Honza\AppData\Roaming\inst.exe moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
C:\Users\Honza\AppData\Roaming\ESET\ESET Smart Security folder moved successfully.
C:\Users\Honza\AppData\Roaming\ESET folder moved successfully.
C:\Users\Honza\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe moved successfully.
File\Folder C:\Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\keygen.exe not found.
C:\Users\Honza\AppData\Roaming\Microsoft\Installer\{AAB17558-7189-1415-2370-D689FDD44B33}\ARPPRODUCTICON.exe moved successfully.
C:\Users\Honza\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe moved successfully.
C:\Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\SaveAsPDFandXPS.exe moved successfully.
Error: Unable to interpret <:Commans> in the current context!
Error: Unable to interpret <[EmptyTemp]> in the current context!
Error: Unable to interpret <[ResetHosts]> in the current context!
Error: Unable to interpret <[EmptyFlash]> in the current context!

OTL by OldTimer - Version 3.2.26.1 log created on 07212011_143938

Files\Folders moved on Reboot...
File move failed. \Downloads\dirt-3-crack-only-netshow.rar scheduled to be moved on reboot.
File move failed. \Downloads\DIRT.3.Crack.Only-SKIDROW.rar scheduled to be moved on reboot.
File move failed. \Downloads\DIRT.3.Crack.Only-SKIDROW.rar.part scheduled to be moved on reboot.
File move failed. \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\crack_last.rar scheduled to be moved on reboot.
File move failed. \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\Crack.rar scheduled to be moved on reboot.
File move failed. \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\crack.zip scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: Prosim o kontrolu logu

Napsal: 21 črc 2011 14:15
od JaaTaky
OTL_1

OTL logfile created on: 7/21/2011 2:47:08 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.68 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 55.74% Memory free
7.35 Gb Paging File | 5.59 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 22.43 Gb Free Space | 22.43% Space Free | Partition Type: NTFS
Drive E: | 483.07 Gb Total Space | 110.04 Gb Free Space | 22.78% Space Free | Partition Type: NTFS

Computer Name: A02-0826A | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 20:36:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL(1).exe
PRC - [2011/06/24 13:22:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/04 15:24:32 | 002,346,496 | ---- | M] () -- C:\Program Files (x86)\Kalendář\Rainlendar2\Rainlendar2.exe
PRC - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 19:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (SafeList) ==========

MOD - [2011/07/20 20:36:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL(1).exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/21 06:26:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/23 19:46:04 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/04/22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2010/03/26 20:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/03/30 09:05:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/28 10:27:06 | 000,074,120 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/02/28 10:26:50 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/02/04 00:28:20 | 000,254,976 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2011/02/04 00:28:20 | 000,027,384 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV:64bit: - [2010/10/21 07:02:30 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/21 06:10:52 | 010,331,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/10/21 05:52:08 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/19 09:48:10 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/09/01 19:39:11 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/01 18:44:07 | 000,276,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/04/07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/05 12:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/01 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/14 22:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/02/10 09:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/13 17:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/13 17:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/12/22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/10/22 05:01:10 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/10/22 05:01:04 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009/10/22 05:00:58 | 000,068,144 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/10/22 05:00:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/10/22 03:47:50 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/10/22 00:13:28 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/10/22 00:13:28 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/10/20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/02/13 13:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/03/31 01:00:00 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver)
DRV - [2009/10/12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/06/20 01:33:58 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\giveio.sys -- (giveio)
DRV - [2007/02/07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t47k1k43r


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: easygtranslate@wrlf.com.br:2.2
FF - prefs.js..extensions.enabledItems: My-Translator@eugenche.com:0.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&o ... &gfns=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Honza\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Honza\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/23 11:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/24 13:22:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/23 11:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET Smart Security\Mozilla Thunderbird

[2010/08/26 21:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Extensions
[2011/07/03 18:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions
[2011/06/25 19:56:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/03/02 08:14:37 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2011/04/21 15:27:58 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/03/27 16:56:40 | 000,000,000 | ---D | M] (Easy Google Translate) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\easygtranslate@wrlf.com.br
[2010/11/02 12:54:02 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\extensions\My-Translator@eugenche.com
[2010/09/19 08:46:24 | 000,002,059 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\searchplugins\daemon-search.xml
[2011/03/02 08:14:47 | 000,002,062 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\jdq019xr.default\searchplugins\qip-search.xml
[2011/05/06 09:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/14 17:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\HONZA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JDQ019XR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/24 13:22:06 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/12/14 17:43:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/06 09:21:47 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2011/05/06 09:21:47 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2010/09/17 15:33:26 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2011/05/06 09:21:47 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2011/05/06 09:21:47 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011/05/06 09:21:48 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010/08/31 11:24:32 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000..\Run: [Rainlendar2] C:\Program Files (x86)\Kalendář\Rainlendar2\Rainlendar2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3888138403-4158281134-2122410301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = a02-0826a.kn.vutbr.cz
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/21 14:39:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/20 17:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/20 17:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/20 17:34:00 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/07/19 11:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/07/19 11:06:20 | 000,000,000 | ---D | C] -- C:\rsit
[2011/07/13 09:02:28 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 09:02:28 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 09:02:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/13 09:02:28 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/13 09:02:27 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 09:02:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/13 09:02:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/13 09:02:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/13 09:02:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 09:02:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/13 09:02:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/13 09:02:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/13 09:02:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 09:02:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 09:02:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 09:02:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 09:02:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 09:02:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 09:02:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 09:02:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 09:02:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 09:02:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 09:02:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/06/29 09:20:40 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 09:20:39 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/03/15 22:07:46 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Honza\AppData\Roaming\pcouffin.sys
[2010/08/06 18:34:32 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe

========== Files - Modified Within 30 Days ==========

[2011/07/21 14:48:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 14:48:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 14:40:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/21 14:40:51 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/21 13:52:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888138403-4158281134-2122410301-1000UA.job
[2011/07/21 08:52:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888138403-4158281134-2122410301-1000Core.job
[2011/07/20 17:35:03 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/20 17:34:38 | 001,540,036 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/16 20:44:31 | 001,514,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/15 03:53:14 | 000,002,406 | ---- | M] () -- C:\Users\Honza\Desktop\Google Chrome.lnk
[2011/07/13 10:05:21 | 005,062,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/06 09:40:52 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/07/04 12:19:43 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/06/30 11:50:44 | 000,007,599 | ---- | M] () -- C:\Users\Honza\AppData\Local\resmon.resmoncfg
[2011/06/25 10:13:22 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/07/20 17:35:03 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/20 17:34:29 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/01 17:02:02 | 000,000,132 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2011/05/03 22:57:07 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/07 15:59:24 | 000,005,248 | ---- | C] () -- C:\Windows\giveio.sys
[2011/04/05 12:02:43 | 000,000,041 | ---- | C] () -- C:\Windows\OPML8WP.INI
[2011/03/15 22:07:46 | 000,007,859 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\pcouffin.cat
[2011/03/15 22:07:46 | 000,001,167 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\pcouffin.inf
[2011/03/15 18:57:59 | 000,000,600 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\winscp.rnd
[2011/03/15 13:25:54 | 000,001,057 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\vso_ts_preview.xml
[2011/02/08 16:58:25 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/16 19:36:02 | 000,000,093 | ---- | C] () -- C:\Users\Honza\AppData\Local\fusioncache.dat
[2010/12/16 15:46:36 | 000,006,144 | ---- | C] () -- C:\Users\Honza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/18 20:18:17 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/10/13 22:04:21 | 000,000,944 | ---- | C] () -- C:\Users\Honza\AppData\Local\SRDownloader(2).nast
[2010/10/12 09:51:33 | 000,001,480 | ---- | C] () -- C:\Users\Honza\AppData\Local\Adobe Uložit pro web 12.0 Prefs
[2010/10/08 21:18:09 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/10/08 19:50:26 | 000,000,792 | ---- | C] () -- C:\Users\Honza\AppData\Local\SRDownloader.nast
[2010/10/05 19:42:41 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/10/04 08:13:51 | 001,540,036 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/19 22:18:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/01 16:17:27 | 000,007,599 | ---- | C] () -- C:\Users\Honza\AppData\Local\resmon.resmoncfg
[2010/09/01 11:36:52 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/08/31 11:23:48 | 000,000,000 | ---- | C] () -- C:\Users\Honza\AppData\Roaming\chrtmp
[2010/08/26 21:25:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/06 18:34:33 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/06 18:34:33 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/08/06 18:34:33 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/08/06 18:34:32 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010/08/06 18:34:32 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/08/06 18:30:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/06 18:27:23 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/05/14 07:22:42 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/05/14 07:22:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/05/14 07:22:42 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/05/14 07:22:41 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/05/14 07:22:41 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/10/20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/03 23:01:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Atari
[2011/01/01 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Autodesk
[2010/10/09 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\BinarySense
[2010/10/12 19:03:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Bradsoft.com
[2011/03/15 08:31:16 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\COWON
[2010/09/01 20:40:23 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2010/10/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Games
[2010/09/27 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GARMIN
[2011/02/09 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GHISLER
[2011/04/07 18:42:34 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\hte
[2011/05/03 23:06:51 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Leadertech
[2010/08/27 12:38:52 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\PlayFirst
[2010/08/31 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QIP
[2011/03/02 08:14:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QipGuard
[2011/05/01 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Rovio
[2011/03/30 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sony
[2010/11/16 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sparx Systems
[2010/10/12 09:19:24 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/07 15:56:56 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Subversion
[2010/11/16 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\uTorrent
[2011/03/15 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Vso
[2011/04/07 20:28:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Xilinx
[2011/05/08 16:43:02 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\yWorks
[2010/10/18 22:20:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Zoner
[2011/07/11 16:31:48 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"Rainlendar2" = C:\Program Files (x86)\Kalendář\Rainlendar2\Rainlendar2.exe -- [2011/02/04 15:24:32 | 002,346,496 | ---- | M] ()
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011/03/08 12:02:28 | 017,037,704 | R--- | M] (Skype Technologies S.A.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

