VIRY.CZ

Hello Uz davno som ziadnu kontrolu nerobil, tak by sa zislo jednu spravit PC bezi v pohode, problemy nemam ale sem tam som nejake podozrenie mal tak som zvedavy ako to dopadne
Dopredu dik za skontrolovanie logu


Logfile of random's system information tool 1.09 (written by random/random)
Run by valdoDK at 2012-09-02 15:17:58
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 24 GB (8%) free of 305 GB
Total RAM: 4061 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:18:03, on 2. 9. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\valdoDK\Games\WOW\Wow.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\valdoDK.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10197&home=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\valdoDK\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\valdoDK\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Complitly - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\valdoDK\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\fgiebar.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
O4 - HKLM\..\Run: [Arvo] "C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RoccatKone+] "C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [svcnet2] C:\Windows\svcnet2\svcnet2.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\valdoDK\AppData\Roaming\QipGuard\QipGuard.exe /p
O4 - HKCU\..\Run: [Google Update] "C:\Users\valdoDK\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [ContourCameraFinder] "C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\valdoDK\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Content Manager Assistant for PlayStation(R).lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Users\valdoDK\Desktop\SkypePTT\Skype4COM.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
O23 - Service: ABBYY FineReader 10 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlackfishSQL - CodeGear - C:\Program Files (x86)\Embarcadero\RAD Studio\7.0\Bin\BSQLServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QipGuard - QIP.ru - C:\Program Files (x86)\QipGuard\QipGuard.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 15746 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Dell\DellDock\DockLogin.exe"
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\atibtmon.exe Global\Ati_VariBrightMonitorEvent
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe" -service
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Embarcadero\RAD Studio\7.0\Bin\BSQLServer.exe" -S="BlackfishSQL"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe"
"C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe"
"C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\QipGuard\QipGuard.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2284
C:\Windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"C:\Program Files\Dell\QuickSet\quickset.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe"
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe"
\??\C:\Windows\system32\conhost.exe "20024373634736387351209268036-1183845078-19665633501982548259-695401228-10238750
"C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe"
"C:\Program Files\Rainmeter\Rainmeter.exe"
"C:\Program Files\Dell\DellDock\DellDock.exe"
"C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE"
"C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe" 3396
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\valdoDK\Games\WOW\Wow.exe"
"C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe"
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/6/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --extension-process --renderer-print-preview --channel="3240.1.1887229692\1394144613" /prefetch:3
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/6/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --extension-process --renderer-print-preview --channel="3240.2.1529985835\533102270" /prefetch:3
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/6/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="3240.3.1329424268\1641839463" /prefetch:3
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3240.5.1246314021\742812789" --lang=sk --ignored=" --type=renderer " /prefetch:13
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3240.6.546500244\856494773" --reduce-gpu-sandbox --disable-image-transport-surface --gpu-vendor-id=0x1002 --gpu-device-id=0x9593 --gpu-driver-version=8.821.0.0 --ignored=" --type=renderer " /prefetch:12
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/6/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="3240.7.443535044\97992521" /prefetch:3
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/6/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="3240.8.13209720\248347497" /prefetch:3
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\valdoDK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" --lang=sk --channel="3240.9.978896050\503680162" /prefetch:4
"C:\Users\valdoDK\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/6/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="3240.10.249855097\2110869109" /prefetch:3
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service --lang=sk
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi-broker --channel="3240.14.851409886\1425747304" --lang=sk /prefetch:14
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/6/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="3240.22.179347556\172239316" /prefetch:3
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/6/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="3240.24.613890958\1700597959" /prefetch:3
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/6/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="3240.25.2088030310\588713694" /prefetch:3
"C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/6/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="3240.30.1113739835\1784027271" /prefetch:3
"C:\Users\valdoDK\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\valdoDK\AppData\Roaming\Mozilla\Firefox\Profiles\3fbhgvq9.default

prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "browser.startup.homepage" - "http://google.com/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, immortal.main@gmail.com:1.0.3, firefox@red-cog.com:2.8, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, battlefieldplay4free@ea.com:1.0.53.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.268 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Zásvuný modul iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.268 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
FlashGet3.xpi
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npqtplugin8.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
Complitly.xml
dunaj-sk.xml
eBay.xml
fcmdSrch.xml
fcmdSrchaudio.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\valdoDK\AppData\Roaming\Mozilla\Firefox\Profiles\3fbhgvq9.default\extensions\
battlefieldplay4free@ea.com
{33e0daa6-3af3-d8b5-6752-10e949c61516}

C:\Users\valdoDK\AppData\Roaming\Mozilla\Firefox\Profiles\3fbhgvq9.default\searchplugins\
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
Complitly - C:\Users\valdoDK\AppData\Roaming\Complitly\64\Complitly64.dll [2011-03-23 167416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}]
FileServeManager - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll [2011-09-02 1257752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-29 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
BitTorrentBar Toolbar - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2F122DA-055F-4df7-8F24-7354DBDBA85B}]
FAIESSOHelper Class - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll [2010-04-04 222536]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\valdoDK\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-05-14 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
Complitly - C:\Users\valdoDK\AppData\Roaming\Complitly\Complitly.dll [2011-03-23 139768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-29 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~2\FlashGet\fgiebar.dll [2005-06-07 86016]
{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - BitTorrentBar Toolbar - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-24 1822504]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-24 2839840]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-01-21 487424]
"LogMeIn GUI"=C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2011-09-16 57928]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2010-06-09 3216544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2012-02-23 59240]
"QIP Internet Guardian"=C:\Users\valdoDK\AppData\Roaming\QipGuard\QipGuard.exe /p []
"Google Update"=C:\Users\valdoDK\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-24 136176]
"MobileDocuments"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [2012-02-23 59240]
"ContourCameraFinder"=C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe [2012-02-10 96256]
"Facebook Update"=C:\Users\valdoDK\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FATrayAlert]
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [2010-04-04 95560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\valdoDK\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-24 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2011-09-16 57928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\valdoDK\AppData\Roaming\QipGuard\QipGuard.exe /p []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2012-05-28 1242448]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Arvo"=C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE [2009-11-24 172032]
""= []
"FAStartup"= []
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-09-27 59240]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"RoccatKone+"=C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [2011-07-12 552960]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-06-07 421776]
"svcnet2"=C:\Windows\svcnet2\svcnet2.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Content Manager Assistant for PlayStation(R).lnk - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

C:\Users\valdoDK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
FAPassSync

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"vidc.pDAD"=prodad-codec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-08-27 21:08:08 ----D---- C:\Users\valdoDK\AppData\Roaming\GullySoft
2012-08-27 21:07:59 ----D---- C:\Program Files (x86)\Umíme to s Delphi
2012-08-27 21:02:21 ----A---- C:\Windows\SYSWOW64\xercesxmldom.dll
2012-08-27 21:02:21 ----A---- C:\Windows\SYSWOW64\xercesLib.dll
2012-08-27 21:02:21 ----A---- C:\Windows\SYSWOW64\midas.dll
2012-08-27 21:02:21 ----A---- C:\Windows\SYSWOW64\cc3260mt.dll
2012-08-27 21:02:21 ----A---- C:\Windows\SYSWOW64\BDSShellRes140.dll
2012-08-27 21:02:21 ----A---- C:\Windows\SYSWOW64\BDSShellRes.dll
2012-08-27 21:02:18 ----D---- C:\ProgramData\Embarcadero
2012-08-27 21:00:17 ----D---- C:\Users\valdoDK\AppData\Roaming\Embarcadero
2012-08-27 21:00:17 ----D---- C:\Users\valdoDK\AppData\Roaming\CodeGear
2012-08-27 21:00:17 ----D---- C:\Program Files (x86)\Embarcadero
2012-08-20 03:04:48 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-08-20 03:04:48 ----A---- C:\Windows\system32\mshtmled.dll
2012-08-20 03:04:47 ----A---- C:\Windows\SYSWOW64\url.dll
2012-08-20 03:04:47 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-08-20 03:04:47 ----A---- C:\Windows\system32\url.dll
2012-08-20 03:04:47 ----A---- C:\Windows\system32\iertutil.dll
2012-08-20 03:04:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-08-20 03:04:46 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-08-20 03:04:46 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-08-20 03:04:46 ----A---- C:\Windows\system32\urlmon.dll
2012-08-20 03:04:46 ----A---- C:\Windows\system32\ieUnatt.exe
2012-08-20 03:04:46 ----A---- C:\Windows\system32\ieui.dll
2012-08-20 03:04:45 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-08-20 03:04:45 ----A---- C:\Windows\system32\wininet.dll
2012-08-20 03:04:45 ----A---- C:\Windows\system32\jscript9.dll
2012-08-20 03:04:44 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-08-20 03:04:44 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-08-20 03:04:44 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-08-20 03:04:44 ----A---- C:\Windows\system32\jsproxy.dll
2012-08-20 03:04:44 ----A---- C:\Windows\system32\jscript.dll
2012-08-20 03:04:43 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-08-20 03:04:42 ----A---- C:\Windows\system32\mshtml.dll
2012-08-20 03:04:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-08-20 03:04:41 ----A---- C:\Windows\system32\ieframe.dll
2012-08-19 19:56:09 ----A---- C:\Windows\SYSWOW64\srclient.dll
2012-08-19 19:56:09 ----A---- C:\Windows\system32\srcore.dll
2012-08-19 19:55:50 ----A---- C:\Windows\system32\win32spl.dll
2012-08-19 19:55:49 ----A---- C:\Windows\system32\spoolsv.exe
2012-08-19 19:55:48 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2012-08-19 19:55:48 ----A---- C:\Windows\splwow64.exe
2012-08-19 19:55:38 ----A---- C:\Windows\system32\browser.dll
2012-08-19 19:55:38 ----A---- C:\Windows\system32\browcli.dll
2012-08-19 19:55:37 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-08-19 19:55:37 ----A---- C:\Windows\SYSWOW64\browcli.dll
2012-08-19 19:55:37 ----A---- C:\Windows\system32\netapi32.dll
2012-08-19 19:55:27 ----A---- C:\Windows\system32\win32k.sys
2012-08-19 19:55:21 ----A---- C:\Windows\system32\localspl.dll

======List of files/folders modified in the last 1 month======

2012-09-02 15:18:03 ----D---- C:\Windows\Prefetch
2012-09-02 15:18:00 ----D---- C:\Program Files\trend micro
2012-09-02 15:17:59 ----D---- C:\Windows\Temp
2012-09-02 14:47:47 ----D---- C:\Users\valdoDK\AppData\Roaming\TS3Client
2012-09-02 14:47:46 ----D---- C:\ProgramData\LogMeIn
2012-09-02 14:47:13 ----D---- C:\Windows\inf
2012-09-02 14:46:37 ----D---- C:\Windows\Minidump
2012-09-02 14:46:37 ----D---- C:\Windows\debug
2012-09-02 14:46:37 ----D---- C:\Windows
2012-09-02 12:15:22 ----D---- C:\Windows\system32\config
2012-09-02 12:06:24 ----D---- C:\Windows\System32
2012-09-02 12:06:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-09-02 02:43:16 ----D---- C:\Users\valdoDK\AppData\Roaming\foobar2000
2012-09-02 02:41:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-01 22:52:45 ----D---- C:\Users\valdoDK\AppData\Roaming\vlc
2012-08-30 14:14:56 ----SHD---- C:\System Volume Information
2012-08-28 02:45:49 ----D---- C:\Windows\Microsoft.NET
2012-08-28 02:45:30 ----RSD---- C:\Windows\assembly
2012-08-27 21:07:59 ----RSD---- C:\Windows\Fonts
2012-08-27 21:07:59 ----RD---- C:\Program Files (x86)
2012-08-27 21:03:03 ----SHD---- C:\Windows\Installer
2012-08-27 21:03:02 ----HD---- C:\Config.Msi
2012-08-27 21:02:21 ----D---- C:\Windows\SysWOW64
2012-08-27 21:02:18 ----HD---- C:\ProgramData
2012-08-27 21:01:58 ----D---- C:\Program Files (x86)\Common Files
2012-08-24 22:34:58 ----D---- C:\Users\valdoDK\AppData\Roaming\Mozilla
2012-08-20 12:01:36 ----D---- C:\Windows\winsxs
2012-08-20 03:49:49 ----D---- C:\Windows\SYSWOW64\migration
2012-08-20 03:49:49 ----D---- C:\Program Files (x86)\Internet Explorer
2012-08-20 03:49:48 ----D---- C:\Windows\system32\migration
2012-08-20 03:49:47 ----D---- C:\Program Files\Internet Explorer
2012-08-20 03:49:44 ----D---- C:\Windows\system32\DriverStore
2012-08-20 03:06:48 ----D---- C:\ProgramData\Microsoft Help
2012-08-20 03:06:04 ----D---- C:\Windows\system32\catroot2
2012-08-20 03:06:04 ----D---- C:\Windows\system32\catroot
2012-08-20 03:00:56 ----A---- C:\Windows\system32\MRT.exe
2012-08-07 23:54:59 ----D---- C:\Program Files (x86)\QIP Infium

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-24 828912]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-03-24 139704]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-03-24 163888]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-03-24 124760]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2011-09-16 72216]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2009-06-25 67584]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [2009-06-25 55296]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2009-06-25 57856]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-01-27 9085952]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-01-27 299520]
R3 ArvoFltr;ROCCAT Arvo; C:\Windows\system32\drivers\ArvoFltr.sys [2009-05-06 15872]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM); C:\Windows\system32\DRIVERS\vrtaucbl.sys [2011-04-09 66728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2011-09-16 11552]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver; C:\Windows\system32\DRIVERS\OA001Vid.sys [2009-03-09 319840]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-01-21 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-24 285744]
S0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver; C:\Windows\system32\drivers\CLBStor.sys []
S2 CLBUDFR;CyberLink UDF Filesystem; C:\Windows\system32\drivers\CLBUDFR.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-01-27 9085952]
S3 FACAP;facap, FastAccess Video Capture; C:\Windows\system32\DRIVERS\facap.sys [2008-09-24 238848]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 HPFXBULK;HPFXBULK; C:\Windows\system32\drivers\hpfx64bulk.sys [2007-07-16 20504]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 115328]
S3 KoneFltr;ROCCAT Kone; C:\Windows\system32\drivers\Kone.sys [2008-12-11 15488]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-11-01 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-11-01 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2011-11-01 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-11-01 171008]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [2011-12-14 25072]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [2011-07-20 44032]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 11264]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-11-01 9216]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-02-15 52736]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-11-01 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2010-05-07 814344]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-01-27 203776]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 BlackfishSQL;BlackfishSQL; C:\Program Files (x86)\Embarcadero\RAD Studio\7.0\Bin\BSQLServer.exe [2009-11-19 65536]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-03-24 810120]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-13 375208]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2012-07-13 147368]
R2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2011-09-16 407424]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 QipGuard;QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [2011-10-26 191440]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [2010-01-21 244736]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-23 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-24 42336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-23 136176]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-05-28 529232]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]
S4 FAService;FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-04-04 2409800]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Zdravim

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

• C:\Windows\svcnet2\svcnet2.exe
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
• Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

Dobry den

Dany subor sa mi otestovat nepodarilo, pretoze nebol najdeny. (skryte subory mam odkryte ale nic sa nenaslo ani ked som siel po subore rucne)

Tu prikladam info.txt log z RSIT

info.txt logfile of random's system information tool 1.08 2011-04-01 18:34:10

======Uninstall list======

-->C:\ProgramData\{7322D736-AA5F-4DD0-8E33-EA48318CC276}\delldock.exe
-->C:\Windows\CtDrvIns.exe -uninstall -script OA001.uns -unsext NTamd64 -plugin OA001Pin.dll -pluginres OA001Pin.crl -nodisconprompt -langid 0x0409
-->MsiExec.exe /I{B4735ADA-2C32-4DB1-809C-D3D424343ED9}
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9
4Media iPod to PC Transfer-->C:\Program Files (x86)\4Media\iPod Manager\Uninstall.exe
64 Bit HP CIO Components Installer-->MsiExec.exe /I{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}
7-Zip 4.65 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0465-000001000000}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe -maintain plugin
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Aktualizácia Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {9A8C39B0-D27F-4F81-BE74-2FECF164707E}
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {CE23B3DC-18CC-46FC-A309-81D6670F8D3D}
Aktualizácia Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}
Any Weblock 1.1.0-->"C:\Program Files (x86)\AnyUtils\Any Weblock\unins000.exe"
Apple Application Support-->MsiExec.exe /I{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}
Apple Mobile Device Support-->MsiExec.exe /I{8F473675-D702-45F9-8EBC-342B40C17BF5}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Ashampoo Burning Studio 10.0.0-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\unins000.exe"
Ashampoo-->"C:\Windows\Ashampoo\uninstall.exe" "/U:C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2010 Advanced\Uninstall\uninstall.xml"
ATI Catalyst Install Manager-->msiexec /q/x{90A1F0ED-BC6F-EBD4-2101-885AB084499C} REBOOT=ReallySuppress
ATI Stream SDK v2 Developer-->MsiExec.exe /I{22441735-5983-AD2A-5CC5-FA2CCD7EF732}
AviSynth 2.5-->"C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe"
AVS Audio Converter version 6.2-->"C:\Program Files (x86)\AVS4YOU\AVSAudioConverter6\unins000.exe"
AVS Audio Editor version 6.1-->"C:\Program Files (x86)\AVS4YOU\AVSAudioEditor\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS4YOU Software Navigator 1.4-->"C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bonjour-->MsiExec.exe /X{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Toolbar-->C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe
Dell Dock-->"C:\ProgramData\{7322D736-AA5F-4DD0-8E33-EA48318CC276}\delldock.exe" REMOVE=TRUE MODIFY=FALSE
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Central-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9 /remove
FastAccess-->MsiExec.exe /I{1336D61B-1D48-4E5C-9E39-35444B00EE3D}
FastStone Image Viewer 4.2-->C:\Program Files (x86)\FastStone Image Viewer\uninst.exe
FlashGet(JetCar)-->C:\PROGRA~2\FlashGet\UNWISE.EXE C:\PROGRA~2\FlashGet\INSTALL.LOG
foobar2000 v1.0.3-->"C:\Program Files (x86)\foobar2000\uninstall.exe" _?=C:\Program Files (x86)\foobar2000
Google Earth Plug-in-->MsiExec.exe /X{171E6C1E-B5FC-11DF-B115-005056C00008}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Handbrake 0.9.4-->C:\Program Files (x86)\Handbrake\uninst.exe
HP Color LaserJet CM1312 MFP Series 5.1-->C:\Program Files (x86)\HP\Digital Imaging\{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}\setup\hpzscr40.exe -datfile hppscr11.dat -onestop -forcereboot
HP Customer Participation Program 10.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 10.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Integrated Webcam Driver (1.06.03.0309) -->C:\Windows\CtDrvIns.exe -uninstall -script OA001.uns -unsext NTamd64 -plugin OA001Pin.dll -pluginres OA001Pin.crl -nodisconprompt -langid 0x0409
iSilo-->MsiExec.exe /I{682949C2-A9B2-476A-BAB3-0388F40D20F1}
iTunes-->MsiExec.exe /I{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
K-Lite Codec Pack 5.9.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Livestream Procaster-->MsiExec.exe /I{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-041B-1000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office Groove MUI (Slovak) 2007-->MsiExec.exe /X{90120000-00BA-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Slovak) 2007-->MsiExec.exe /X{90120000-00A1-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Slovak) 2007-->MsiExec.exe /X{90120000-002A-041B-1000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mobile Mouse Server-->MsiExec.exe /I{CD821A33-8893-437B-B883-23768C3EDB9B}
Mozilla Firefox (3.6.16)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
Need For Speed™ World-->"C:\Program Files (x86)\Electronic Arts\Need For Speed World\unins000.exe"
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetupx64.dll,DoNTUninst
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
Opera 10.53-->MsiExec.exe /X{70312451-0D00-4A84-B9B1-0D59B5180A4F}
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia-->MsiExec.exe /I{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Punkbuster Got Busted v1.3-->"C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\pb\unins000.exe"
Quickset-->MsiExec.exe /I{87CF757E-C1F1-4D22-865C-00C6950B5258}
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
RapidShare Manager-->C:\Program Files (x86)\RapidShareManager\uninstall.exe
RICOH Media Driver ver.2.07.01.00-->"C:\Program Files (x86)\InstallShield Installation Information\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}\Setup.exe" -runfromtemp -l0x001b anything -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05-->"C:\Program Files (x86)\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -runfromtemp -l0x0009 anything -removeonly
ROCCAT Arvo Keyboard Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{61DF2893-0069-4E50-A02E-3A41A97CB1B4}\Setup.exe"
ROCCAT Kone Mouse Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9733747E-E53D-4C17-977E-3A872AFB93E1}\Setup.exe"
Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Safari-->MsiExec.exe /I{C73F2967-062E-48F2-A462-D335B8950183}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office Groove 2007 (KB2494047)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B91E2AEC-7F93-4E33-ACF6-EC90640CBE4F}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype™ 4.2-->MsiExec.exe /X{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}
Spotify-->"C:\Program Files (x86)\Spotify\uninstall.exe"
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Uniblue RegistryBooster-->"C:\Program Files (x86)\Uniblue\RegistryBooster\unins000.exe"
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Outlook 2007 (KB2412171)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
Update for Outlook 2007 Junk Email Filter (KB2508979)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D2137BBA-250B-4548-BC1C-19E5009893D7}
VLC media player 1.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WinAVI All in One Converter-->"C:\Program Files (x86)\All in One Converter\uninst.exe"
Windows 7 Codec Pack 2.5.0-->C:\Windows\SysWOW64\C2MP\Uninst.exe
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}
Windows Live Fotogaléria-->MsiExec.exe /X{97F77D62-5110-4FA3-A2D3-410B92D31199}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{FA6CF94F-DACF-4FE7-959D-55C421B91B17}
Windows Live Mesh-->MsiExec.exe /I{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}
Windows Live Photo Common-->MsiExec.exe /X{6F37D92B-41AA-44B7-80D2-457ABDE11896}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live Remote Client Resources-->MsiExec.exe /I{5F44A3A1-5D24-4708-8776-66B42B174C64}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{02C0A02E-AB30-446C-B4C3-A03310D95F53}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}
Windows Live Writer-->MsiExec.exe /X{11778DA1-0495-4ED9-972F-F9E0B0367CD5}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WMV9/VC-1 Video Playback-->MsiExec.exe /X{8C69B19F-71DF-F80F-0C2F-56E9FE5C95CB}
Xilisoft Video Converter Ultimate 6-->C:\Program Files (x86)\Xilisoft\Video Converter Ultimate 6\Uninstall.exe
Xilisoft Video Converter Ultimate 6-->C:\Program Files (x86)\Xilisoft\Video Converter Ultimate 6\Uninstall.exe
Xiph QuickTime Components-->"C:\Program Files (x86)\QuickTime\QTComponents\XiphQTuninstall.exe"
yBook-->"C:\Program Files (x86)\yBook\unins000.exe"
YouTube Downloader 2.6.2-->"C:\Program Files (x86)\YouTube Downloader\uninstall.exe"

======Hosts File======

127.0.0.1 mybrowserbar.com
127.0.0.1 www.mybrowserbar.com
127.0.0.1 download.mybrowserbar.com.mybrowserbar.com

======System event log======

Computer Name: valdoDK-XPS
Event Code: 7022
Message: Služba HP CUE DeviceDiscovery Service sa pri spustení zablokovala.
Record Number: 32196
Source Name: Service Control Manager
Time Written: 20100918160517.814320-000
Event Type: Error
User:

Computer Name: valdoDK-XPS
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 32132
Source Name: k57nd60a
Time Written: 20100918160347.791223-000
Event Type: Warning
User:

Computer Name: valdoDK-XPS
Event Code: 4001
Message: Služba automatickej konfigurácie siete WLAN sa úspešne zastavila.

Record Number: 32113
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100917235143.054219-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: valdoDK-XPS
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 32052
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100917220615.185823-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: valdoDK-XPS
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 32051
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100917220600.125962-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: valdoDK-XPS
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1012519688-2421850716-3688177861-1001:
Process 448 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1012519688-2421850716-3688177861-1001

Record Number: 237
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100524152350.627220-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: valdoDK-XPS
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 231
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100524152245.966306-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: valdoDK-XPS
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 229
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100524152245.872706-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: valdoDK-XPS
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 1016) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
Record Number: 207
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100524152106.285258-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: valdoDK-XPS
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 124
Source Name: Microsoft-Windows-Search
Time Written: 20100524151941.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100524150620.364845-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100524150620.364845-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x32a64
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100524150620.037244-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100524150618.258841-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100524150618.212041-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\ATI Stream\bin\x86_64;C:\Program Files (x86)\ATI Stream\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"asl.log"=Destination=file;OnFirstLog=command,environment
"RGSCLauncher"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"ATISTREAMSDKROOT"=C:\Program Files (x86)\ATI Stream\

-----------------EOF-----------------

Pre lepsi prehlad pridavam log z RogueKilleru ako samostatny prispevok


RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : valdoDK [Práva Správcu]
Režim : Kontrola -- Dátum : 09/02/2012 23:52:05

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : QIP Internet Guardian (C:\Users\valdoDK\AppData\Roaming\QipGuard\QipGuard.exe /p) -> NÁJDENÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-1012519688-2421850716-3688177861-1001[...]\Run : QIP Internet Guardian (C:\Users\valdoDK\AppData\Roaming\QipGuard\QipGuard.exe /p) -> NÁJDENÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NÁJDENÉ
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> NÁJDENÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> NÁJDENÉ
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NÁJDENÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NÁJDENÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NÁJDENÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NÁJDENÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 mybrowserbar.com
127.0.0.1 www.mybrowserbar.com
127.0.0.1 download.mybrowserbar.com.mybrowserbar.com
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9320421ASG +++++
--- User ---
[MBR] f7f46ddc1749006b31b923b497bee4ba
[BSP] c3ba5f37cd917729e9bf6d6558ea4f68 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 625139712 | Size: 0 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[1].txt >>
RKreport[1].txt

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku[

[/list]

RSIT -> po zmazani
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : valdoDK [Práva Správcu]
Režim : Odebrať -- Dátum : 09/03/2012 12:48:26

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : QIP Internet Guardian (C:\Users\valdoDK\AppData\Roaming\QipGuard\QipGuard.exe /p) -> VYMAZANÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRADENÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRADENÉ (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NAHRADENÉ (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NAHRADENÉ (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NAHRADENÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 mybrowserbar.com
127.0.0.1 www.mybrowserbar.com
127.0.0.1 download.mybrowserbar.com.mybrowserbar.com
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST9320421ASG +++++
--- User ---
[MBR] f7f46ddc1749006b31b923b497bee4ba
[BSP] c3ba5f37cd917729e9bf6d6558ea4f68 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 625139712 | Size: 0 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RSIT - oprava host

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : valdoDK [Práva Správcu]
Režim : Oprava HOSTS -- Dátum : 09/03/2012 12:49:31

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 0 ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 mybrowserbar.com
127.0.0.1 www.mybrowserbar.com
127.0.0.1 download.mybrowserbar.com.mybrowserbar.com
127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤


Dokončené : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

OK, pockam si na OTL

Takze tu OTL

OTL logfile created on: 3. 9. 2012 12:52:46 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\valdoDK\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,97 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,67% Memory free
7,93 Gb Paging File | 6,48 Gb Available in Paging File | 81,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 23,37 Gb Free Space | 7,84% Space Free | Partition Type: NTFS

Computer Name: VALDODK-XPS | User Name: valdoDK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012/09/03 12:45:03 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\valdoDK\Desktop\OTL.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/10 04:18:24 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe
PRC - [2012/01/26 20:38:52 | 000,525,768 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2012/01/26 20:38:42 | 002,520,504 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/10/26 23:22:42 | 000,191,440 | ---- | M] (QIP.ru) -- C:\Program Files (x86)\QipGuard\QipGuard.exe
PRC - [2011/07/12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/05/07 13:02:55 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/01/11 20:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/11/24 14:01:36 | 000,172,032 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE


========== Modules (No Company Name) ==========

MOD - [2012/02/10 04:18:24 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe
MOD - [2012/02/07 02:46:53 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\ContourStoryteller\QtNetwork4.dll
MOD - [2012/02/07 02:46:52 | 008,191,488 | ---- | M] () -- C:\Program Files (x86)\ContourStoryteller\QtGui4.dll
MOD - [2012/02/07 02:46:52 | 002,296,320 | ---- | M] () -- C:\Program Files (x86)\ContourStoryteller\QtCore4.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/01/27 00:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/24 20:39:50 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/01/21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/11 20:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/13 00:02:28 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/13 00:02:18 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/05/28 19:16:46 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/26 23:22:42 | 000,191,440 | ---- | M] (QIP.ru) [Auto | Running] -- C:\Program Files (x86)\QipGuard\QipGuard.exe -- (QipGuard)
SRV - [2011/09/16 15:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/05/07 13:02:55 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.10.0)
SRV - [2010/04/04 12:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Disabled | Stopped] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)
SRV - [2009/11/19 06:05:00 | 000,065,536 | ---- | M] (CodeGear) [Auto | Running] -- C:\Program Files (x86)\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe -- (BlackfishSQL)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/13 00:02:19 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/14 03:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 11:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/11/01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/11/01 11:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/09/16 15:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/09 23:51:45 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/01/27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/27 00:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/05/24 19:58:33 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/24 20:34:20 | 000,124,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/03/24 20:31:12 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/03/24 20:24:00 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/01/21 04:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/12/01 16:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/08/24 11:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 16:01:12 | 000,015,872 | ---- | M] (ROCCAT Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArvoFltr.sys -- (ArvoFltr)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/09 02:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 16:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/12/11 14:56:54 | 000,015,488 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Kone.sys -- (KoneFltr)
DRV:64bit: - [2008/09/24 21:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/03/17 11:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2007/07/16 23:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011/09/16 15:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/07/31 20:45:46 | 000,180,352 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Stopped] -- C:\Windows\SysWow64\drivers\CLBUDFR.sys -- (CLBUDFR)
DRV - [2006/07/31 20:45:46 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\CLBStor.sys -- (CLBStor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A569BBA-2CAA-491D-8263-C235F04140A2}: "URL" = http://www.toggle.com/en/index.php?rvs=google
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2790392


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 12 77 20 57 FB CA 01 [binary data]
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\valdoDK\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{6A569BBA-2CAA-491D-8263-C235F04140A2}: "URL" = http://www.toggle.com/en/index.php?rvs=google
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{9DF93426-E4C4-4DD7-BE60-F4804B789495}: "URL" = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2790392
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.order.1: "Complitly"
FF - prefs.js..browser.search.selectedEngine: "QIP Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: immortal.main@gmail.com:1.0.3
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\valdoDK\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\valdoDK\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\valdoDK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\valdoDK\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\valdoDK\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\valdoDK\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2010/05/24 19:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}: C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} [2011/08/18 07:58:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/15 21:49:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/15 21:49:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/05/24 19:03:44 | 000,000,000 | ---D | M]

[2010/05/25 15:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\valdoDK\AppData\Roaming\mozilla\Extensions
[2012/07/24 11:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\valdoDK\AppData\Roaming\mozilla\Firefox\Profiles\3fbhgvq9.default\extensions
[2011/06/16 01:19:42 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\valdoDK\AppData\Roaming\mozilla\Firefox\Profiles\3fbhgvq9.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011/04/16 20:06:30 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\valdoDK\AppData\Roaming\mozilla\Firefox\Profiles\3fbhgvq9.default\extensions\battlefieldplay4free@ea.com
[2011/11/30 15:30:06 | 000,002,062 | ---- | M] () -- C:\Users\valdoDK\AppData\Roaming\Mozilla\Firefox\Profiles\3fbhgvq9.default\searchplugins\qip-search.xml
[2012/05/17 00:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/24 11:22:12 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\VALDODK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3FBHGVQ9.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2011/08/20 00:23:38 | 000,014,961 | ---- | M] () (No name found) -- C:\USERS\VALDODK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3FBHGVQ9.DEFAULT\EXTENSIONS\FIREFOX@RED-COG.COM.XPI
[2012/05/17 00:45:25 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/29 14:47:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/17 00:45:22 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\atlas-sk.xml
[2012/05/17 00:45:22 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\azet-sk.xml
[2011/06/16 01:19:42 | 000,003,195 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml
[2012/05/17 00:45:22 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\dunaj-sk.xml
[2011/09/23 00:39:41 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/06/16 01:20:38 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchaudio.xml
[2012/05/17 00:45:22 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slovnik-sk.xml
[2012/05/17 00:45:22 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sk.xml
[2012/05/17 00:45:22 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\zoznam-sk.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\valdoDK\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\valdoDK\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\valdoDK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\valdoDK\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\valdoDK\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\valdoDK\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Turn Off the Lights = C:\Users\valdoDK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.6_0\
CHR - Extension: YouTube = C:\Users\valdoDK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kalend\u00E1r Google = C:\Users\valdoDK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Box - 5 GB Free Storage = C:\Users\valdoDK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\
CHR - Extension: Kontrola po\u0161ty Google = C:\Users\valdoDK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\

O1 HOSTS File: ([2011/04/07 17:33:27 | 000,001,074 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mybrowserbar.com
O1 - Hosts: 127.0.0.1 www.mybrowserbar.com
O1 - Hosts: 127.0.0.1 download.mybrowserbar.com.mybrowserbar.com
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\valdoDK\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll (FileServe Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\valdoDK\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\valdoDK\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Arvo] C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE (ROCCAT)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [svcnet2] C:\Windows\svcnet2\svcnet2.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001..\Run: [ContourCameraFinder] C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe ()
O4 - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001..\Run: [Facebook Update] C:\Users\valdoDK\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\valdoDK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\valdoDK\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\valdoDK\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\valdoDK\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\valdoDK\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshoo ... /pcd64.cab (Launcher Class)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AED2656-E498-40F1-9A8A-BD5F5FBCEAE5}: DhcpNameServer = 192.168.1.1 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B92BB91-5E24-49CC-92D7-57EE4386D251}: DhcpNameServer = 195.91.0.17 194.154.227.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73851D9B-076D-4B07-A6D5-93A751CBCCA0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1085E2D-BF09-4F9D-BE1A-99251A382DA3}: DhcpNameServer = 194.154.227.17 195.91.0.17
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Users\valdoDK\Desktop\SkypePTT\Skype4COM.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{71f07233-ce62-11df-a644-002219da070c}\Shell - "" = AutoRun
O33 - MountPoints2\{71f07233-ce62-11df-a644-002219da070c}\Shell\AutoRun\command - "" = AUTORUN.EXE
O33 - MountPoints2\{a3905757-675f-11df-806b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a3905757-675f-11df-806b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{bb54a8c3-b884-11e0-974e-002219da070c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb54a8c3-b884-11e0-974e-002219da070c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bb54a8cf-b884-11e0-974e-002219da070c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb54a8cf-b884-11e0-974e-002219da070c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c70cc838-4fdc-11e1-90c7-002219da070c}\Shell - "" = AutoRun
O33 - MountPoints2\{c70cc838-4fdc-11e1-90c7-002219da070c}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{cfaef500-6218-11e1-80fe-002219da070c}\Shell - "" = AutoRun
O33 - MountPoints2\{cfaef500-6218-11e1-80fe-002219da070c}\Shell\AutoRun\command - "" = E:\CMADownloader.exe
O33 - MountPoints2\{f8b05c39-b923-11e0-b5fd-002219da070c}\Shell - "" = AutoRun
O33 - MountPoints2\{f8b05c39-b923-11e0-b5fd-002219da070c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f8b05c3b-b923-11e0-b5fd-002219da070c}\Shell - "" = AutoRun
O33 - MountPoints2\{f8b05c3b-b923-11e0-b5fd-002219da070c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.pDAD - prodad-codec.dll (proDAD GmbH)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.pDAD - C:\Windows\SysWow64\prodad-codec.dll (proDAD GmbH)
Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012/09/03 12:44:52 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\valdoDK\Desktop\OTL.exe
[2012/09/02 23:50:45 | 000,000,000 | ---D | C] -- C:\Users\valdoDK\Desktop\RK_Quarantine
[2012/08/28 10:50:47 | 000,000,000 | ---D | C] -- C:\Users\valdoDK\Desktop\Harry Potter And The Deathly Hallows Part2 (2011) [BRRip]
[2012/08/27 21:22:56 | 000,000,000 | ---D | C] -- C:\Users\valdoDK\Desktop\Delphi
[2012/08/27 21:08:08 | 000,000,000 | ---D | C] -- C:\Users\valdoDK\AppData\Roaming\GullySoft
[2012/08/27 21:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Umíme to s Delphi
[2012/08/27 21:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Umíme to s Delphi
[2012/08/27 21:06:54 | 000,000,000 | ---D | C] -- C:\Users\valdoDK\Documents\RAD Studio
[2012/08/27 21:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero RAD Studio 2010
[2012/08/27 21:02:21 | 001,731,584 | ---- | C] (Apache Software Foundation) -- C:\Windows\SysWow64\xercesLib.dll
[2012/08/27 21:02:21 | 001,572,864 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\xmlrtl140.bpl
[2012/08/27 21:02:21 | 001,500,160 | ---- | C] (Borland Corporation) -- C:\Windows\SysWow64\cc3260mt.dll
[2012/08/27 21:02:21 | 000,873,984 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\websnap140.bpl
[2012/08/27 21:02:21 | 000,442,368 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\midas.dll
[2012/08/27 21:02:21 | 000,325,120 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\xercesxmldom.dll
[2012/08/27 21:02:21 | 000,313,856 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\webdsnap140.bpl
[2012/08/27 21:02:20 | 002,446,848 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vcl140.bpl
[2012/08/27 21:02:20 | 001,785,344 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\rtl140.bpl
[2012/08/27 21:02:20 | 000,877,056 | ---- | C] (Steema Software) -- C:\Windows\SysWow64\tee8140.bpl
[2012/08/27 21:02:20 | 000,857,088 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vclribbon140.bpl
[2012/08/27 21:02:20 | 000,795,136 | ---- | C] (Steema Software) -- C:\Windows\SysWow64\teeui8140.bpl
[2012/08/27 21:02:20 | 000,724,480 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\soaprtl140.bpl
[2012/08/27 21:02:20 | 000,709,632 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vclie140.bpl
[2012/08/27 21:02:20 | 000,456,704 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vcltouch140.bpl
[2012/08/27 21:02:20 | 000,408,576 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vclactnband140.bpl
[2012/08/27 21:02:20 | 000,320,512 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vclimg140.bpl
[2012/08/27 21:02:20 | 000,314,368 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vcldb140.bpl
[2012/08/27 21:02:20 | 000,237,056 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vclx140.bpl
[2012/08/27 21:02:20 | 000,131,584 | ---- | C] (Steema Software ) -- C:\Windows\SysWow64\teedb8140.bpl
[2012/08/27 21:02:20 | 000,102,912 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vclshlctrls140.bpl
[2012/08/27 21:02:20 | 000,072,704 | ---- | C] (Embarcadero Technologies Inc.) -- C:\Windows\SysWow64\vclsmp140.bpl
[2012/08/27 21:02:20 | 000,062,464 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vcldbx140.bpl
[2012/08/27 21:02:20 | 000,054,272 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vclib140.bpl
[2012/08/27 21:02:19 | 001,122,304 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DbxCommonDriver140.bpl
[2012/08/27 21:02:19 | 000,675,328 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\ibxpress140.bpl
[2012/08/27 21:02:19 | 000,352,256 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DBXClientDriver140.bpl
[2012/08/27 21:02:19 | 000,287,744 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\dsnap140.bpl
[2012/08/27 21:02:19 | 000,171,008 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\inet140.bpl
[2012/08/27 21:02:19 | 000,135,680 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DBXMySQLDriver140.bpl
[2012/08/27 21:02:19 | 000,131,584 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DBXInformixDriver140.bpl
[2012/08/27 21:02:19 | 000,116,224 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\dsnapcon140.bpl
[2012/08/27 21:02:19 | 000,108,544 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DBXMSSQLDriver140.bpl
[2012/08/27 21:02:19 | 000,101,888 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DBXSybaseASEDriver140.bpl
[2012/08/27 21:02:19 | 000,094,720 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DBXSybaseASADriver140.bpl
[2012/08/27 21:02:19 | 000,092,160 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DBXInterBaseDriver140.bpl
[2012/08/27 21:02:19 | 000,091,648 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DBXFirebirdDriver140.bpl
[2012/08/27 21:02:19 | 000,080,896 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DBXOracleDriver140.bpl
[2012/08/27 21:02:19 | 000,071,168 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DBXDb2Driver140.bpl
[2012/08/27 21:02:19 | 000,047,616 | ---- | C] (Embarcadero Tecnologies, Inc.) -- C:\Windows\SysWow64\ibevnt140.bpl
[2012/08/27 21:02:19 | 000,047,104 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\dbxcds140.bpl
[2012/08/27 21:02:19 | 000,043,520 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\inetdb140.bpl
[2012/08/27 21:02:19 | 000,017,920 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\inetdbxpress140.bpl
[2012/08/27 21:02:19 | 000,016,896 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\inetdbbde140.bpl
[2012/08/27 21:02:18 | 000,406,016 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\dbrtl140.bpl
[2012/08/27 21:02:18 | 000,334,336 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DataSnapServer140.bpl
[2012/08/27 21:02:18 | 000,289,280 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\bdertl140.bpl
[2012/08/27 21:02:18 | 000,192,000 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\dbexpress140.bpl
[2012/08/27 21:02:18 | 000,176,640 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\adortl140.bpl
[2012/08/27 21:02:18 | 000,038,912 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DataSnapIndy10ServerTransport140.bpl
[2012/08/27 21:02:18 | 000,026,112 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\DataSnapProviderClient140.bpl
[2012/08/27 21:02:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\RAD Studio
[2012/08/27 21:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Embarcadero
[2012/08/27 21:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CodeGear Shared
[2012/08/27 21:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2012/08/27 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\valdoDK\AppData\Roaming\Embarcadero
[2012/08/27 21:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Embarcadero
[2012/08/27 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\valdoDK\AppData\Roaming\CodeGear
[2011/07/12 00:27:35 | 002,452,992 | ---- | C] (McAfee, Inc.) -- C:\Users\valdoDK\McAfeeScanAndRepair_Release.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012/09/03 12:57:57 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/09/03 12:45:20 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 12:45:20 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 12:45:03 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\valdoDK\Desktop\OTL.exe
[2012/09/03 12:45:03 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/03 12:42:15 | 000,739,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/03 12:42:15 | 000,623,428 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/03 12:42:15 | 000,111,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/03 12:38:25 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/03 12:37:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/03 12:37:49 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/02 23:42:05 | 001,377,280 | ---- | M] () -- C:\Users\valdoDK\Desktop\RogueKiller.exe
[2012/09/02 23:34:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001UA.job
[2012/09/02 21:34:01 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001UA.job
[2012/09/02 15:15:35 | 000,935,175 | ---- | M] () -- C:\Users\valdoDK\Desktop\RSITx64.exe
[2012/09/02 02:34:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001Core.job
[2012/09/02 00:34:01 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001Core.job
[2012/09/02 00:18:36 | 006,184,404 | ---- | M] () -- C:\Users\valdoDK\Desktop\PowerAuras-3.0.0S_33500.zip
[2012/08/28 10:02:03 | 005,563,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/03 12:57:57 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/09/02 23:42:04 | 001,377,280 | ---- | C] () -- C:\Users\valdoDK\Desktop\RogueKiller.exe
[2012/09/02 15:15:30 | 000,935,175 | ---- | C] () -- C:\Users\valdoDK\Desktop\RSITx64.exe
[2012/09/02 00:18:00 | 006,184,404 | ---- | C] () -- C:\Users\valdoDK\Desktop\PowerAuras-3.0.0S_33500.zip
[2012/08/27 21:02:21 | 000,378,912 | ---- | C] () -- C:\Windows\SysWow64\vcl140.jdbg
[2012/08/27 21:02:21 | 000,271,344 | ---- | C] () -- C:\Windows\SysWow64\rtl140.jdbg
[2012/08/27 21:02:21 | 000,237,780 | ---- | C] () -- C:\Windows\SysWow64\xmlrtl140.jdbg
[2012/08/27 21:02:21 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\bdeadmin.cpl
[2012/08/27 21:02:21 | 000,144,932 | ---- | C] () -- C:\Windows\SysWow64\websnap140.jdbg
[2012/08/27 21:02:21 | 000,097,116 | ---- | C] () -- C:\Windows\SysWow64\soaprtl140.jdbg
[2012/08/27 21:02:21 | 000,092,192 | ---- | C] () -- C:\Windows\SysWow64\vclribbon140.jdbg
[2012/08/27 21:02:21 | 000,091,696 | ---- | C] () -- C:\Windows\SysWow64\vcltouch140.jdbg
[2012/08/27 21:02:21 | 000,078,192 | ---- | C] () -- C:\Windows\SysWow64\vclie140.jdbg
[2012/08/27 21:02:21 | 000,076,088 | ---- | C] () -- C:\Windows\SysWow64\vclactnband140.jdbg
[2012/08/27 21:02:21 | 000,070,480 | ---- | C] () -- C:\Windows\SysWow64\dbrtl140.jdbg
[2012/08/27 21:02:21 | 000,060,788 | ---- | C] () -- C:\Windows\SysWow64\vcldb140.jdbg
[2012/08/27 21:02:21 | 000,051,788 | ---- | C] () -- C:\Windows\SysWow64\webdsnap140.jdbg
[2012/08/27 21:02:21 | 000,049,564 | ---- | C] () -- C:\Windows\SysWow64\dsnap140.jdbg
[2012/08/27 21:02:21 | 000,045,048 | ---- | C] () -- C:\Windows\SysWow64\vclimg140.jdbg
[2012/08/27 21:02:21 | 000,043,528 | ---- | C] () -- C:\Windows\SysWow64\vclx140.jdbg
[2012/08/27 21:02:21 | 000,043,044 | ---- | C] () -- C:\Windows\SysWow64\bdertl140.jdbg
[2012/08/27 21:02:21 | 000,032,984 | ---- | C] () -- C:\Windows\SysWow64\dbexpress140.jdbg
[2012/08/27 21:02:21 | 000,029,772 | ---- | C] () -- C:\Windows\SysWow64\adortl140.jdbg
[2012/08/27 21:02:21 | 000,027,688 | ---- | C] () -- C:\Windows\SysWow64\inet140.jdbg
[2012/08/27 21:02:21 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\BDSShellRes140.dll
[2012/08/27 21:02:21 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\BDSShellRes.dll
[2012/08/27 21:02:21 | 000,021,360 | ---- | C] () -- C:\Windows\SysWow64\dsnapcon140.jdbg
[2012/08/27 21:02:21 | 000,013,988 | ---- | C] () -- C:\Windows\SysWow64\dbxcds140.jdbg
[2012/08/27 21:02:21 | 000,013,872 | ---- | C] () -- C:\Windows\SysWow64\vcldbx140.jdbg
[2012/08/27 21:02:21 | 000,009,032 | ---- | C] () -- C:\Windows\SysWow64\inetdb140.jdbg
[2012/08/27 21:02:21 | 000,003,260 | ---- | C] () -- C:\Windows\SysWow64\inetdbxpress140.jdbg
[2012/08/27 21:02:21 | 000,002,996 | ---- | C] () -- C:\Windows\SysWow64\inetdbbde140.jdbg
[2012/08/27 21:02:21 | 000,000,218 | ---- | C] () -- C:\Windows\SysWow64\dbexpress140.xml
[2012/08/27 21:02:21 | 000,000,060 | ---- | C] () -- C:\Windows\SysWow64\midas.jdbg
[2012/08/27 21:02:20 | 004,377,600 | ---- | C] () -- C:\Windows\SysWow64\Intraweb_100_140.bpl
[2012/08/27 21:02:19 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\IntrawebDB_100_140.bpl
[2012/07/22 10:06:18 | 000,000,972 | ---- | C] () -- C:\ProgramData\svcnet2.inc
[2012/07/22 10:06:02 | 000,000,012 | ---- | C] () -- C:\ProgramData\svcnet2.cfg
[2012/07/22 10:05:31 | 000,231,789 | ---- | C] () -- C:\Users\valdoDK\fkl-setup (password=2012).exe
[2012/07/01 09:16:01 | 005,591,816 | ---- | C] () -- C:\Users\valdoDK\Dell_QuickSet_A07_R272666.exe
[2012/04/11 21:50:14 | 026,224,213 | ---- | C] () -- C:\Users\valdoDK\tim-snov.psd
[2011/11/16 08:41:08 | 000,077,824 | ---- | C] ( ) -- C:\Users\valdoDK\vypinani pc.exe
[2011/10/31 23:09:01 | 000,876,260 | ---- | C] () -- C:\Users\valdoDK\halusky.psd
[2011/07/28 16:14:14 | 000,000,000 | ---- | C] () -- C:\Users\valdoDK\AppData\Local\{C8234974-37F9-4427-84B3-27BA4A8CF7C8}
[2011/07/20 23:45:23 | 000,020,992 | ---- | C] () -- C:\Users\valdoDK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/19 14:55:16 | 000,473,387 | ---- | C] () -- C:\Users\valdoDK\WoWScrnShot_101910_191122.jpg
[2011/06/19 13:30:00 | 000,000,664 | RHS- | C] () -- C:\Users\valdoDK\ntuser.pol
[2011/05/16 20:56:41 | 000,000,008 | ---- | C] () -- C:\Users\valdoDK\AppData\Roaming\DofusAppId0_1
[2011/05/16 20:51:47 | 000,000,173 | ---- | C] () -- C:\Users\valdoDK\AppData\Roaming\D2Info0
[2011/05/16 20:51:47 | 000,000,008 | ---- | C] () -- C:\Users\valdoDK\AppData\Roaming\DofusAppId0_2
[2011/04/14 21:42:49 | 001,355,623 | ---- | C] () -- C:\Users\valdoDK\uloha2.psd
[2011/04/01 18:33:37 | 000,832,273 | ---- | C] () -- C:\Users\valdoDK\RSITx64.exe
[2011/03/17 22:14:46 | 000,119,876 | ---- | C] () -- C:\Users\valdoDK\ariblk.ttf
[2011/02/26 17:54:30 | 000,019,860 | ---- | C] () -- C:\Users\valdoDK\sign.png
[2011/02/12 12:17:53 | 001,764,959 | ---- | C] () -- C:\Users\valdoDK\nice-music.mp3
[2010/12/26 01:29:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2010/12/21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/12 00:04:17 | 001,112,352 | ---- | C] () -- C:\Users\valdoDK\Videos_sample.m4v
[2010/10/24 13:02:36 | 016,874,568 | ---- | C] () -- C:\Users\valdoDK\R261324.exe
[2010/10/02 23:06:18 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010/09/05 20:44:31 | 000,176,810 | ---- | C] () -- C:\Windows\hppins11.dat
[2010/09/05 20:44:31 | 000,005,707 | ---- | C] () -- C:\Windows\hppmdl11.dat
[2010/06/27 18:50:33 | 000,000,132 | ---- | C] () -- C:\Users\valdoDK\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2010/05/31 22:06:20 | 007,371,781 | ---- | C] () -- C:\Users\valdoDK\003f80a43ec42da993482ef781d5ee1a.PDF
[2010/05/24 22:39:56 | 000,007,611 | ---- | C] () -- C:\Users\valdoDK\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2010/11/14 23:32:34 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\4Media
[2011/05/16 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\app
[2010/10/20 18:41:32 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Ashampoo
[2011/03/22 01:10:40 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Audacity
[2010/05/25 15:18:39 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\BITS
[2012/04/15 00:44:03 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\BitTorrent
[2010/06/27 18:45:05 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/27 21:06:54 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\CodeGear
[2011/06/16 01:19:39 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Complitly
[2012/07/21 22:56:45 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\DAEMON Tools Lite
[2012/07/21 22:56:45 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\DAEMON Tools Pro
[2011/05/16 21:19:04 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Dofus 2
[2011/05/16 20:51:47 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/05/16 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/05/04 00:02:35 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Dropbox
[2012/06/11 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\EAC
[2012/08/27 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Embarcadero
[2010/05/25 18:40:04 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Facebook
[2011/04/26 00:35:58 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\FlashGet
[2010/05/25 15:16:37 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\FlashGetBHO
[2012/09/02 15:57:58 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\foobar2000
[2011/08/05 15:39:05 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\GHISLER
[2012/08/27 21:08:08 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\GullySoft
[2010/11/11 23:57:59 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\HandBrake
[2010/12/26 01:29:46 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\iolo
[2010/11/14 23:01:34 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\iPodtoComputer
[2010/12/13 22:03:23 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\iSilo
[2011/02/26 10:01:01 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Ivacy
[2011/07/22 11:41:02 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Jpeg Resampler
[2010/09/17 17:52:02 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Need for Speed World
[2012/02/05 18:27:16 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Nokia
[2012/02/05 18:27:16 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Nokia Suite
[2010/06/03 15:01:38 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Notepad++
[2010/05/24 19:32:11 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Opera
[2012/02/05 16:55:04 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\PC Suite
[2012/01/29 20:48:02 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\PCDr
[2012/01/31 16:38:01 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\proDAD
[2011/10/26 22:11:44 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\QIP
[2012/03/30 23:16:02 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\QipGuard
[2012/07/10 13:39:29 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Rainmeter
[2011/05/16 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/01/26 20:46:07 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\RIFT
[2010/05/24 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\ROCCAT
[2010/11/14 23:12:06 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\rockbox.org
[2012/01/22 01:45:55 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Screaming Bee
[2011/04/07 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Spotify
[2010/11/06 22:52:48 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/05 20:52:25 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Thinking Minds Budiling Bytes
[2012/09/02 15:37:25 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\TS3Client
[2010/05/24 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Uniblue
[2010/11/09 19:57:07 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\WinAVI
[2010/11/24 17:16:08 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Windows Live Writer
[2012/06/23 10:35:27 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Xilisoft
[2012/09/02 00:34:01 | 000,001,028 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001Core.job
[2012/09/02 21:34:01 | 000,001,050 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001UA.job
[2012/08/28 10:02:15 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/02/25 08:19:30 | 002,388,992 | ---- | M] (Microsoft Corporation) MD5=B87D926D17AE32698C8C970B40B9BFC4 -- C:\Windows\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/21 08:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2012/03/30 12:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 13:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012/03/30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 08:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/29 18:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/21 08:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/21 08:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 18:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[12 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[109 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp files -> C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/11/14 23:32:34 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\4Media
[2012/01/15 22:41:40 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\ABBYY
[2012/06/11 17:35:03 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\AccurateRip
[2011/08/15 15:01:17 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Adobe
[2010/11/06 22:52:49 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Adobe Mini Bridge CS5
[2011/08/15 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\AdobeMuse
[2011/05/16 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\app
[2012/03/09 20:56:11 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Apple Computer
[2010/10/20 18:41:32 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Ashampoo
[2010/05/24 18:18:28 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\ATI
[2011/03/22 01:10:40 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Audacity
[2011/03/22 01:00:28 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\AVS4YOU
[2010/05/25 15:18:39 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\BITS
[2012/04/15 00:44:03 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\BitTorrent
[2010/06/27 18:45:05 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/27 21:06:54 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\CodeGear
[2011/06/16 01:19:39 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Complitly
[2010/12/26 02:04:49 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Creative
[2011/11/05 13:08:16 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\CyberLink
[2012/07/21 22:56:45 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\DAEMON Tools Lite
[2012/07/21 22:56:45 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\DAEMON Tools Pro
[2012/01/29 20:53:54 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Dell
[2010/05/31 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\DivX
[2011/05/16 21:19:04 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Dofus 2
[2011/05/16 20:51:47 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/05/16 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/05/04 00:02:35 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Dropbox
[2012/03/11 16:02:25 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\dvdcss
[2012/06/11 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\EAC
[2012/08/27 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Embarcadero
[2010/05/25 18:40:04 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Facebook
[2010/06/27 22:00:18 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\FastStone
[2011/04/26 00:35:58 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\FlashGet
[2010/05/25 15:16:37 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\FlashGetBHO
[2012/09/02 15:57:58 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\foobar2000
[2011/08/05 15:39:05 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\GHISLER
[2012/08/27 21:08:08 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\GullySoft
[2010/11/11 23:57:59 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\HandBrake
[2010/05/24 17:21:29 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Identities
[2011/04/13 22:21:05 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\InstallShield
[2011/04/13 22:25:07 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Intel Corporation
[2010/12/26 01:29:46 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\iolo
[2010/11/14 23:01:34 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\iPodtoComputer
[2010/12/13 22:03:23 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\iSilo
[2011/02/26 10:01:01 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Ivacy
[2011/07/22 11:41:02 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Jpeg Resampler
[2010/05/24 17:38:33 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Macromedia
[2009/07/14 09:54:45 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Media Center Programs
[2012/04/15 00:44:13 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Media Player Classic
[2012/07/30 21:43:59 | 000,000,000 | --SD | M] -- C:\Users\valdoDK\AppData\Roaming\Microsoft
[2012/08/24 22:34:58 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Mozilla
[2010/09/17 17:52:02 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Need for Speed World
[2012/02/05 18:27:16 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Nokia
[2012/02/05 18:27:16 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Nokia Suite
[2010/06/03 15:01:38 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Notepad++
[2010/05/24 19:32:11 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Opera
[2012/02/05 16:55:04 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\PC Suite
[2012/01/29 20:48:02 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\PCDr
[2012/01/31 16:38:01 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\proDAD
[2011/10/26 22:11:44 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\QIP
[2012/03/30 23:16:02 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\QipGuard
[2012/07/10 13:39:29 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Rainmeter
[2010/12/26 02:06:03 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Reallusion
[2011/05/16 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/01/26 20:46:07 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\RIFT
[2010/05/24 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\ROCCAT
[2010/11/14 23:12:06 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\rockbox.org
[2012/01/22 01:45:55 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Screaming Bee
[2010/08/22 10:00:16 | 000,000,000 | RH-D | M] -- C:\Users\valdoDK\AppData\Roaming\SecuROM
[2012/08/01 23:31:44 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Skype
[2012/02/28 17:36:20 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Sony Corporation
[2011/04/07 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Spotify
[2010/11/06 22:52:48 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/05 20:52:25 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Thinking Minds Budiling Bytes
[2012/09/02 15:37:25 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\TS3Client
[2010/05/24 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Uniblue
[2012/09/01 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\vlc
[2010/11/09 19:57:07 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\WinAVI
[2010/11/24 17:16:08 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Windows Live Writer
[2010/08/21 10:54:01 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\WinRAR
[2012/06/23 10:35:27 | 000,000,000 | ---D | M] -- C:\Users\valdoDK\AppData\Roaming\Xilisoft

< %APPDATA%\*.exe /s >
[2011/03/23 09:48:10 | 000,091,128 | ---- | M] () -- C:\Users\valdoDK\AppData\Roaming\Complitly\KeepMeUpdated.exe
[2011/03/23 09:48:10 | 000,091,128 | ---- | M] () -- C:\Users\valdoDK\AppData\Roaming\Complitly\64\KeepMeUpdated.exe
[2011/03/31 04:42:50 | 023,360,040 | ---- | M] (Dropbox, Inc.) -- C:\Users\valdoDK\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011/03/31 04:43:18 | 000,155,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\valdoDK\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010/05/25 18:40:04 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\valdoDK\AppData\Roaming\Facebook\uninstall.exe
[2011/08/15 15:00:53 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\valdoDK\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/05/24 18:07:59 | 000,010,134 | R--- | M] () -- C:\Users\valdoDK\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
[2010/05/24 18:07:59 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\valdoDK\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
[2011/11/27 22:39:06 | 000,010,134 | R--- | M] () -- C:\Users\valdoDK\AppData\Roaming\Microsoft\Installer\{6AE22174-4FFA-4572-B692-31F0C386ED38}\ARPPRODUCTICON.exe
[2012/01/30 22:18:25 | 000,029,926 | R--- | M] () -- C:\Users\valdoDK\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2011/02/24 14:07:18 | 001,004,928 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\valdoDK\AppData\Roaming\Mozilla\Firefox\Profiles\3fbhgvq9.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe
[2012/01/29 20:47:58 | 001,802,808 | ---- | M] (Dell Inc) -- C:\Users\valdoDK\AppData\Roaming\PCDr\Plugin\aulauncher.exe
[2011/08/10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\valdoDK\AppData\Roaming\PCDr\Update\Rules\1dfb13dd-3ebb-4436-90df-b9431505b151\au_5899_rules\AddCertificate.exe
[2011/08/10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\valdoDK\AppData\Roaming\PCDr\Update\Rules\3373952b-ef3b-44c4-9f46-6e831acf0719\au_5899_rules\AddCertificate.exe
[2011/08/10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\valdoDK\AppData\Roaming\PCDr\Update\Rules\34d1c8d6-4fe8-4e5f-a57d-efdfa6de5136\au_5899_rules\AddCertificate.exe
[2011/08/10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\valdoDK\AppData\Roaming\PCDr\Update\Rules\3e3f3788-bc6d-4f68-b90b-1794d152f1a2\au_5899_rules\AddCertificate.exe
[2011/08/10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\valdoDK\AppData\Roaming\PCDr\Update\Rules\5ffdbf28-d77a-41b8-afda-4031c232b7fe\au_5899_rules\AddCertificate.exe
[2012/07/10 12:29:16 | 000,009,216 | -H-- | M] () -- C:\Users\valdoDK\AppData\Roaming\Rainmeter\Rainmeter.exe
[2012/07/10 13:38:41 | 000,763,381 | ---- | M] () -- C:\Users\valdoDK\AppData\Roaming\Rainmeter\Addons\RainRGB\RainRGB.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012/09/02 00:34:01 | 000,001,028 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001Core.job
[2012/09/02 21:34:01 | 000,001,050 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001UA.job
[2012/09/03 12:38:25 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/09/03 12:45:03 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/09/02 02:34:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001Core.job
[2012/09/03 13:34:11 | 000,000,954 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001UA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"iCloudServices" = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe -- [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.)
"Google Update" = "C:\Users\valdoDK\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010/05/24 17:39:12 | 000,136,176 | ---- | M] (Google Inc.)
"MobileDocuments" = C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe -- [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.)
"ContourCameraFinder" = "C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe" -- [2012/02/10 04:18:24 | 000,096,256 | ---- | M] ()
"Facebook Update" = "C:\Users\valdoDK\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver -- [2012/07/12 00:29:22 | 000,138,096 | ---- | M] (Facebook Inc.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012/05/17 00:45:24 | 000,924,632 | ---- | M] (Mozilla Corporation) MD5=11CCA710674739E3DB8F7450A5B650B6 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012/06/29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2010/04/28 13:45:50 | 000,835,952 | ---- | M] (Opera Software) MD5=62FB2BDF0011C431CB553828BE657C7C -- C:\Program Files (x86)\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012/09/03 12:57:57 | 000,000,512 | ---- | M] () MD5=F7F46DDC1749006B31B923B497BEE4BA -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2010/03/04 22:37:46 | 000,000,721 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\HfxXML\Crackers.xml
[2010/03/04 22:37:46 | 000,000,738 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\HfxXML\FireCracker.xml
[2010/03/04 22:37:46 | 000,010,179 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\65 - Patriotic\FireCracker.hfx
[2010/03/04 22:37:46 | 000,008,201 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\70 - Foods\Crackers.hfx
[2010/03/04 22:45:04 | 001,543,882 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Food\Cracker.hfo
[2010/03/04 22:45:06 | 000,026,143 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker BAM.hfo
[2010/03/04 22:45:06 | 000,027,267 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker bottom.hfo
[2010/03/04 22:45:06 | 000,080,879 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker top.hfo
[2010/10/19 14:32:04 | 000,843,284 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack Vx.wav
[2010/10/19 14:32:04 | 000,843,284 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack.wav
[2010/10/19 14:32:06 | 000,597,884 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Hrající si děti\Bat Crack .wav
[2010/10/19 14:32:08 | 016,633,220 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Zimní radovánky\Crackling Hearth.wav
[2011/04/16 22:15:30 | 000,015,488 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetailcrackndetailncrack.cfx
[2011/04/16 22:15:31 | 000,015,476 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
[2011/04/16 22:15:31 | 000,015,896 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
[2011/04/16 22:15:31 | 000,016,572 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
[2011/04/16 22:15:32 | 000,015,232 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
[2011/04/16 22:15:31 | 000,016,152 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
[2011/04/16 22:15:30 | 000,015,908 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
[2011/04/16 22:15:30 | 000,016,584 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
[2011/04/16 22:15:30 | 000,015,232 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
[2011/04/16 22:15:30 | 000,016,164 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
[2011/04/16 22:15:30 | 000,015,708 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
[2011/04/16 22:15:31 | 000,015,696 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
[2011/04/16 22:15:31 | 000,016,116 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
[2011/04/16 22:15:31 | 000,016,792 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
[2011/04/16 22:15:32 | 000,015,452 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
[2011/04/16 22:15:31 | 000,016,372 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
[2011/04/16 22:15:30 | 000,016,128 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
[2011/04/16 22:15:30 | 000,016,804 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
[2011/04/16 22:15:30 | 000,015,452 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
[2011/04/16 22:15:30 | 000,016,384 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223032_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
[2011/05/08 21:00:15 | 000,015,488 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetailcrackndetailncrack.cfx
[2011/05/08 21:00:17 | 000,015,476 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
[2011/05/08 21:00:17 | 000,015,896 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
[2011/05/08 21:00:17 | 000,016,572 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
[2011/05/08 21:00:18 | 000,015,232 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
[2011/05/08 21:00:17 | 000,016,152 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
[2011/05/08 21:00:15 | 000,015,908 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
[2011/05/08 21:00:16 | 000,016,584 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
[2011/05/08 21:00:16 | 000,015,232 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
[2011/05/08 21:00:16 | 000,016,164 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
[2011/05/08 21:00:15 | 000,015,708 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
[2011/05/08 21:00:17 | 000,015,696 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
[2011/05/08 21:00:17 | 000,016,116 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
[2011/05/08 21:00:17 | 000,016,792 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
[2011/05/08 21:00:18 | 000,015,452 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
[2011/05/08 21:00:17 | 000,016,372 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
[2011/05/08 21:00:15 | 000,016,128 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
[2011/05/08 21:00:16 | 000,016,804 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
[2011/05/08 21:00:16 | 000,015,452 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
[2011/05/08 21:00:16 | 000,016,384 | ---- | M] () -- \Users\valdoDK\Documents\Battlefield Play4Free\mods\main\cache\{D7B71EE2-D6D3-11CF-B177-7822BEC2C535}_223334_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
[2009/08/01 12:35:34 | 021,253,956 | ---- | M] () -- \Users\valdoDK\Music\iTunes\Mobile Applications\MyBrute-v1.4.cracked-COREPDA-SUPAAZN.ipa

< *keygen* /s >
[2010/05/13 19:36:48 | 000,063,877 | ---- | M] () -- \Users\valdoDK\Adobe After Effects CS5\Ad0b3.Aft3r.3ff3cts.CS5.v10.0.x64.Incl\keygen.exe
[2010/05/13 19:36:48 | 000,058,191 | ---- | M] () -- \Users\valdoDK\Adobe After Effects CS5\Ad0b3.Aft3r.3ff3cts.CS5.v10.0.x64.Incl\keygen_plugin.exe
[2011/06/20 14:27:44 | 000,093,184 | ---- | M] () -- \Users\valdoDK\Picture Collage Maker Pro\Lz0\Keygen.exe

< *loader* /s >
[2010/11/10 01:29:54 | 005,297,608 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\Photodownloader.exe
[2010/03/09 01:38:58 | 000,011,161 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2010/03/09 01:38:58 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\de_de\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\en_us\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\es_es\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\it_it\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\no_no\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,308 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2010/03/09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2012/02/24 04:29:58 | 000,059,240 | ---- | M] () -- \Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
[2012/02/24 04:29:58 | 000,735,080 | ---- | M] () -- \Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader_main.dll
[2011/08/08 00:17:05 | 000,000,194 | ---- | M] () -- \Program Files (x86)\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2006/10/26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2010/03/03 14:17:54 | 000,470,551 | ---- | M] () -- \Program Files (x86)\DAEMON Tools Pro\AutoLoader_DT_loader_0.4.exe
[2010/03/03 15:10:36 | 000,691,200 | ---- | M] () -- \Program Files (x86)\DAEMON Tools Pro\DTAgent_loader_0.4.exe
[2010/05/24 19:59:18 | 000,000,080 | ---- | M] () -- \Program Files (x86)\DAEMON Tools Pro\dt_loader.ini
[2010/03/03 15:09:58 | 000,688,640 | ---- | M] () -- \Program Files (x86)\DAEMON Tools Pro\DT_loader_0.4.exe
[2009/11/03 06:02:00 | 000,000,632 | ---- | M] () -- \Program Files (x86)\Embarcadero\RAD Studio\7.0\Welcomepage\js\detailMenuLoader.js
[2009/11/03 06:02:00 | 000,001,424 | ---- | M] () -- \Program Files (x86)\Embarcadero\RAD Studio\7.0\Welcomepage\js\mainMenuLoader.js
[2009/11/03 06:02:00 | 000,010,389 | ---- | M] () -- \Program Files (x86)\Embarcadero\RAD Studio\7.0\Welcomepage\js\projectLoader.js
[2009/11/03 06:02:00 | 000,004,183 | ---- | M] () -- \Program Files (x86)\Embarcadero\RAD Studio\7.0\Welcomepage\js\wpLoader.js
[2011/09/02 18:10:46 | 003,481,880 | ---- | M] () -- \Program Files (x86)\FileServe Manager\ComDownloader.dll
[2011/09/02 17:59:24 | 000,049,152 | ---- | M] () -- \Program Files (x86)\FileServe Manager\Interop.ComDownloaderLib.dll
[2010/10/22 09:35:06 | 000,002,713 | ---- | M] () -- \Program Files (x86)\FileServe Manager\xulrunner\components\uriloader.xpt
[2011/09/23 00:40:00 | 000,000,105 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\img\hosterlogos\uploader.pl.png
[2012/01/26 20:38:50 | 000,270,288 | ---- | M] () -- \Program Files (x86)\Sony\Content Manager Assistant\CMADownloader.exe
[2011/08/08 00:17:20 | 000,007,020 | ---- | M] () -- \Program Files (x86)\StarCraft II\Logs\Downloader.log
[2010/07/28 01:40:57 | 002,643,520 | ---- | M] () -- \Program Files (x86)\StarCraft II\Support\BlizzardDownloader.exe
[2012/02/27 07:59:16 | 000,195,584 | ---- | M] () -- \Program Files (x86)\Xilisoft\Audio Converter 6\acloader.exe
[2012/02/27 07:59:58 | 000,005,932 | ---- | M] () -- \Program Files (x86)\Xilisoft\Audio Converter 6\plugins\loader.avsi
[2010/03/15 11:27:20 | 000,054,784 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2012/04/15 11:14:26 | 000,004,068 | ---- | M] () -- \ProgramData\Electronic Arts\Need For Speed World\Data\GFX\_RadialFlareLoader_Double.gfx
[2012/04/15 11:14:26 | 000,004,068 | ---- | M] () -- \Users\All Users\Electronic Arts\Need For Speed World\Data\GFX\_RadialFlareLoader_Double.gfx
[2011/12/09 21:06:42 | 000,000,673 | ---- | M] () -- \Users\valdoDK\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_18631\CRX_INSTALL\Media\ajax-loader.gif
[2011/11/28 01:57:47 | 000,000,673 | ---- | M] () -- \Users\valdoDK\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_32247\CRX_INSTALL\Media\ajax-loader.gif
[2011/11/29 00:20:44 | 000,000,673 | ---- | M] () -- \Users\valdoDK\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_463\CRX_INSTALL\Media\ajax-loader.gif
[2011/10/22 09:27:31 | 000,000,000 | ---- | M] () -- \Users\valdoDK\AppData\Roaming\Apple Computer\MediaStream\ul\assetStreamUploader.log
[2010/03/06 07:30:38 | 000,847,040 | ---- | M] () -- \Users\valdoDK\AppData\Roaming\Facebook\axfbootloader.dll
[2009/03/25 21:44:20 | 002,172,400 | ---- | M] () -- \Users\valdoDK\Games\WOW\BackgroundDownloader.exe
[2008/12/19 20:22:00 | 001,120,976 | ---- | M] () -- \Users\valdoDK\Games\WOW\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe
[2008/12/19 20:55:40 | 001,073,840 | ---- | M] () -- \Users\valdoDK\Games\WOW\WoW-3.0.2.9056-to-3.0.3.9183-enGB-downloader.exe
[2010/03/04 09:08:34 | 002,104,496 | ---- | M] () -- \Users\valdoDK\Games\WOW\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe
[2010/03/04 09:47:28 | 002,391,456 | ---- | M] () -- \Users\valdoDK\Games\WOW\WoW-3.2.0.10192-to-3.3.0.10958-enGB-downloader.exe
[2010/03/04 10:42:18 | 002,336,112 | ---- | M] () -- \Users\valdoDK\Games\WOW\WoW-3.3.0.10958-to-3.3.0.11159-enGB-downloader.exe
[2010/03/04 10:43:42 | 002,350,144 | ---- | M] () -- \Users\valdoDK\Games\WOW\WoW-3.3.0.11159-to-3.3.2.11403-enGB-downloader.exe
[2010/06/03 14:15:53 | 002,654,392 | ---- | M] () -- \Users\valdoDK\Games\WOW\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe
[2010/06/03 14:30:25 | 002,640,192 | ---- | M] () -- \Users\valdoDK\Games\WOW\WoW-3.3.3.11685-to-3.3.3.11723-enGB-downloader.exe
[2010/07/27 01:39:32 | 002,711,048 | ---- | M] () -- \Users\valdoDK\Games\WOW\WoW-3.3.3.11723-to-3.3.5.12213-enGB-downloader.exe
[2010/07/27 01:43:05 | 002,710,448 | ---- | M] () -- \Users\valdoDK\Games\WOW\WoW-3.3.5.12213-to-3.3.5.12340-enGB-downloader.exe
[2008/12/19 15:18:38 | 000,003,026 | ---- | M] () -- \Users\valdoDK\Games\WOW\Data\enGB\Documentation\Troubleshooting\(Mac)BlizzardDownloaderProblems.html
[2008/12/19 15:18:38 | 000,004,261 | ---- | M] () -- \Users\valdoDK\Games\WOW\Data\enGB\Documentation\Troubleshooting\(PC)BlizzardDownloaderProblems.html
[2010/05/24 03:33:30 | 000,000,382 | ---- | M] () -- \Users\valdoDK\Games\WOW\Interface\Addons\Prat-3.0\pullouts\Prat-3.0_Loader\Prat-3.0_Loader.toc
[2010/07/27 01:45:49 | 000,024,329 | ---- | M] () -- \Users\valdoDK\Games\WOW\Logs\Downloader.log
[2010/09/23 14:40:24 | 000,214,528 | ---- | M] () -- \Users\valdoDK\JDownloader\JDownloader.exe
[2010/09/23 14:40:24 | 000,594,713 | ---- | M] () -- \Users\valdoDK\JDownloader\JDownloader.jar
[2010/12/27 17:33:07 | 000,000,105 | ---- | M] () -- \Users\valdoDK\JDownloader\jd\img\hosterlogos\uploader.pl.png
[2010/09/23 14:41:34 | 000,006,975 | ---- | M] () -- \Users\valdoDK\JDownloader\jd\plugins\hoster\UploaderPl.class
[2010/09/23 14:43:08 | 000,032,222 | ---- | M] () -- \Users\valdoDK\JDownloader\licenses\jdownloader.license
[2012/02/20 11:09:20 | 012,446,401 | ---- | M] () -- \Users\valdoDK\Music\100_Hits_Dancefloor\100 Hits Dancefloor\CD 4\04. Ruff Loaderz & The Cut Up Boys - Music Sounds Better With You.mp3
[2012/07/02 02:37:13 | 013,399,116 | ---- | M] () -- \Users\valdoDK\Music\iTunes\Mobile Applications\TDownloader 1.1.ipa
[2010/01/23 18:50:08 | 008,448,209 | ---- | M] () -- \Users\valdoDK\Music\Just Dance 2009\10. DAVE DARELL - Freeloader (Original Radio Edit).mp3
[2008/09/14 13:22:42 | 000,000,570 | ---- | M] () -- \Users\valdoDK\Music\POLEMIC\Polemic - Gangster-SKA\Elite uploaders group.txt
[2008/09/14 12:22:42 | 000,000,570 | ---- | M] () -- \Users\valdoDK\Music\POLEMIC\Polemic - Nenudin\Elite uploaders group.txt
[2008/01/19 14:59:14 | 000,012,642 | ---- | M] () -- \Users\valdoDK\Pictures\GRAFIKA\BEST NEW ranks FOR CF by valdoDK\Uploader.png
[2012/07/09 13:57:32 | 1490,911,232 | ---- | M] () -- \Users\valdoDK\Videos\new films\Tower Heist (2011) [BRRip]\Tower.Heist.2011.BRRip.XVID.AC3.by.Colly.of.PowerUploaders.avi
[2012/07/14 00:00:04 | 000,092,088 | ---- | M] () -- \Users\valdoDK\Videos\new films\Tower Heist (2011) [BRRip]\Tower.Heist.2011.BRRip.XVID.AC3.by.Colly.of.PowerUploaders.srt
[2010/05/24 20:19:13 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2010/11/20 12:09:38 | 000,004,290 | ---- | M] () -- \Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_73a52105efe44483.manifest
[2010/11/20 14:33:18 | 000,004,338 | ---- | M] () -- \Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_344529e2e1c53ac6.manifest
[2011/07/16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2012/04/26 14:26:34 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2011/07/16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2012/04/26 14:26:34 | 000,012,532 | ---- | M] () -- \Windows\SysWOW64\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 09:18:33 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_66f39ad995474166\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/02 08:23:09 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_66e5ca0f95521152\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:04:54 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 08:39:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_673e58b0ae93bb84\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 09:04:21 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_68daf829926cc6a9\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 08:44:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 09:00:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_695ac552ab919bbb\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 08:40:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_694ff566ab99b7ac\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 09:44:39 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 09:44:39 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009/07/14 09:44:39 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009/07/14 09:44:39 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009/07/14 09:44:39 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2011/06/28 23:11:18 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/06/28 23:11:18 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2011/06/28 23:11:18 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2011/06/28 23:11:18 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2011/06/28 23:11:18 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009/07/14 09:43:41 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011/02/05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011/02/05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010/11/20 06:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/02/05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/02/05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 08:22:35 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/02 07:45:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 08:13:36 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:47:28 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 09:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 08:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

========== Files - Unicode (All) ==========
[2010/10/03 22:32:24 | 000,516,110 | ---- | M] ()(C:\Users\valdoDK\Documents\????????? ???????????? ?????.pptx) -- C:\Users\valdoDK\Documents\Словацкий национальный театр.pptx
[2010/10/03 22:32:23 | 000,516,110 | ---- | C] ()(C:\Users\valdoDK\Documents\????????? ???????????? ?????.pptx) -- C:\Users\valdoDK\Documents\Словацкий национальный театр.pptx

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1C422577

< End of report >

Tu extras

OTL Extras logfile created on: 3. 9. 2012 12:52:46 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\valdoDK\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,97 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,67% Memory free
7,93 Gb Paging File | 6,48 Gb Available in Paging File | 81,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 23,37 Gb Free Space | 7,84% Space Free | Partition Type: NTFS

Computer Name: VALDODK-XPS | User Name: valdoDK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0021069F-08A2-49D1-8B66-21B659D354ED}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0D674678-F1BB-44BE-B47F-CD3BC6428A0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14F8E7A7-0E8A-42FB-ACEB-7D4587CC8191}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{192DEA75-32A1-4B42-A3F3-B5384510E61D}" = lport=137 | protocol=17 | dir=in | app=system |
"{26741969-A751-460F-B0F0-99F7B04808B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C418016-4DAA-4E01-ADBB-48D37C09AD94}" = rport=138 | protocol=17 | dir=out | app=system |
"{3412CD7F-B6F7-4E6B-ABE1-A69F30554798}" = rport=445 | protocol=6 | dir=out | app=system |
"{3F910879-17E4-468A-B536-7B1363D7D015}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{460FAA8B-AA2A-4079-9A93-19306A497D2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D3851D1-3B17-496D-BEA0-49B68EA65664}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54F43126-9CF8-4324-93A4-81A3FD689CFA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6158E1A3-5D87-4A1E-A24E-E4ED2816907C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{617932C6-0E69-4CDF-A8A9-7D735F001F33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64286E2F-FE57-46D6-8748-4AC2E3DB7F45}" = lport=2869 | protocol=6 | dir=in | app=system |
"{644026F0-5212-445E-A5BC-737CA81FE6AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70144BF5-0F35-4BD1-B70E-E5AD4894D9B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{790D9982-683A-4BD1-A909-1BAD67877F37}" = lport=138 | protocol=17 | dir=in | app=system |
"{7A7DB2D7-6845-42A7-9B22-EEF69A0350D9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{820BB35A-448A-4D99-8271-CEE6EB925829}" = rport=139 | protocol=6 | dir=out | app=system |
"{A9109332-4AF0-497B-9EE6-789E3A8E6A69}" = lport=445 | protocol=6 | dir=in | app=system |
"{AB4BBB3C-44CC-4635-81D6-088E7E1452E0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C24156DE-49A5-445E-A836-13DDB2F51E38}" = lport=139 | protocol=6 | dir=in | app=system |
"{C6DE6C6F-8449-4A33-8762-620ED78F6994}" = rport=137 | protocol=17 | dir=out | app=system |
"{E0199F6F-8187-4AE0-A25F-6CA36A72167E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{EE8FF255-0172-4588-99EC-644D02AE48F6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F9B8F537-AFE6-4DCE-9839-A30F99BC8037}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A90710-296C-4CB3-93D5-18C8A17DC940}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{037054C5-8479-4254-9462-B075AECF6D2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{04785791-C193-4563-A888-82BD12FE375B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{05CB6BD9-D421-4F16-832D-AA0B26F0DE9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09DA5109-9A5C-49C1-84C7-0CA0D84E593E}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{0B06F903-1B69-48DE-A119-CC424C015365}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0BCA7B61-CD46-49C8-A1D7-0106AEBFBED2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0EDD8EDE-8734-4427-B6FC-1F7B79BDA470}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{177F3CEF-21FE-4261-B1F2-E127D0A5C55F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1789FE0C-3555-418B-B9F5-874325B262FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17B4ED21-7FC9-4C34-80B2-B89B42BE2C45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1CC3146B-00CD-46FC-8C1B-F4C6AE7B3DA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1EEECBB1-16FB-412C-B02B-1E6916709B61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F05FEBE-A221-4434-92C3-13F0B0712055}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{20918BAB-00A0-4808-9A7B-9A9EF2D285F2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{20DA3623-08D8-474E-A746-11A797F2CAE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{222AB006-E2E5-44F2-A5FC-E8DAB1A4A05B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2527500E-0A2F-4D5C-B099-2587147C3553}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{27AC33EA-9F3F-4092-8DFF-BA81F6050948}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{29D09B7D-5E76-4F81-A342-7904D2FFB92B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E454183-A136-4A0D-B986-73277A1C9B89}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F0D256A-983F-477F-B43F-1158CC1246BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FCCB39B-3A68-4D81-B706-5D6151870199}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{305EA932-C8F1-4F2F-A0D7-9B08283EA7E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3160EAB7-9FA8-4DA6-A62A-2857ADB633CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{32E8F30C-1592-473E-BD43-9999831B2B50}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{334AD2D3-F7B2-47E2-B4F2-420E885F5674}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{358016B0-FFF1-4022-8C32-3A14E8C45537}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3659DE95-6F35-4459-A15E-2382705BEFAB}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{3700BCEF-4C99-43E7-9165-FE3066D2AD2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37C4C73E-6D50-4002-BC5C-530F3B26D619}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3A9D55A2-93D1-4632-9042-2BEBDD787D47}" = protocol=6 | dir=out | app=system |
"{3AA467F0-42B7-47D8-956E-4697CFEB5951}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3CB9604C-73E1-405A-8957-E0C6E49EDFF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{40A5F118-8BC3-4BC9-BB85-FA8CB5B61F32}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{43A51CAA-AA32-461A-A4CB-E1F537F48E09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{43B8D6DD-B554-40A6-AC06-50F7EA12BA6A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4401C338-DC48-42D3-927E-5D025AD3B556}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4792882B-A27D-406E-906B-BC9F65655F2E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{490567CD-DC06-49CC-9881-AFE8F357BCE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{491F2E53-E15F-47FC-A607-4695BCE92667}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B113473-13AD-4521-88CD-CBF482DF35F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4C16DC8D-25BF-4E98-BBC3-683E019F0519}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D9CDD35-EAEC-4DEE-8867-DC20DA0C8296}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F1CE601-97B0-45A2-A0D7-16D90A548374}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FE13DA3-51AA-44BA-94DE-D301CE8C1413}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51819AEC-EBA1-4B16-9176-ECA0289BBD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{52C9016D-15B7-4940-9F4D-97269EA65EA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{53BA8A5B-23A1-4765-82A1-71E4DE6B4C98}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{54A600B0-B401-48BA-B384-F0D2E330869D}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |
"{54DB231B-2104-4ADB-A3B2-61DF85A91C6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5BED9316-BDEE-41FF-9B03-DBB8042B0DFF}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{5D71AC77-5999-4E18-BFEE-45A8D4E42E59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{60BDA8DD-8A8D-4696-90E7-A0157310DF16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62A87242-E328-498A-A70D-91847FE45A09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{63CB6EE0-6FDF-4035-BFB5-C843457A5FBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{63CEEB3D-CD64-4A42-8CFB-49D0E1E4CCA9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6747114A-2F1D-4C00-8770-C0160D317CCC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{688EDCA6-837E-4CA2-AEFE-B26D6B881409}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{689C3463-AFFF-4D5D-9F06-94F01A481E3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6946D2A3-B46F-45B6-BAA1-9AAB549669E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6EA56882-08F9-43DC-A09C-EF3336A5DE51}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{6F4A684B-EF74-461D-9689-976A8740A339}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{77CC2EC3-4674-4003-BD1C-EA203E250C03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7A190879-533A-4E62-B139-833ABD8811D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7CE7D5BB-2F0E-412A-A51B-ED9F1A47FCFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7F549E83-47B2-475D-A800-CB3EAAA621FA}" = protocol=6 | dir=in | app=c:\users\valdodk\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{80935763-B691-485E-9E3B-BCDC286C8FEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8524C790-EEFD-47C1-A356-DEF6FF269D80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{86E20A8F-BB70-4320-B14B-EDC1EC17FB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{872CAAD4-5240-4539-80F4-797CF44B6F7D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{876E540E-27EA-4E23-BFD5-9A224504E12F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8774F720-6C77-4C2B-9280-7AC5C046E228}" = protocol=17 | dir=in | app=c:\users\valdodk\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{87CCCADF-230B-48A6-9D7F-9798238BC688}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{884CCD8B-B8C5-4B15-BA3B-88D399B60ADC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88A8F208-B3E6-4DA3-9C5B-C87C409C8753}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{89D2A741-677A-4A9F-94DE-D0F3CF55CCE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A834DE0-AB18-4B56-B4EC-DEDAFCA71298}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8BDC9A0F-A693-40EC-AE68-1829EB5B4DE0}" = protocol=6 | dir=in | app=c:\users\valdodk\appdata\roaming\dropbox\bin\dropbox.exe |
"{8ED6D8C0-93B0-433E-9E94-D9EFE34221B7}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8FCAE844-494A-4B9B-8CAE-CB6A936619AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90321B2D-CEB4-41A8-A7DF-EF9DE2455292}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91F49FBE-E420-4F53-A261-DC57A11CCFCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9448DF73-243B-4DF5-BD30-7330C2AFE96F}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{96408CB5-2024-4912-8520-DB397D31BCDC}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |
"{96565017-081C-4A94-A79A-FC4B2380BF53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96F4E5F0-80E4-454D-A1FC-BBDD5AD1F452}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{97828F1C-D588-4D73-8584-DC07C67502CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{99868D27-726D-4AE8-A7C6-091C7F3BF651}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{9F1E1227-3055-496C-91DC-43BF3159AEE0}" = protocol=17 | dir=in | app=c:\users\valdodk\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A07F94B0-933C-4818-AC59-BBB421AE3420}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A533D4BD-AE2B-460D-A166-4BC275EA9940}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7ECD17F-90AF-4920-A334-978B9BDE6507}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A935A692-D4A8-4F2C-B819-459EBDB1388E}" = dir=in | app=c:\users\valdodk\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{ACB6D49C-185C-400D-BDE7-4CE1C810AD53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ADCB3177-8C25-4EE3-9A45-6A18D9D59F77}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |
"{ADE29793-C47C-4C3D-9E3E-B222173E98E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B11F8CFC-F985-4E89-B981-229C055F45CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B124744D-72A9-4D76-85DF-531FAB0E278A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B1EF8992-8023-475F-9678-444A419A9C49}" = protocol=6 | dir=in | app=c:\users\valdodk\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B2A4E5FC-23E6-43B9-9BED-96BC2FD9123B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B5D57C85-E966-4B79-A3DB-33600F72CE87}" = protocol=17 | dir=in | app=c:\users\valdodk\appdata\roaming\dropbox\bin\dropbox.exe |
"{B65FDA93-6F39-443C-A5DA-2E806BB23D04}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B9005E60-D448-4B73-89E1-91CC9F2E9DF3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BA9919FC-B375-483F-85A4-B10DA5726635}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{BBD033BE-488F-4FA1-85D2-178900130376}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDF3D75F-868A-4E84-AF49-DFD9C3BFD062}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE038EFE-0F7C-42DB-9A65-D102C8961F1C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BF372C11-45F5-43C0-94D2-9DAAE64433A6}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |
"{C4A9F808-7B3B-4C14-A64F-A66B453802CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7D24656-B0B0-4993-8C8A-2BE41ED3804D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C87F79BF-7A47-4AFC-9C96-F4AA62AAD916}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C94F9C3B-3322-4B35-ADE4-52B76E90A8B5}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{CA934B3B-D07E-49F6-A2CD-255911C364EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CDE01EC2-198F-4FB8-96A9-F713D6834180}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D04E17E5-4902-4281-8B1D-D9ECFEC51A3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D1A65887-8957-4021-8ECF-2D46E5948166}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2E9244D-9E83-47AB-80D3-316F467BB625}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6122D96-4AF9-4998-A7E1-FA54AC9C1C8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D85F1208-9D8D-4FB7-96CC-C83970433FEC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DAC191F0-3662-4FB8-9084-2BD6F7FBCFAC}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |
"{DAE0557E-0613-4DEB-8E65-6EA4CC0BCD60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DDCBB1D8-C829-44C6-888A-786CE7B93420}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{DE2EEF91-5484-424F-9C7B-20AB413B3986}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DFF26206-F48E-45B2-A47A-498E404948F6}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |
"{E35E397E-6812-426A-B39A-289B62D99D4B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E494C9F5-8CF0-4D95-8440-FBCF2D072E97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kzm_@hotmail.com\counter-strike\hl.exe |
"{E5572853-0459-4E5C-A497-12072E3E5E67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kzm_@hotmail.com\counter-strike\hl.exe |
"{E6BF2632-F81F-4CAD-A4B0-BFF2A310033A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E8F78BE0-75D0-4C04-A463-B9E5161F7342}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E94E9430-8099-4A26-82A9-985D073A1CBF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA867AF5-AA14-4C40-916E-D397E5298A52}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EAA592F5-D39D-4D2D-92B9-32D53FF5A30A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3B6369D-AEB4-47F8-8355-5D0BA5400F1D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3E108DA-2D6F-4BD3-BC8D-C3210498AC3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F7659885-8DAE-419C-9896-FAEE019EEA2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F99340C8-3D89-4DD1-84AD-28FAE8E4280D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F99B6961-FBA1-47C3-A001-6AE975EDCA5E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FAA92C52-FF27-42AD-94D1-C82C7724CA80}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{11DF77A0-664E-44E5-B238-B445C2776123}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{1DCD3692-0364-4397-98B3-E8D3C684884D}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{20CC112F-41B5-4D92-AAC8-2BDBE9EF15EE}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"TCP Query User{2CC01517-66ED-40C0-9726-AE3A64813D77}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{366F5C88-9CB1-4CA6-93A8-D4EA8A159D4C}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{37A8A58C-7492-4595-BE48-3DE9E6086B4A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{396C931F-C4AA-42E5-9B38-0BEF341B61A1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{4E1A3ABF-3FAE-4DB6-BAE7-B6329FF9DC25}C:\program files (x86)\spacialaudio\sambc\sambc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spacialaudio\sambc\sambc.exe |
"TCP Query User{545392BB-6396-4F66-8548-4CA8B8BBEDCB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{571FDB69-7273-4361-883B-0FCDEF82F0A1}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"TCP Query User{81BE0E98-0A7E-43C4-8AEB-D0AFEDC989BE}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"TCP Query User{937C00E2-1E9D-4321-BCDA-D69CD90520FB}C:\users\valdodk\games\wow\launcher.exe" = protocol=6 | dir=in | app=c:\users\valdodk\games\wow\launcher.exe |
"TCP Query User{98E42F37-37CC-4E76-81A3-037506F28A01}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{A3BF15F5-D69B-46FD-8E33-B794A1C6CAB6}C:\program files (x86)\qip infium\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\qip.exe |
"TCP Query User{C6663D9F-27DF-414A-A0F0-28C54A9979F2}C:\users\valdodk\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\valdodk\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FBA7AB77-5DBA-4343-8351-27F89D780F1C}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{0AFAD9A5-2763-4CFE-BB7C-B5E32982AEC5}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{16741E0D-A690-4F01-9C38-446C1AE38465}C:\program files (x86)\spacialaudio\sambc\sambc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spacialaudio\sambc\sambc.exe |
"UDP Query User{2D7053AB-2EAF-4B68-AEC4-7C20E3C58E5B}C:\users\valdodk\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\valdodk\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{43A87A69-C83D-4D0D-98BB-2FAC655ED62A}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"UDP Query User{6BF1FD46-915A-4B70-9EC7-EF1131025AF2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{78E2272F-F083-43E7-A663-69CC11222B4B}C:\program files (x86)\qip infium\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\qip.exe |
"UDP Query User{7F037020-F24B-4B40-999C-D50617410690}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{852A0A1E-7201-4B29-B054-DAB4D18F6FC6}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{BAE06DBB-9ECE-4C2B-ABB5-FB6CE2ABFBAA}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{BB858C55-A837-4625-A016-442500A8EE34}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{C28F8A9A-BCAE-40BD-8F77-5F453BF00769}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"UDP Query User{C3159DA9-ACE2-4389-B6FF-E89D277EA380}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{EAAEDE81-963E-4514-8B81-3F476FD83F61}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{F8B55E2C-26B9-40A2-BCEC-B4BA7F3E2C97}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{FB5C6ACB-0C97-49F1-8CF0-A8F2B8319314}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{FE8ED40A-1F00-453A-9681-D5EB25C7E427}C:\users\valdodk\games\wow\launcher.exe" = protocol=17 | dir=in | app=c:\users\valdodk\games\wow\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{1336D61B-1D48-4E5C-9E39-35444B00EE3D}" = FastAccess
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8C69B19F-71DF-F80F-0C2F-56E9FE5C95CB}" = WMV9/VC-1 Video Playback
"{8E3ECAA6-4975-17E7-E443-960F8E3F9136}" = ccc-utility64
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 5.1
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-041B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Slovak) 2007
"{90A1F0ED-BC6F-EBD4-2101-885AB084499C}" = ATI Catalyst Install Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D6AC2EA5-4332-4F5E-946E-34F37FD96597}" = ESET NOD32 Antivirus
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Support Center" = Dell Support Center
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"proDAD-Adorage-3.0" = proDAD Adorage 3.0 (64bit)
"SynTPDeinstKey" = Dell Touchpad
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02C0A02E-AB30-446C-B4C3-A03310D95F53}" = Windows Live UX Platform Language Pack
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312
"{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{223FCFAC-C5B7-BACB-4D1C-634936AA468F}" = Muse (code name)
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22D90DD2-8654-4E8A-B2F1-B6B86A2BF390}" = UDF Reader 5.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{293F82CD-1BE8-03BC-DBAD-903388CFBB62}" = Catalyst Control Center Localization All
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
"{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5A07D8BC-C982-43B3-B24F-6FD8D6E89F02}_is1" = FileServe Manager 1.0.0.3394
"{5A4FB792-D98F-409C-24B6-BD2A80D30E3A}" = Catalyst Control Center Graphics Previews Common
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61DF2893-0069-4E50-A02E-3A41A97CB1B4}" = ROCCAT Arvo Keyboard Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AE22174-4FFA-4572-B692-31F0C386ED38}" = Consolas Font Family
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{896C5024-AA39-12E8-D6C2-D818B7E3D58F}" = CCC Help English
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0015-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-040E-0000-0000000FF1CE}_ENTERPRISE_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-041B-1000-0000000FF1CE}_ENTERPRISE_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-0044-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}_ENTERPRISE_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2007
"{90120000-00A1-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2007
"{90120000-00BA-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A22BB09-8086-691D-F409-3AF74D9E3BF0}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A6B7D41E-CF29-4620-B87E-AB97EBF1D2C3}" = WebEx Support Manager for Firefox or Chrome
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADEEF3E4-15A4-F286-38EE-675A8EF0212B}" = Catalyst Control Center InstallProxy
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{BC7BED89-618B-4E89-8ADF-75D47F276223}" = Pinnacle Studio 15 Ultimate Collection Plugins
"{BE841724-78F0-44D6-B6C4-C3D53708293B}" = Content Manager Assistant for PlayStation(R)
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C73A1EF0-9AC3-466C-918B-6684E594B039}_is1" = Embarcadero Delphi 2010
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD821A33-8893-437B-B883-23768C3EDB9B}" = Mobile Mouse Server
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Corporate Edition
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FC030CB5-46A6-4229-AD6E-0AC869F509C8}" = Pinnacle Studio Bonus Content
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AdobeMuse" = Muse (code name)
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Any Weblock_is1" = Any Weblock 1.1.0
"Ardamax Keylogger 3.8.9" = Ardamax Keylogger 3.8.9
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.0
"Ashampoo1.0" = Ashampoo
"AviSynth" = AviSynth 2.5
"Axxa's World of Warcraft Logo Creator v1.2" = Axxa's World of Warcraft Logo Creator v1.2
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Complitly_is1" = Complitly
"Contour Storyteller 3.2.4" = Contour Storyteller
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"FlashGet(JetCar)" = FlashGet(JetCar)
"foobar2000" = foobar2000 v1.1.7
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"JpegResampler2010_is1" = Jpeg Resampler Vs 6+
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Knoll Light Factory EZ Studio 15" = Knoll Light Factory EZ Studio 15
"Magic Bullet Looks Studio 15" = Magic Bullet Looks Studio 15
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 9.0.1 (x86 sk)" = Mozilla Firefox 9.0.1 (x86 sk)
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"Rainmeter" = Rainmeter
"RapidShare Manager" = RapidShare Manager
"Red Giant ToonIt Studio 15" = Red Giant ToonIt Studio 15
"SAM3" = SAM Broadcaster (remove only)
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Totalcmd" = Total Commander (Remove or Repair)
"Trapcode 3DStroke Studio 15" = Trapcode 3DStroke Studio 15
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio 15" = Trapcode Shine Studio 15
"Umíme to s Delphi_is1" = 1.1.13.574
"VLC media player" = VLC media player 2.0.1
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.5.0
"WinLiveSuite" = Windows Live Essentials
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"XiphQT" = Xiph QuickTime Components

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7f4182272b52fd8f" = CZShare Manager
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"QIP 2012" = QIP 2012 4.0.7221
"QIP Infium" = QIP Infium 3.0.9044
"QipGuard" = QIP Internet Guardian
"SliderDemo" = SliderDemo
"SliderDemo2" = SliderDemo2
"Xilisoft Audio Converter 6" = Xilisoft Audio Converter 6

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31. 8. 2012 15:33:31 | Computer Name = valdoDK-XPS | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1. 9. 2012 7:39:45 | Computer Name = valdoDK-XPS | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1. 9. 2012 7:39:45 | Computer Name = valdoDK-XPS | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1. 9. 2012 16:52:51 | Computer Name = valdoDK-XPS | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1. 9. 2012 16:52:51 | Computer Name = valdoDK-XPS | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2. 9. 2012 6:06:23 | Computer Name = valdoDK-XPS | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2. 9. 2012 6:06:24 | Computer Name = valdoDK-XPS | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2. 9. 2012 11:28:54 | Computer Name = valdoDK-XPS | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2. 9. 2012 11:28:54 | Computer Name = valdoDK-XPS | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 3. 9. 2012 6:42:15 | Computer Name = valdoDK-XPS | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 3. 9. 2012 6:42:15 | Computer Name = valdoDK-XPS | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

[ OSession Events ]
Error - 18. 10. 2011 16:43:25 | Computer Name = valdoDK-XPS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3078
seconds with 1560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2. 9. 2012 11:22:58 | Computer Name = valdoDK-XPS | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\CLBStor.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 2. 9. 2012 11:23:01 | Computer Name = valdoDK-XPS | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\CLBStor.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 2. 9. 2012 11:23:05 | Computer Name = valdoDK-XPS | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\CLBUDFR.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 2. 9. 2012 11:23:05 | Computer Name = valdoDK-XPS | Source = Service Control Manager | ID = 7000
Description = Spustenie služby CyberLink UDF Filesystem zlyhalo kvôli nasledujúcej
chybe: %%1275

Error - 2. 9. 2012 11:24:45 | Computer Name = valdoDK-XPS | Source = Service Control Manager | ID = 7022
Description = Služba HP CUE DeviceDiscovery Service sa pri spustení zablokovala.

Error - 3. 9. 2012 6:37:51 | Computer Name = valdoDK-XPS | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\CLBStor.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3. 9. 2012 6:37:53 | Computer Name = valdoDK-XPS | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\CLBStor.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3. 9. 2012 6:37:56 | Computer Name = valdoDK-XPS | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\CLBUDFR.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3. 9. 2012 6:37:56 | Computer Name = valdoDK-XPS | Source = Service Control Manager | ID = 7000
Description = Spustenie služby CyberLink UDF Filesystem zlyhalo kvôli nasledujúcej
chybe: %%1275

Error - 3. 9. 2012 6:39:32 | Computer Name = valdoDK-XPS | Source = Service Control Manager | ID = 7022
Description = Služba HP CUE DeviceDiscovery Service sa pri spustení zablokovala.


< End of report >

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
  IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
  IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
  IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  IE - HKLM\..\SearchScopes\{6A569BBA-2CAA-491D-8263-C235F04140A2}: "URL" = http://www.toggle.com/en/index.php?rvs=google
  IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
  IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?si=10197&home=1
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 12 77 20 57 FB CA 01 [binary data]
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10197&home=1
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?si=10197&home=1
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\URLSearchHook: - No CLSID value found
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\valdoDK\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{6A569BBA-2CAA-491D-8263-C235F04140A2}: "URL" = http://www.toggle.com/en/index.php?rvs=google
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{9DF93426-E4C4-4DD7-BE60-F4804B789495}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
  IE - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
  FF - prefs.js..browser.search.defaultengine: "Complitly"
  FF - prefs.js..browser.search.defaultenginename: "QIP Search"
  FF - prefs.js..browser.search.order.1: "Complitly"
  FF - prefs.js..browser.search.selectedEngine: "QIP Search"
  FF - prefs.js..browser.search.useDBForOrder: false
  FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
  [2011/06/16 01:19:42 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\valdoDK\AppData\Roaming\mozilla\Firefox\Profiles\3fbhgvq9.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
  [2011/11/30 15:30:06 | 000,002,062 | ---- | M] () -- C:\Users\valdoDK\AppData\Roaming\Mozilla\Firefox\Profiles\3fbhgvq9.default\searchplugins\qip-search.xml
  O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
  O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\valdoDK\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
  O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
  O3 - HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
  O4 - HKLM..\Run: [svcnet2] C:\Windows\svcnet2\svcnet2.exe File not found
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O1364bit: - gopher Prefix: missing
  O13 - gopher Prefix: missing
  O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
  O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
  O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
  O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
  O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
  O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Users\valdoDK\Desktop\SkypePTT\Skype4COM.dll File not found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  O33 - MountPoints2\{71f07233-ce62-11df-a644-002219da070c}\Shell - "" = AutoRun
  O33 - MountPoints2\{a3905757-675f-11df-806b-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{bb54a8c3-b884-11e0-974e-002219da070c}\Shell - "" = AutoRun
  O33 - MountPoints2\{bb54a8cf-b884-11e0-974e-002219da070c}\Shell - "" = AutoRun
  O33 - MountPoints2\{c70cc838-4fdc-11e1-90c7-002219da070c}\Shell - "" = AutoRun
  O33 - MountPoints2\{cfaef500-6218-11e1-80fe-002219da070c}\Shell - "" = AutoRun
  O33 - MountPoints2\{f8b05c39-b923-11e0-b5fd-002219da070c}\Shell - "" = AutoRun
  O33 - MountPoints2\{f8b05c3b-b923-11e0-b5fd-002219da070c}\Shell - "" = AutoRun
  [2011/07/28 16:14:14 | 000,000,000 | ---- | C] () -- C:\Users\valdoDK\AppData\Local\{C8234974-37F9-4427-84B3-27BA4A8CF7C8}
  [2011/07/20 23:45:23 | 000,020,992 | ---- | C] () -- C:\Users\valdoDK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  [7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
  [12 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
  [1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
  [2012/09/02 00:34:01 | 000,001,028 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001Core.job
  [2012/09/02 21:34:01 | 000,001,050 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001UA.job
  [2012/09/03 12:38:25 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  [2012/09/03 12:45:03 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  [2012/09/02 02:34:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001Core.job
  [2012/09/03 13:34:11 | 000,000,954 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001UA.job
  @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1C422577
  
  :services
  QipGuard
  gupdate
  gupdatem
  
  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "LogMeIn GUI"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "QIP Internet Guardian"=-
  "Google Update"=-
  "Facebook Update"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
  [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
  ""=-
  "FAStartup"=-
  "SunJavaUpdateSched"=-
  "QuickTime Task"=-
  "iTunesHelper"=-
  "svcnet2"=-
  
  :files
  C:\Windows\svcnet2
  C:\Program Files (x86)\BitTorrentBar
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Tu je log


All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A569BBA-2CAA-491D-8263-C235F04140A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A569BBA-2CAA-491D-8263-C235F04140A2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1012519688-2421850716-3688177861-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll not found.
Registry value HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
C:\Users\valdoDK\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A569BBA-2CAA-491D-8263-C235F04140A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A569BBA-2CAA-491D-8263-C235F04140A2}\ not found.
Registry key HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9DF93426-E4C4-4DD7-BE60-F4804B789495}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DF93426-E4C4-4DD7-BE60-F4804B789495}\ not found.
Registry key HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Complitly" removed from browser.search.defaultengine
Prefs.js: "QIP Search" removed from browser.search.defaultenginename
Prefs.js: "Complitly" removed from browser.search.order.1
Prefs.js: "QIP Search" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.useDBForOrder
Prefs.js: "http://search.qip.ru/search?from=FF&query=" removed from keyword.URL
C:\Users\valdoDK\AppData\Roaming\mozilla\Firefox\Profiles\3fbhgvq9.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\defaults\preferences folder moved successfully.
C:\Users\valdoDK\AppData\Roaming\mozilla\Firefox\Profiles\3fbhgvq9.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\defaults folder moved successfully.
C:\Users\valdoDK\AppData\Roaming\mozilla\Firefox\Profiles\3fbhgvq9.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome\content folder moved successfully.
C:\Users\valdoDK\AppData\Roaming\mozilla\Firefox\Profiles\3fbhgvq9.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome folder moved successfully.
C:\Users\valdoDK\AppData\Roaming\mozilla\Firefox\Profiles\3fbhgvq9.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} folder moved successfully.
C:\Users\valdoDK\AppData\Roaming\Mozilla\Firefox\Profiles\3fbhgvq9.default\searchplugins\qip-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
File C:\Users\valdoDK\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll not found.
Registry value HKEY_USERS\S-1-5-21-1012519688-2421850716-3688177861-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
File C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svcnet2 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ deleted successfully.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Users\valdoDK\Desktop\SkypePTT\Skype4COM.dll File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71f07233-ce62-11df-a644-002219da070c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71f07233-ce62-11df-a644-002219da070c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3905757-675f-11df-806b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3905757-675f-11df-806b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb54a8c3-b884-11e0-974e-002219da070c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb54a8c3-b884-11e0-974e-002219da070c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb54a8cf-b884-11e0-974e-002219da070c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb54a8cf-b884-11e0-974e-002219da070c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c70cc838-4fdc-11e1-90c7-002219da070c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c70cc838-4fdc-11e1-90c7-002219da070c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfaef500-6218-11e1-80fe-002219da070c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfaef500-6218-11e1-80fe-002219da070c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8b05c39-b923-11e0-b5fd-002219da070c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8b05c39-b923-11e0-b5fd-002219da070c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8b05c3b-b923-11e0-b5fd-002219da070c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8b05c3b-b923-11e0-b5fd-002219da070c}\ not found.
C:\Users\valdoDK\AppData\Local\{C8234974-37F9-4427-84B3-27BA4A8CF7C8} moved successfully.
C:\Users\valdoDK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16DB.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3916.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5984.tmp\System.Design.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5984.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP72DE.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA315.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2244.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP58AC.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP61B0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6A4.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP84BD.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP96D5.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA0FF.tmp\mscorlib.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA0FF.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC5D1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC88E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE5C0.tmp\System.Runtime.Serialization.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE5C0.tmp folder deleted successfully.
C:\Windows\Installer\MSIFD9B.tmp deleted successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001Core.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001Core.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012519688-2421850716-3688177861-1001UA.job moved successfully.
ADS C:\ProgramData\TEMP:1C422577 deleted successfully.
========== SERVICES/DRIVERS ==========
Service QipGuard stopped successfully!
Service QipGuard deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LogMeIn GUI not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\svcnet2 not found.
========== FILES ==========
C:\Windows\svcnet2 folder moved successfully.
C:\Program Files (x86)\BitTorrentBar folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: valdoDK
->Temp folder emptied: 3895479 bytes
->Temporary Internet Files folder emptied: 281262 bytes
->Java cache emptied: 14949507 bytes
->FireFox cache emptied: 53191580 bytes
->Google Chrome cache emptied: 267257393 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 56996 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19503 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67736 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 324,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: valdoDK
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: valdoDK
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09032012_231835

Files\Folders moved on Reboot...
C:\Users\valdoDK\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Jak se chova PC

Vsetko bezi ako ma, nevidim nikde ziadny problem Vtedy bezal tiez v pohode, takze ci sa nieco zmenilo asi uvidim az po nejakej dobe pouzivania Boli tam nejake vacsie necistoty?

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Byly tam spise zbytecnosti a prazdne zapisy v registru. Chce to cist co odsouhlasujete pri instalaci ruznych programu atd. Hodne jich nuti dalsi doplnky a zbytecnosti.

A pokud nejsou problemy ci dotazy, je to z me strany vse