Re: Prosim o kontrolu logu

Napsal: 21 črc 2011 14:16
od JaaTaky
OTL_2

< %APPDATA%\*. >
[2010/10/12 09:50:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Adobe
[2010/10/12 09:19:25 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Adobe Mini Bridge CS5
[2011/05/03 23:01:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Atari
[2010/08/26 16:13:03 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\ATI
[2011/01/01 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Autodesk
[2010/10/09 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\BinarySense
[2010/10/12 19:03:48 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Bradsoft.com
[2011/03/15 08:31:16 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\COWON
[2010/08/26 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\CyberLink
[2010/09/01 20:40:23 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2011/04/07 17:05:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Download Manager
[2010/10/25 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Games
[2010/09/27 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GARMIN
[2011/02/09 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\GHISLER
[2010/09/08 15:58:31 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Google
[2011/04/20 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Hamachi
[2011/04/07 18:42:34 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\hte
[2010/08/26 16:11:08 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Identities
[2011/03/15 08:28:35 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\InstallShield
[2010/09/19 08:58:09 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\InstallShield Installation Information
[2010/08/26 16:12:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Intel Corporation
[2011/05/03 23:06:51 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Leadertech
[2010/08/26 16:11:42 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Macromedia
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Media Center Programs
[2011/05/13 09:05:10 | 000,000,000 | --SD | M] -- C:\Users\Honza\AppData\Roaming\Microsoft
[2010/08/26 21:25:52 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Mozilla
[2010/10/08 21:22:42 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Nero
[2010/08/27 12:38:52 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\PlayFirst
[2010/10/12 10:14:01 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\PSpad
[2010/08/31 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QIP
[2011/03/02 08:14:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\QipGuard
[2011/05/01 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Rovio
[2011/07/21 14:43:35 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Skype
[2011/03/08 10:22:25 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\skypePM
[2011/03/30 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sony
[2010/11/16 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Sparx Systems
[2010/10/12 09:19:24 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/07 15:56:56 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Subversion
[2010/11/16 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\uTorrent
[2011/05/25 12:31:39 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\vlc
[2010/12/14 00:42:31 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\VMware
[2011/03/15 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Vso
[2010/08/27 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\WinRAR
[2011/04/07 20:28:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Xilinx
[2011/05/08 16:43:02 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\yWorks
[2010/10/18 22:20:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2010/11/04 21:58:54 | 003,773,760 | ---- | M] (Power Technology) -- C:\Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\dfxSetup-WMP64.exe
[2011/02/03 14:42:56 | 000,191,360 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\QipGuard\QipGuard.exe


< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009/07/14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009/07/14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/02/04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTOR.SYS >
[2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys

< MD5 for: IASTORV.SYS >
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011/03/11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009/07/14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2011/03/11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011/03/11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\drivers\nvraid.sys
[2011/03/11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
[2011/03/11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011/03/11 08:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/04/25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/04/09 13:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2010/04/09 09:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[2011/04/25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009/07/14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009/07/14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011/07/21 14:41:16 | 000,000,018 | ---- | M] () -- C:\Windows\system32\log.txt
[2011/07/20 17:34:38 | 001,540,036 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< *crack* /s >
[2011/05/30 14:32:33 | 009,721,307 | ---- | M] () -- \Downloads\dirt-3-crack-only-netshow.rar
[2011/05/30 14:30:56 | 000,000,320 | ---- | M] () -- \Downloads\DIRT.3.Crack.Only-SKIDROW.rar
[2011/05/30 14:30:52 | 001,743,536 | ---- | M] () -- \Downloads\DIRT.3.Crack.Only-SKIDROW.rar.part
[2011/02/02 17:46:47 | 000,004,328 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\CrackedCom.class
[2011/05/14 11:50:42 | 045,258,822 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_282518681\crack_last.rar
[2010/10/25 09:15:24 | 000,940,610 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\Crack.rar
[2010/12/09 20:17:04 | 005,359,107 | ---- | M] () -- \Users\Honza\AppData\Roaming\QIP\Profiles\241025234\RcvdFiles\Fjup_fjup@qip.ru\crack.zip

< *keygen* /s >

< End of report >

Re: Prosim o kontrolu logu

Napsal: 21 črc 2011 14:40
od Danstahr
Do skriptu se mi vloudil překlep, takže prosím proveďte ještě jednou opravu s následujícím skriptem :

Kód: Vybrat vše

:Commands
[EmptyTemp]
[EmptyFlash]
[ResetHosts]
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz