prosím o radu se spywarem

Zpráva

#16 Příspěvek od **vyosek** » 24 lis 2012 09:07

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

tob2 · #17 Příspěvek od **tob2** » 24 lis 2012 14:42

Dobrý den, včera jsem restartoval počítač a je vše v pořádku.
OTL.txt
OTL logfile created on: 11/24/2012 2:02:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tomas\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 56.91% Memory free
5.99 Gb Paging File | 4.21 Gb Available in Paging File | 70.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.80 Gb Total Space | 232.22 Gb Free Space | 82.70% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.14 Gb Free Space | 57.12% Space Free | Partition Type: FAT32

Computer Name: TOMAS-PC | User Name: Tomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012/11/24 13:56:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tomas\Downloads\OTL.exe
PRC - [2012/11/15 02:28:02 | 001,437,464 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/11/15 02:28:00 | 000,701,720 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/11/14 16:07:20 | 000,962,888 | ---- | M] () -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
PRC - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
PRC - [2012/08/23 20:16:15 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/08/20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccsvchst.exe
PRC - [2012/01/16 23:17:34 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 16:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/16 21:30:12 | 002,691,072 | ---- | M] ( ) -- C:\Program Files\landi 11\Landi11.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/08/05 21:00:42 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/08/05 21:00:42 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\stacsv.exe
PRC - [2009/07/30 15:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/30 15:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/30 15:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/29 16:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/29 16:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/27 23:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/27 16:52:16 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/06/18 17:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/04/03 11:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/03/02 22:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\AEstSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/19 16:10:03 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/19 13:23:04 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/19 13:22:39 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/19 13:22:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/19 13:22:23 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/19 13:22:04 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/19 13:21:20 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/19 13:21:10 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/19 13:21:05 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\dc28c9f7d8d36447c704c0ef119df673\UIAutomationTypes.ni.dll
MOD - [2012/11/19 13:21:00 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/19 13:20:41 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/19 13:20:31 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/19 13:20:22 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/19 13:20:19 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/19 13:20:05 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/14 16:07:20 | 000,962,888 | ---- | M] () -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
MOD - [2012/10/12 12:01:58 | 000,776,192 | ---- | M] () -- C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2012/07/25 13:27:38 | 000,036,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/03/02 11:40:52 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/11/13 03:37:03 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/13 02:54:29 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/05 02:53:44 | 000,237,568 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_cs_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/11/05 02:53:43 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_cs_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2010/11/05 02:53:33 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_cs_b77a5c561934e089\System.resources.dll
MOD - [2010/09/27 20:24:50 | 000,221,184 | ---- | M] () -- c:\Program Files\landi 11\lame_enc.dll
MOD - [2010/09/27 20:24:50 | 000,028,672 | ---- | M] () -- c:\Program Files\landi 11\msghoo32.ocx
MOD - [2010/04/25 20:22:40 | 001,736,704 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/04/25 20:22:40 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/04/25 20:22:40 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:40 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/04/25 20:22:40 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:40 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:40 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:40 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/04/25 20:22:40 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:40 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:39 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:39 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:39 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/04/25 20:22:39 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:39 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:39 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:38 | 000,950,272 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:38 | 000,782,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:38 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:38 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/04/25 20:22:38 | 000,360,448 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3497.38851__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:38 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:38 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/04/25 20:22:38 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:38 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:38 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:38 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:38 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:38 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:38 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:37 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:37 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/04/25 20:22:37 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/04/25 20:22:37 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/04/25 20:22:37 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/04/25 20:22:37 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/04/25 20:22:37 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/04/25 20:22:37 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/04/25 20:22:37 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/04/25 20:22:37 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/04/25 20:22:37 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/04/25 20:22:37 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/04/25 20:22:36 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/04/25 20:22:36 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/04/25 20:22:36 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/04/25 20:22:36 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/04/25 20:22:36 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/04/25 20:22:36 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/04/25 20:22:36 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/04/25 20:22:36 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/04/25 20:22:36 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/04/25 20:22:36 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/04/25 20:22:36 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/04/25 20:22:36 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/04/25 20:22:36 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/04/25 20:22:36 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/04/25 20:22:36 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/04/25 20:22:36 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/04/25 20:22:36 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/04/25 20:22:36 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/04/25 20:22:36 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/04/25 20:22:36 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/04/25 20:22:35 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/04/25 20:22:35 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/04/25 20:22:35 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/04/25 20:22:35 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/04/25 20:22:35 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/04/25 20:22:35 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/04/25 20:22:35 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/04/25 20:22:35 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/04/25 20:22:35 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/04/25 20:22:35 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/04/25 20:22:35 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/04/25 20:22:35 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/04/25 20:22:35 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/04/25 20:22:35 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/04/25 20:22:35 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/04/25 20:22:35 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/04/25 20:22:35 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/04/25 20:22:35 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/04/25 20:22:34 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/04/25 20:22:34 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/04/25 20:22:34 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll
MOD - [2010/04/25 20:22:34 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/04/25 20:22:34 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/04/25 20:22:34 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/04/25 20:22:34 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/04/25 20:22:34 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/04/25 20:22:34 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/04/25 20:22:34 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/04/25 20:22:34 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/04/25 20:22:34 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/04/25 20:22:34 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/04/25 20:22:34 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/07/30 15:49:52 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/16 01:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/16 01:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/16 01:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/16 01:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/16 01:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/16 01:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/16 01:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/16 01:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/17 19:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 19:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 19:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/11 00:30:18 | 000,098,304 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2005/01/02 09:22:48 | 000,776,192 | ---- | M] () -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart -- (myAgtSvc)
SRV - [2012/11/15 02:28:00 | 000,701,720 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (ADBlockerSrv)
SRV - [2012/07/13 12:28:32 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2012/06/14 23:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/05/22 20:03:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/05 21:00:42 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\stacsv.exe -- (STacSV)
SRV - [2009/07/30 15:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/29 16:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/27 16:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/20 10:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/18 17:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 19:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/03/02 22:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\AEstSrv.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\sicr.sys -- (xqmb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\N360\0308030.006\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\N360\0308030.006\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\mfehidk.sys -- (mfehidk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tomas\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/20 23:26:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2012/11/18 22:28:21 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121122.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/11/18 22:28:21 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121122.020\NAVENG.SYS -- (NAVENG)
DRV - [2012/11/07 08:16:20 | 000,022,864 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdrs.sys -- (asdrs)
DRV - [2012/11/07 08:16:20 | 000,014,160 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdws.sys -- (asdws)
DRV - [2012/11/07 08:16:18 | 000,016,208 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\System32\drivers\asdrm.sys -- (asdrm)
DRV - [2012/10/24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121106.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/07 13:52:04 | 000,015,696 | ---- | M] () [File_System | System | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys -- (asdnet)
DRV - [2012/09/01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121122.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/09 11:17:14 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 11:17:14 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/10 13:54:45 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/07/06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)
DRV - [2012/07/06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/05/22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)
DRV - [2012/03/29 07:28:38 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symnets.sys -- (SymNetS)
DRV - [2012/03/29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS)
DRV - [2012/03/29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/08/05 21:00:42 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/30 05:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/27 16:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/23 19:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/20 10:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/08 21:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/08 21:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009/06/30 13:01:14 | 000,118,656 | ---- | M] (Ricoh co.,Ltd.) [2 MP series] [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U876.sys -- (5U876UVC)
DRV - [2009/05/16 02:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 02:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 02:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 02:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/05/04 17:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/04/29 16:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKLM\..\URLSearchHook: {3cb37734-f8da-48ef-89e2-f393f707e839} - C:\Program Files\Security_Stronghold\prxtbSecu.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\URLSearchHook: {3cb37734-f8da-48ef-89e2-f393f707e839} - C:\Program Files\Security_Stronghold\prxtbSecu.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTe ... 4ce54c3b48
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?cl ... underscore}
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... PT_csCZ423
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DB51 ... 2012-07-12 12:35:04&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{A34045D1-713C-42D6-D900-14720FBD9817}: "URL" = http://torrentreactor.wyzostart.com/s/? ... 56-0-1FchS
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3231225.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Security Stronghold Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT32312 ... CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.2.1.265
FF - prefs.js..extensions.enabledAddons: {3cb37734-f8da-48ef-89e2-f393f707e839}:10.13.40.15
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... ource=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/11/18 22:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/11/24 13:44:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 10:26:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/08/10 11:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Extensions
[2012/11/22 22:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions
[2012/11/22 22:54:27 | 000,000,000 | ---D | M] (Security Stronghold) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}
[2012/11/19 11:23:53 | 000,000,000 | ---D | M] (Ask.com Toolbar) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com
[2012/11/23 00:11:35 | 000,001,068 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\searchplugins\security-stronghold-customized-web-search.xml
[2012/07/17 10:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2012/06/15 01:05:40 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012/06/15 01:05:40 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012/06/15 01:05:40 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012/06/15 01:05:41 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012/06/15 01:05:41 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\

O1 HOSTS File: ([2012/11/23 20:55:16 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ADBlocker] C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe" File not found
O4 - HKLM..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" File not found
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Landi 11.lnk = C:\Program Files\landi 11\Landi11.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll ()
O9 - Extra 'Tools' menuitem : Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45665087-B079-459D-974E-1F1BDA8E8A5A}: DhcpNameServer = 172.25.8.83 172.25.8.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{803E84C6-BF29-4220-9574-B2015D63724F}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.329.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.SCPR - C:\windows\System32\SCPR.DLL (Infognition Co. Ltd.)
Drivers32: VIDC.X264 - C:\windows\System32\x264vfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012/11/23 23:27:31 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verdict Free
[2012/11/23 23:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verdict Free
[2012/11/23 23:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Verdict Free
[2012/11/23 22:21:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/23 22:19:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/23 22:19:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/23 22:19:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/23 22:11:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/23 00:17:56 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/22 22:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/11/22 22:55:44 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Local\Conduit
[2012/11/22 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Security_Stronghold
[2012/11/22 22:54:46 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Local\CRE
[2012/11/20 23:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/11/20 23:57:22 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Roaming\IObit
[2012/11/20 23:26:40 | 000,000,000 | ---D | C] -- C:\Users\Tomas\Desktop\RK_Quarantine
[2012/11/19 11:27:27 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Roaming\Anvisoft
[2012/11/19 11:27:07 | 000,022,864 | ---- | C] (Anvisoft) -- C:\windows\System32\drivers\asdrs.sys
[2012/11/19 11:27:07 | 000,016,208 | ---- | C] (Anvisoft) -- C:\windows\System32\drivers\asdrm.sys
[2012/11/19 11:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2012/11/19 11:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2012/11/19 11:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2012/11/19 11:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/11/19 10:12:03 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2012/11/19 10:12:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2012/11/19 10:09:41 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2012/11/19 10:09:37 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2012/11/19 10:09:36 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2012/11/19 10:08:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/11/19 10:08:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/11/19 10:08:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/11/19 10:08:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/11/19 10:08:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/11/19 10:08:29 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/11/19 10:08:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/11/19 10:08:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/11/18 22:32:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2012/11/18 22:32:27 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcorehc.dll
[2012/11/18 22:32:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll
[2012/11/18 22:30:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\synceng.dll
[2012/11/18 22:30:15 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/11/18 22:30:02 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcore6.dll
[2012/11/18 22:30:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcsvc6.dll
[2012/11/18 22:27:34 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Roaming\Malwarebytes
[2012/11/18 22:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/17 21:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/11/17 21:06:38 | 000,000,000 | ---D | C] -- C:\rsit
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Tomas\AppData\Local\*.tmp files -> C:\Users\Tomas\AppData\Local\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012/11/24 14:04:51 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/11/24 13:52:21 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 13:52:21 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 13:43:58 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cd0e9e608b0d21.job
[2012/11/24 13:43:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/24 13:43:43 | 2413,453,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/24 00:20:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/23 23:27:31 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Verdict Free.lnk
[2012/11/22 22:57:26 | 000,000,009 | ---- | M] () -- C:\END
[2012/11/22 21:17:56 | 000,025,434 | ---- | M] () -- C:\Users\Tomas\Desktop\15.pdf
[2012/11/21 00:59:09 | 000,008,212 | ---- | M] () -- C:\windows\mfebcdata
[2012/11/20 23:26:46 | 000,014,336 | ---- | M] () -- C:\windows\System32\drivers\TrueSight.sys
[2012/11/19 13:14:57 | 000,490,608 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/19 12:46:27 | 000,003,792 | ---- | M] () -- C:\{8BBEAE20-D621-4389-AD53-B8CDB2D2CDBE}
[2012/11/19 11:22:11 | 000,000,164 | ---- | M] () -- C:\windows\install.dat
[2012/11/19 10:22:58 | 000,631,292 | ---- | M] () -- C:\windows\System32\perfh005.dat
[2012/11/19 10:22:58 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/19 10:22:58 | 000,121,914 | ---- | M] () -- C:\windows\System32\perfc005.dat
[2012/11/19 10:22:58 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Tomas\AppData\Local\*.tmp files -> C:\Users\Tomas\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/24 14:04:51 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/11/23 23:27:30 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Verdict Free.lnk
[2012/11/23 22:19:05 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/23 22:19:05 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/23 22:19:05 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/23 22:19:05 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/23 22:19:05 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/22 22:57:25 | 000,000,009 | ---- | C] () -- C:\END
[2012/11/22 21:17:56 | 000,025,434 | ---- | C] () -- C:\Users\Tomas\Desktop\15.pdf
[2012/11/21 00:59:09 | 000,008,212 | ---- | C] () -- C:\windows\mfebcdata
[2012/11/20 23:26:46 | 000,014,336 | ---- | C] () -- C:\windows\System32\drivers\TrueSight.sys
[2012/11/19 12:46:26 | 000,003,792 | ---- | C] () -- C:\{8BBEAE20-D621-4389-AD53-B8CDB2D2CDBE}
[2012/11/19 11:27:07 | 000,014,160 | ---- | C] () -- C:\windows\System32\drivers\asdws.sys
[2012/11/19 11:22:09 | 000,000,164 | ---- | C] () -- C:\windows\install.dat
[2012/11/19 10:12:16 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/19 10:09:35 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/06/09 13:16:42 | 000,000,218 | ---- | C] () -- C:\Users\Tomas\.recently-used.xbel
[2012/01/02 11:45:13 | 000,000,000 | ---- | C] () -- C:\Users\Tomas\AppData\Local\{3107B721-4455-42AF-8BD6-35DE28E184BD}
[2011/12/29 21:50:58 | 000,000,000 | ---- | C] () -- C:\Users\Tomas\AppData\Local\{5E1C3EC7-1E5C-4F15-9C3E-320BD0F2EAAB}
[2011/12/09 22:43:34 | 000,000,176 | ---- | C] () -- C:\windows\ODBC.INI
[2011/04/04 17:09:39 | 000,000,359 | ---- | C] () -- C:\Users\Tomas\Počítač – zástupce.lnk
[2011/03/15 19:55:27 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/16 21:30:13 | 002,691,072 | ---- | C] ( ) -- C:\windows\ulandi.exe
[2010/05/21 10:39:37 | 000,004,608 | ---- | C] () -- C:\Users\Tomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

tob2 · #18 Příspěvek od **tob2** » 24 lis 2012 14:49

========== LOP Check ==========

[2012/11/19 11:27:27 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Anvisoft
[2011/03/08 17:20:35 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Artweaver
[2011/12/09 19:11:25 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Babylon
[2012/10/27 19:49:30 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\ChessBase
[2012/06/09 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\CintaNotes
[2010/08/27 14:16:45 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Clickteam
[2012/06/09 13:45:17 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Design Science
[2011/12/09 22:46:54 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\GianPaoloSaliola
[2012/06/09 13:15:33 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\gtk-2.0
[2012/11/20 23:57:22 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\IObit
[2012/06/09 13:16:42 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\keepnote
[2011/12/09 22:41:39 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Map Maker
[2012/06/09 13:33:54 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Math Mechanixs
[2010/08/10 11:31:23 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Radical Software Ltd
[2012/05/08 22:20:45 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\RegistryKeys
[2012/04/02 20:26:56 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\SPE

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009/07/14 05:53:46 | 000,032,566 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2011/03/15 19:40:11 | 000,000,186 | ---- | C] () -- C:\windows\Tasks\{1B60B4E4-394C-4FBA-AB32-9C4021774DF9}.job
[2011/03/15 19:47:22 | 000,000,546 | ---- | C] () -- C:\windows\Tasks\{5A483B7F-7467-4A8E-842E-D974BA11704C}.job
[2011/10/18 11:05:10 | 000,000,940 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/03/30 18:56:05 | 000,000,936 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0e9e608b0d21.job
[2012/09/03 21:18:00 | 000,000,320 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForTomas.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010/11/20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 05:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2012/08/22 18:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011/04/25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2012/03/30 11:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/04/25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 05:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 10:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2010/06/14 07:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2012/08/22 18:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2010/06/14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2012/10/03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2012/10/03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\System32\drivers\tcpip.sys
[2012/10/03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012/03/30 11:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[11 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/06/30 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Adobe
[2012/11/19 11:27:27 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Anvisoft
[2011/03/08 17:20:35 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Artweaver
[2010/04/25 13:54:18 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\ATI
[2011/12/09 19:11:25 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Babylon
[2012/10/27 19:49:30 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\ChessBase
[2012/06/09 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\CintaNotes
[2010/08/27 14:16:45 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Clickteam
[2012/06/09 13:45:17 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Design Science
[2011/12/09 22:46:54 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\GianPaoloSaliola
[2011/03/15 19:48:59 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Google
[2012/01/16 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\GRETECH
[2012/06/09 13:15:33 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\gtk-2.0
[2010/12/16 15:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Hewlett-Packard
[2010/05/05 08:53:32 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\HP Support Assistant
[2010/04/25 13:45:09 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\HP TCS
[2010/04/25 13:33:32 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\hpqLog
[2010/05/05 08:53:33 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\HpUpdate
[2010/04/25 13:53:01 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Identities
[2010/04/25 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\InstallShield
[2012/11/20 23:57:22 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\IObit
[2012/06/09 13:16:42 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\keepnote
[2010/04/25 13:59:31 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Macromedia
[2012/11/18 22:27:34 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Malwarebytes
[2011/12/09 22:41:39 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Map Maker
[2012/06/09 13:33:54 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Math Mechanixs
[2012/09/18 22:15:53 | 000,000,000 | --SD | M] -- C:\Users\Tomas\AppData\Roaming\Microsoft
[2012/07/17 10:27:08 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Mozilla
[2012/06/04 22:35:17 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Mozilla-Cache
[2010/08/10 11:31:23 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Radical Software Ltd
[2012/05/08 22:20:45 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\RegistryKeys
[2010/09/12 09:49:24 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Roxio
[2012/11/24 14:02:32 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Skype
[2012/09/02 15:06:45 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\skypePM
[2012/04/02 20:26:56 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\SPE
[2010/12/15 23:57:06 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2011/12/09 22:46:29 | 000,033,329 | R--- | M] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Installer\{20FC916B-FC36-4685-BAD5-F10222147795}\_6FEFF9B68218417F98F549.exe
[2011/12/09 22:46:29 | 000,033,329 | R--- | M] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Installer\{20FC916B-FC36-4685-BAD5-F10222147795}\_A481B4D92D8AF26B4B718F.exe
[2011/12/09 22:46:29 | 000,033,329 | R--- | M] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Installer\{20FC916B-FC36-4685-BAD5-F10222147795}\_C1DCF074C391718A687D4E.exe
[2012/06/24 15:42:09 | 000,001,078 | R--- | M] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_18be6784.exe
[2012/06/24 15:42:08 | 000,001,078 | R--- | M] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_294823.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012/11/24 13:43:58 | 000,000,936 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0e9e608b0d21.job
[2012/11/24 14:20:14 | 000,000,940 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/11/14 21:36:30 | 000,000,320 | ---- | M] () -- C:\windows\Tasks\HPCeeScheduleForTomas.job
[2011/03/15 19:40:11 | 000,000,186 | ---- | M] () -- C:\windows\Tasks\{1B60B4E4-394C-4FBA-AB32-9C4021774DF9}.job
[2011/03/15 19:47:22 | 000,000,546 | ---- | M] () -- C:\windows\Tasks\{5A483B7F-7467-4A8E-842E-D974BA11704C}.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012/11/24 13:52:21 | 000,019,760 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 13:52:21 | 000,019,760 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"HPADVISOR" = "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=DOCKVIEW -- [2009/07/16 01:51:42 | 001,668,664 | ---- | M] (Hewlett-Packard)
"LightScribe Control Panel" = "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden -- [2009/06/17 20:13:36 | 002,363,392 | ---- | M] (Hewlett-Packard Company)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2012/07/13 12:33:50 | 017,419,952 | R--- | M] (Skype Technologies S.A.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012/06/14 23:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) MD5=D3C0837346C49095B8AF9EF54AD7E90A -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012/10/08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2012/10/31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) MD5=D8510C2D48496B6C336E816FD67AA0F7 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012/11/24 14:04:51 | 000,000,512 | ---- | M] () MD5=538859A140BFE9EB9C71AC1E76B64619 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012/02/13 20:58:46 | 000,000,130 | ---- | M] () -- \Users\Tomas\AppData\Local\ChessBase\ServerUserCache\On Crack.PersonalData
[2010/12/16 18:06:20 | 000,000,054 | ---- | M] () -- \Users\Tomas\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SDALKVY\crackle.com\crackleSettings.sol
[2010/12/16 18:06:17 | 000,000,166 | ---- | M] () -- \Users\Tomas\AppData\Roaming\Microsoft\Windows\Cookies\tomas@crackle[2].txt
[2012/01/06 23:56:47 | 000,000,457 | ---- | M] () -- \Users\Tomas\AppData\Roaming\Microsoft\Windows\Cookies\Low\tomas@www.cuntcrack[1].txt

< *keygen* /s >

< *loader* /s >
[2006/10/26 21:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 21:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2009/06/13 17:58:24 | 000,053,511 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_chapter.jpg
[2009/06/13 17:58:24 | 000,053,511 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_menu.jpg
[2009/06/03 07:58:22 | 000,007,270 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1028\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:24 | 000,007,281 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1030\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:26 | 000,007,323 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1031\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:28 | 000,007,283 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1033\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:30 | 000,007,410 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1035\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:32 | 000,007,262 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1036\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:34 | 000,007,305 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1040\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:34 | 000,007,846 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1041\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:36 | 000,007,427 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1042\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:38 | 000,007,400 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1043\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:38 | 000,007,329 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1044\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:40 | 000,007,525 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1046\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:42 | 000,007,290 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1053\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:44 | 000,007,227 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\2052\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:46 | 000,007,578 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\2070\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:48 | 000,007,654 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\3082\Strings\RCMFormatLoaderStrings.xml
[2009/06/13 19:08:26 | 000,215,536 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFileLoader.dll
[2009/06/13 19:08:44 | 000,084,464 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderBMP.dll
[2009/06/13 19:08:52 | 000,072,176 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderECDC.dll
[2009/06/13 19:09:00 | 000,092,656 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderGIF.dll
[2009/06/13 19:09:10 | 000,207,344 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderJPG2.dll
[2009/06/13 19:15:14 | 000,072,176 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderMDC.dll
[2009/06/13 19:09:18 | 000,133,616 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderPNG.dll
[2009/06/13 19:09:28 | 000,104,944 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderTIFF.dll
[2009/06/13 19:12:30 | 000,154,096 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\LeResourceLoader.dll
[2009/07/07 23:04:46 | 000,053,248 | ---- | M] () -- \Program Files\Hewlett-Packard\HP TCS\ContentDownloader.exe
[2009/07/07 22:54:24 | 000,005,974 | ---- | M] () -- \Program Files\Hewlett-Packard\HP TCS\ContentDownloader.exe.config
[2010/11/29 02:07:00 | 000,032,752 | ---- | M] () -- \Program Files\ObjectLand\BIN\Olloader.sll
[2009/06/13 22:26:58 | 000,141,808 | ---- | M] () -- \Program Files\Roxio\VideoCore 10\VOBLoader.ax
[2009/06/13 23:33:42 | 000,170,480 | ---- | M] () -- \Program Files\Roxio\VideoUI 10\DSThemeLoader.dll
[2009/06/13 23:35:06 | 000,113,136 | ---- | M] () -- \Program Files\Roxio\VideoUI 10\DVDFormatLoaderPlugIn.dll
[2009/06/13 23:06:40 | 000,053,511 | R--- | M] () -- \Program Files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_chapter.jpg
[2009/06/13 23:06:40 | 000,053,511 | R--- | M] () -- \Program Files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_menu.jpg
[2009/06/13 23:06:40 | 000,040,000 | R--- | M] () -- \Program Files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_hourglass.jpg
[2012/06/18 11:39:40 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012/06/18 11:39:40 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012/05/10 13:39:46 | 000,002,713 | ---- | M] () -- \Programs\PartyGaming\components\uriloader.xpt
[2012/05/10 14:17:56 | 000,000,857 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\preloader.html
[2012/05/10 14:19:46 | 000,003,948 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\Images\loader.gif
[2012/05/10 14:19:44 | 000,002,086 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\Images\rounded_loader.gif
[2012/05/10 13:42:20 | 000,025,096 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\Uninstall\Preloader.jpg
[2012/06/04 22:33:48 | 000,013,664 | ---- | M] () -- \Programs\PartyGaming\SmartUpgrader\Preloader.jpg
[2009/06/13 17:58:24 | 000,053,511 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_chapter.jpg
[2009/06/13 17:58:24 | 000,053,511 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_menu.jpg
[2009/06/03 07:58:22 | 000,007,270 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1028\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:24 | 000,007,281 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1030\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:26 | 000,007,323 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1031\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:28 | 000,007,283 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1033\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:30 | 000,007,410 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1035\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:32 | 000,007,262 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1036\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:34 | 000,007,305 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1040\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:34 | 000,007,846 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1041\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:36 | 000,007,427 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1042\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:38 | 000,007,400 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1043\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:38 | 000,007,329 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1044\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:40 | 000,007,525 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1046\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:42 | 000,007,290 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1053\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:44 | 000,007,227 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\2052\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:46 | 000,007,578 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\2070\Strings\RCMFormatLoaderStrings.xml
[2009/06/03 07:58:48 | 000,007,654 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\3082\Strings\RCMFormatLoaderStrings.xml
[2009/06/13 19:08:26 | 000,215,536 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\SharedCOM\CPSFileLoader.dll
[2009/06/13 19:08:44 | 000,084,464 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderBMP.dll
[2009/06/13 19:08:52 | 000,072,176 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderECDC.dll
[2009/06/13 19:09:00 | 000,092,656 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderGIF.dll
[2009/06/13 19:09:10 | 000,207,344 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderJPG2.dll
[2009/06/13 19:15:14 | 000,072,176 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderMDC.dll
[2009/06/13 19:09:18 | 000,133,616 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderPNG.dll
[2009/06/13 19:09:28 | 000,104,944 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderTIFF.dll
[2009/06/13 19:12:30 | 000,154,096 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\Common\Roxio Shared\10.0\SharedCOM\LeResourceLoader.dll
[2009/06/13 22:26:58 | 000,141,808 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\program files\Roxio\VideoCore 10\VOBLoader.ax
[2009/06/13 23:33:42 | 000,170,480 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\program files\Roxio\VideoUI 10\DSThemeLoader.dll
[2009/06/13 23:35:06 | 000,113,136 | ---- | M] () -- \swsetup\Roxio\EMC_HP_103\program files\Roxio\VideoUI 10\DVDFormatLoaderPlugIn.dll
[2009/06/13 23:06:40 | 000,053,511 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\program files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_chapter.jpg
[2009/06/13 23:06:40 | 000,053,511 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\program files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_menu.jpg
[2009/06/13 23:06:40 | 000,040,000 | R--- | M] () -- \swsetup\Roxio\EMC_HP_103\program files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_hourglass.jpg
[2012/06/18 11:39:40 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012/06/18 11:39:40 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012/07/09 22:00:48 | 000,829,728 | ---- | M] () -- \Users\Public\Downloads\Norton\{N360621005-SHPD-FSD25037}\N360Downloader.exe
[2012/11/19 20:43:56 | 000,105,903 | ---- | M] () -- \Users\Tomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXXIIK7J\AdLoader-427d9fd2a91e2f2c023aefe9f69a01d0.min[1].js
[2012/11/21 00:47:51 | 000,003,776 | ---- | M] () -- \Users\Tomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6HSM2EZI\Advert.Advantage.Reloader[1].js
[2012/11/20 23:48:04 | 000,002,971 | ---- | M] () -- \Users\Tomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6HSM2EZI\loader[1].gif
[2012/11/19 20:36:42 | 000,000,673 | ---- | M] () -- \Users\Tomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H2MO4LQI\loader.white[1].gif
[2012/11/20 23:51:46 | 000,003,720 | ---- | M] () -- \Users\Tomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H2MO4LQI\loader[1].gif
[2012/11/20 22:54:27 | 000,002,038 | ---- | M] () -- \Users\Tomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MNVVME1K\vbulletin_post_loader[1].js
[2010/09/02 11:08:51 | 000,000,054 | ---- | M] () -- \Users\Tomas\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SDALKVY\media.mtvnservices.com\player\loader\loaderLogging.sol
[2010/09/07 11:36:06 | 000,000,054 | ---- | M] () -- \Users\Tomas\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SDALKVY\media.mtvu.com\global\apps\player\flex\Loader.swf\loaderLogging.sol
[2011/03/14 18:21:24 | 000,000,060 | ---- | M] () -- \Users\Tomas\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4SDALKVY\miniclip.com\games\kung-fu-statesmen\en\kungfu.swf\MiniclipLoaderAd.sol
[2012/11/11 17:43:40 | 000,000,847 | ---- | M] () -- \Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ac\img\ajax-loader.gif
[2012/11/11 17:43:40 | 000,001,135 | ---- | M] () -- \Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ac\img\loader-icon.png
[2012/11/11 17:43:40 | 000,003,208 | ---- | M] () -- \Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\gf\img\loader.gif
[2012/11/11 17:43:40 | 000,001,849 | ---- | M] () -- \Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\TWITTER\resources\ajax-loader.gif
[2010/04/25 14:12:31 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2012/08/20 18:32:13 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2007/04/30 14:43:12 | 000,009,622 | ---- | M] () -- \Windows\System32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
[2009/07/14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/09/26 02:44:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009/09/26 02:44:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009/09/26 02:44:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2012/07/18 21:18:06 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2012/07/18 21:18:07 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2012/07/18 21:18:07 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009/07/14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/09/26 02:43:20 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009/07/14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 08:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 08:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010/11/20 04:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009/07/14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/18 12:09:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 18:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 18:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 18:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll

========== Files - Unicode (All) ==========
[2012/11/02 18:09:08 | 000,011,806 | ---- | M] ()(C:\Users\Tomas\Documents\????????? ?.docx) -- C:\Users\Tomas\Documents\Запорожец Г.docx
[2012/11/02 18:09:07 | 000,011,806 | ---- | C] ()(C:\Users\Tomas\Documents\????????? ?.docx) -- C:\Users\Tomas\Documents\Запорожец Г.docx

< End of report >

OTL:Extras

OTL Extras logfile created on: 11/24/2012 2:02:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tomas\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 56.91% Memory free
5.99 Gb Paging File | 4.21 Gb Available in Paging File | 70.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.80 Gb Total Space | 232.22 Gb Free Space | 82.70% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.14 Gb Free Space | 57.12% Space Free | Partition Type: FAT32

Computer Name: TOMAS-PC | User Name: Tomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-609705737-2719623672-2951999228-1001\SOFTWARE\Classes\<extension>]
.html [@ = WyzoHTML] -- C:\Program Files\Wyzo\wyzo.exe (Radical Software Ltd.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D636578-5FD1-413B-A7B5-F08F54AA84B8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0FBC0782-5C68-41DA-8B52-C89AFD69C77B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{234D70D2-8380-40E2-8974-445B1790C483}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29098AF9-7595-4119-BEA5-F2DE260F066E}" = rport=138 | protocol=17 | dir=out | app=system |
"{31752B3C-4DC8-4A95-BAF7-E5ACF478D591}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3CC0F3DF-17F9-44A0-B679-6E9C15AC0102}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BF49731-DD9D-452E-9EA0-CA93034D46FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E5F092F-8EDD-49C4-AF4B-7C76451E18C1}" = lport=139 | protocol=6 | dir=in | app=system |
"{6195C31A-145D-4102-963E-8983A481A45F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{61E1EB7C-BAFC-4B7C-812D-E52C56F28329}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{695CB9AB-D063-43E6-B8CC-C32AA713C2FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{718E193D-50BD-451D-B395-C4CF53485091}" = lport=445 | protocol=6 | dir=in | app=system |
"{726B352C-0FDA-463A-BEAD-F035AE89DD81}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{851C6D67-1993-4396-8450-DA876F8AEAF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{898BC211-D150-4872-8B1B-5BAAD23E2FDD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{94A23566-1E0B-4A20-8BD5-EF7767FD7066}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{94BE914A-BA5F-47F7-A111-709A6E3081BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{A26A1C77-87EB-4A10-B7A9-6D3211DDDE43}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A344AA89-E460-48E0-9AD8-3486BE78933F}" = rport=139 | protocol=6 | dir=out | app=system |
"{ACF08EBD-00A8-4C60-BDDD-FB3352DBD55B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BAAD7DC2-1968-410D-AA76-4CF40EC5FDDD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D7EBCC54-5B40-4CB5-8323-5D6E8E293AAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8B507B1-274D-4374-9832-83B9E3CCE39C}" = lport=138 | protocol=17 | dir=in | app=system |
"{DD681084-BCD7-434A-AC6D-4FCD0092656D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EAAE64CD-DDA9-4C67-AFCD-2C7A3D80B260}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F1F2932C-A0F8-4BCD-92BC-07A8AC294D0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F51D82AE-7D2F-4104-8F51-9DB5F0FF48CB}" = rport=137 | protocol=17 | dir=out | app=system |
"{F5505FF8-8E20-4F14-AE60-CA00CD201076}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6F37936-1E8A-4B86-B7F8-220F4CAF5795}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F817A5D1-5A17-4182-9AC1-B6977205C766}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07989B01-161D-4476-A398-57C6F5398F55}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0E6D3FB7-A886-44D1-BE79-EF453D0AEDAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15E0A33B-D84C-40DB-B131-1AFA64B2C8D3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1F49196D-1C14-456D-952A-F27836F3B294}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{212EDACE-6AC1-48A7-8447-7032124DF4E1}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{2AB06061-4488-4963-8DE5-30F505ED5D68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C608340-F54D-4575-A503-0FE8B0D166DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3051856A-DC3A-4744-9F1B-F60DF51D00AD}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{38489469-BBA8-400F-988C-60764716E780}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{38DF0572-C82E-455F-BD91-53271CE9984C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3D1136AE-91F6-4B92-948C-7A428E4C6292}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4EA4160F-7DBA-4CCC-9F9B-C29D1B1DF438}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{4FCAF691-745B-4909-9F0B-F15E57B8A729}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52A9893D-1448-419A-A1AA-0A4855E4B912}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{5AA8DA1A-7DB5-4F51-82E0-9E52D70CCF39}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{5F906CF4-B069-4B54-A75B-FAD6D4E3483B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A0D6EC2-9007-4252-B1B9-B63A68D58A50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FBC5398-7E64-4389-ACEB-CC09E6288C19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7297096C-F581-4A9D-9AA0-76ECCFB9FC9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{76C74A60-19EB-4D42-9C6E-B42536C2ABF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D1315F3-39D9-4BC5-83E7-1DEA5015924D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7F5CD9D7-B6E1-434B-A458-D7A7B2FEAC3F}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{82BF497F-A83A-4801-97EC-DFF5DB1E57CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86034068-CE91-44A0-A3FB-DA81907EA8F2}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{88B82F88-28EA-4119-A2EE-92EF78B1E475}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9006A11F-F358-4330-9526-01029B2F8002}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{97B180CB-1D54-460A-9EFA-50774039B053}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A083B3C6-68C3-442D-9F98-648E9A818644}" = protocol=6 | dir=out | app=system |
"{A9E6BAD2-FA9C-41C3-8AF4-917902ED2476}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{B39D809C-2723-4295-8319-4A334AF45781}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C4BFD852-7CEA-484E-9184-97F2506D615B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C97A3DA5-88F3-46B6-AF7D-D49791FF494E}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{F1785696-8AC5-4F18-BDE2-7A73A739FEB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1AE9F2F-2D5C-4362-8EFC-00A666A114D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F32FA4CD-212F-44FD-8F81-8CBFAA0EC837}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"TCP Query User{A3028FE9-13CF-41D3-89E0-9DCE400EF78A}C:\program files\wyzo\wyzo.exe" = protocol=6 | dir=in | app=c:\program files\wyzo\wyzo.exe |
"UDP Query User{48B6ECDF-C113-4D4F-8A82-9DF9800B4962}C:\program files\wyzo\wyzo.exe" = protocol=17 | dir=in | app=c:\program files\wyzo\wyzo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

tob2 · #19 Příspěvek od **tob2** » 24 lis 2012 14:52

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004739E9-9BBF-4A8B-9FAC-EB7CA5B7A9D9}" = HP User Guides 0136
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{07D53DF5-D72B-DC8B-33DE-EB76124CB972}" = Catalyst Control Center Graphics Light
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0830FBE8-A848-4A37-BF62-D89CB3EF0F60}" = Fritz8
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A3A1D04-4949-40EC-B2A4-E1E801D86365}_is1" = Královna jezer
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1042D525-CF81-9A13-5630-AB5AC3D3AE09}" = CCC Help Thai
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5BC9E5-5FB2-6692-1C1D-575711BD3720}" = CCC Help Russian
"{1D5C9FD8-ECDB-7E56-7B57-98366D31B8F2}" = CCC Help Finnish
"{1D6036BB-7643-4B1E-3DE3-1C117C3BF6FC}" = ATI Catalyst Install Manager
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1D9D8ECA-6C7D-747F-8F66-63B86934578D}" = CCC Help English
"{1E45AB9A-50BC-F6C9-C2A9-D3416216E40A}" = Catalyst Control Center Localization All
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FC916B-FC36-4685-BAD5-F10222147795}" = OkMap
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2DA64F92-DDB0-51AA-144F-AACED3DCF0E6}" = CCC Help Portuguese
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32F44D57-43CE-1E06-FEEA-044C4A2445BE}" = Catalyst Control Center Core Implementation
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{39C86D22-8871-3080-B226-BE3E3F99996A}" = CCC Help Norwegian
"{3ABFC3AE-C403-CDE6-31B8-172B69F91D6F}" = Catalyst Control Center InstallProxy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D530ADE-8F26-D9D4-DAD1-0187DD6B1DF6}" = Catalyst Control Center Graphics Full New
"{4649126F-45B6-47A2-B2A2-FB8FDB2FDE2E}" = Catalyst Control Center - Branding
"{4998A816-9F97-560C-A506-1FB9E5401A0C}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D28DC85-ACC6-DB02-A9C6-7AE2C4918B39}" = CCC Help French
"{4E22DCA2-CC12-DA59-58C7-65DC58F2E3AD}" = Catalyst Control Center Graphics Full Existing
"{511376F5-7E5A-4EC9-B603-193B1D425BC3}" = HP ESU for Microsoft Windows 7
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5AFACEA0-7B2D-F54E-6580-CB1B6CA64A98}" = CCC Help Chinese Standard
"{5ED6730E-22A5-2424-974B-E448394ECAFF}" = Catalyst Control Center Graphics Previews Common
"{5FC9B6E4-E8C2-68C1-849A-7A8913FA68C6}" = CCC Help Greek
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6C5A8BA1-8114-11D5-0090-B800902724B3}" = FIFA 2002
"{6E50488B-742A-2F20-4DC4-8B280CF0FCDD}" = CCC Help Swedish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{7030B452-16AC-0F73-A83A-7EA01D125A74}" = CCC Help Hungarian
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-041A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Croatian) 2007
"{90120000-0015-041A-0000-0000000FF1CE}_PROHYBRIDR_{B53B3C2C-8D03-49E4-90E4-AF6C87F33584}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0015-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0424-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovenian) 2007
"{90120000-0015-0424-0000-0000000FF1CE}_PROHYBRIDR_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Croatian) 2007
"{90120000-0016-041A-0000-0000000FF1CE}_PROHYBRIDR_{B53B3C2C-8D03-49E4-90E4-AF6C87F33584}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0424-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovenian) 2007
"{90120000-0016-0424-0000-0000000FF1CE}_PROHYBRIDR_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Croatian) 2007
"{90120000-0018-041A-0000-0000000FF1CE}_PROHYBRIDR_{B53B3C2C-8D03-49E4-90E4-AF6C87F33584}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0424-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovenian) 2007
"{90120000-0018-0424-0000-0000000FF1CE}_PROHYBRIDR_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-041A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Croatian) 2007
"{90120000-0019-041A-0000-0000000FF1CE}_PROHYBRIDR_{B53B3C2C-8D03-49E4-90E4-AF6C87F33584}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0424-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovenian) 2007
"{90120000-0019-0424-0000-0000000FF1CE}_PROHYBRIDR_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Croatian) 2007
"{90120000-001A-041A-0000-0000000FF1CE}_PROHYBRIDR_{B53B3C2C-8D03-49E4-90E4-AF6C87F33584}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0424-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovenian) 2007
"{90120000-001A-0424-0000-0000000FF1CE}_PROHYBRIDR_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Croatian) 2007
"{90120000-001B-041A-0000-0000000FF1CE}_PROHYBRIDR_{B53B3C2C-8D03-49E4-90E4-AF6C87F33584}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}_PROHYBRIDR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0424-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovenian) 2007
"{90120000-001B-0424-0000-0000000FF1CE}_PROHYBRIDR_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}_PROHYBRIDR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-040E-0000-0000000FF1CE}_PROHYBRIDR_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007
"{90120000-001F-041A-0000-0000000FF1CE}_PROHYBRIDR_{9DECF714-4963-48E2-924A-B9075485AF6B}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_HOMESTUDENTR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}_PROHYBRIDR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2007
"{90120000-001F-0424-0000-0000000FF1CE}_PROHYBRIDR_{8FF4ED5D-9EA1-4EC5-8F10-767E1705310C}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2007
"{90120000-001F-081A-0000-0000000FF1CE}_PROHYBRIDR_{82FEB6ED-595A-4873-BD85-0578E83B90BB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-041A-0000-0000000FF1CE}" = Microsoft Office Proofing (Croatian) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-002C-0424-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovenian) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_HOMESTUDENTR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}_PROHYBRIDR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-041A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Croatian) 2007
"{90120000-006E-041A-0000-0000000FF1CE}_PROHYBRIDR_{EF343D7E-01EA-4736-991B-932F66628029}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}_PROHYBRIDR_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0424-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovenian) 2007
"{90120000-006E-0424-0000-0000000FF1CE}_PROHYBRIDR_{455248D4-FBA8-4C55-AB56-3F209028D7B5}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94894501-EC12-432B-B8E2-AA8470CC6266}" = UEFA EURO 2008™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9927BE31-1F91-4F2F-0706-F42380F42F21}" = Catalyst Control Center Graphics Previews Vista
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A05DD31F-7D42-15A5-A7CC-52B8A64E1CE1}" = ccc-utility
"{A46717C3-16B8-45C0-BEA4-451C3215795F}" = HP QuickLook
"{A6C3D5F0-3C6C-46BF-A8D0-06EE92E02E9E}_is1" = AD Blocker
"{A7D3AFE1-009C-1FD9-2667-44C7AEADC854}" = CCC Help Japanese
"{A7F0C8E7-AB4E-07E9-A253-01AC35FB99E5}" = CCC Help Chinese Traditional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{AD46608C-3F3A-CCF9-AFC9-6ABC30F3CD14}" = ccc-core-static
"{ADF17636-4BEC-2FDA-BBAC-7EB54A9CD38A}" = CCC Help Turkish
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0344B38-378B-47E0-BDCC-977785D24768}" = Integrated Camera Driver Installer Package Ver.1.30.110.0
"{B4175345-47B2-D099-4F7E-01A909E35898}" = CCC Help Dutch
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD86C297-41C7-4DB5-82C4-98DE3399A2EF}" = Asistent pro přihlášení ke službě Windows Live
"{BEFD173B-9764-11D7-ADB4-00055D49C218}" = ObjectLand 2.7
"{C2FC6A03-5059-4A95-1718-7213A1847447}" = CCC Help Spanish
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C99A9E93-B711-068F-8826-71E4EA734C26}" = CCC Help German
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4C91A46-B290-D762-0FA2-E51AAE608A27}" = CCC Help Czech
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF655663-9233-EF19-2D7D-41CAD3ACDB9B}" = CCC Help Korean
"{F000DE4C-B6CB-4181-BAFF-EC5DA2A9C156}" = RuntimeLibsVC90
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F58E04CD-6E76-43C8-AAF1-482225C2910E}" = Xml Viewer
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F7181675-980F-B539-3C83-4B4C0116EA01}" = CCC Help Danish
"{F7B4CD99-8133-9B6E-3C9E-88BCCC9660A9}" = CCC Help Italian
"A_Tale_of_Two_Kingdoms_1.0" = A Tale of Two Kingdoms 1.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adventure Maker v4.5.2_is1" = Adventure Maker v4.5.2 (build1)
"Anvi Smart Defender" = Anvi Smart Defender 1.7
"Bridge" = Bridge (remove only)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"ChessCat" = ChessCat
"CoreAAC" = CoreAAC
"Czech Soccer Manager 2002 Final Editionverze 4.0 (31.3.2006)" = Czech Soccer Manager 2002 Final Edition
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.5.0
"DSMT5" = MathType 5
"Flaming Ball_is1" = Flaming Ball 2.0
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 1.3.0.0
"FreePascal_is1" = Free Pascal 2.4.0
"GOM Video Converter" = GOM Video Converter
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.02" = GPL Ghostscript
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Kat" = Kat
"KeepNote_is1" = KeepNote 0.6.6
"Landi 11" = Landi 11
"LSI Soft Modem" = LSI HDA Modem
"Map Maker Pro" = Map Maker Pro 3.5
"Marvell Miniport Driver" = Marvell Miniport Driver
"Math Mechanixs_is1" = Math Mechanixs
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox 13.0.1 (x86 cs)" = Mozilla Firefox 13.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"N360" = Norton 360
"PartyPoker" = PartyPoker
"PDF Complete" = PDF Complete Special Edition
"PlayBASIC_is1" = PlayBASIC V1.64L (Learning Edition)
"PlayChess" = PlayChess
"PROHYBRIDR" = 2007 Microsoft Office system
"Quick Screen Recorder 1.5_is1" = Quick Screen Recorder 1.5
"RADVideo" = RAD Video Tools
"SCPR" = Infognition ScreenPressor v1.2 (Remove Only)
"Security_Stronghold Toolbar" = Security Stronghold Toolbar
"Smooth Gallery Builder_is1" = Smooth Gallery Builder 1.0
"STDU Viewer_is1" = STDU Viewer version 1.6.180.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total English Intermediate" = Total English Intermediate
"Turbo Pascal 7.0" = Turbo Pascal 7.0
"Universe53" = DJ OldGames Package: Universe
"Water Quest_is1" = Water Quest
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Wyzo" = Wyzo

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-609705737-2719623672-2951999228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc10-UK_DAILYMIRROR_MAIN" = Football Challenge 2010 (UK)
"gamealarm-DEFAULT" = Game Alarm
"GeoGebra 4" = GeoGebra 4
"King's Quest II" = King's Quest II
"Quest for Glory II" = Quest for Glory II
"Verdict Free" = Slovník Verdict Free (a internetový překladač)
========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/19/2012 2:39:36 PM | Computer Name = Tomas-PC | Source = Application Hang | ID = 1002
Description = Program iexplore.exe verze 9.0.8112.16455 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 14e4 Čas spuštění: 01cdc6597a76d832 Čas ukončení: 60000 Cesta k aplikaci:
C:\Program Files\Internet Explorer\iexplore.exe ID hlášení:

Error - 11/20/2012 6:52:41 PM | Computer Name = Tomas-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iexplore.exe, verze: 9.0.8112.16455, časové
razítko: 0x507284ba Název chybujícího modulu: MSHTML.dll, verze: 9.0.8112.16455,
časové razítko: 0x50728e5d Kód výjimky: 0xc0000005 Posun chyby: 0x0019a9e6 ID chybujícího
procesu: 0x12bc Čas spuštění chybující aplikace: 0x01cdc76c4558e6a9 Cesta k chybující
aplikaci: C:\Program Files\Internet Explorer\iexplore.exe Cesta k chybujícímu modulu:
C:\windows\system32\MSHTML.dll ID zprávy: fc9d86b1-3364-11e2-831c-00271349a4d6

Error - 11/21/2012 5:09:40 PM | Computer Name = Tomas-PC | Source = McLogEvent | ID = 5004
Description =

Error - 11/22/2012 1:54:28 PM | Computer Name = Tomas-PC | Source = McLogEvent | ID = 5004
Description =

Error - 11/22/2012 5:54:45 PM | Computer Name = Tomas-PC | Source = Application Hang | ID = 1002
Description = Program AngelfirecookieRemovalTool.tmp verze 51.52.0.0 přestal spolupracovat
se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 1e00 Čas spuštění: 01cdc8fbd181c301 Čas ukončení: 8 Cesta k aplikaci: C:\Users\Tomas\AppData\Local\Temp\is-SC2F9.tmp\AngelfirecookieRemovalTool.tmp

ID
hlášení:

Error - 11/22/2012 7:40:06 PM | Computer Name = Tomas-PC | Source = McLogEvent | ID = 5004
Description =

Error - 11/22/2012 7:43:36 PM | Computer Name = Tomas-PC | Source = McLogEvent | ID = 5004
Description =

Error - 11/23/2012 7:56:29 AM | Computer Name = Tomas-PC | Source = McLogEvent | ID = 5004
Description =

Error - 11/23/2012 9:56:55 AM | Computer Name = Tomas-PC | Source = McLogEvent | ID = 5004
Description =

Error - 11/23/2012 3:58:32 PM | Computer Name = Tomas-PC | Source = McLogEvent | ID = 5004
Description =

Error - 11/23/2012 4:01:48 PM | Computer Name = Tomas-PC | Source = MsiInstaller | ID = 11730
Description =

[ Hewlett-Packard Events ]
Error - 8/8/2010 12:25:54 PM | Computer Name = Tomas-PC | Source = Hewlett-Packard | ID = 0
Description = cs-CZ Soubor C:\Program Files\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml
nebyl nalezen. mscorlib v System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) v System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) v
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options) v System.IO.StreamReader..ctor(String
path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize)

v System.IO.StreamReader..ctor(String path, Encoding encoding) v System.IO.File.ReadAllText(String
path, Encoding encoding) v n.a()

Error - 4/21/2012 5:36:04 PM | Computer Name = Tomas-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041221113541.xml
File not created by asset agent

Error - 7/10/2012 9:10:42 AM | Computer Name = Tomas-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071210031011.xml
File not created by asset agent

Error - 8/19/2012 1:12:00 PM | Computer Name = Tomas-PC | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 5/23/2010 11:58:03 AM | Computer Name = Tomas-PC | Source = MCUpdate | ID = 0
Description = 17:58:03 - Chyba při připojování k Internetu 17:58:03 - Nelze kontaktovat
server..

Error - 5/23/2010 11:58:10 AM | Computer Name = Tomas-PC | Source = MCUpdate | ID = 0
Description = 17:58:08 - Chyba při připojování k Internetu 17:58:08 - Nelze kontaktovat
server..

Error - 6/28/2010 3:22:31 AM | Computer Name = Tomas-PC | Source = MCUpdate | ID = 0
Description = 9:22:31 - Chyba při připojování k Internetu 9:22:31 - Nelze kontaktovat
server..

Error - 6/28/2010 3:22:42 AM | Computer Name = Tomas-PC | Source = MCUpdate | ID = 0
Description = 9:22:36 - Chyba při připojování k Internetu 9:22:36 - Nelze kontaktovat
server..

Error - 6/28/2010 4:22:49 AM | Computer Name = Tomas-PC | Source = MCUpdate | ID = 0
Description = 10:22:49 - Chyba při připojování k Internetu 10:22:49 - Nelze kontaktovat
server..

Error - 6/28/2010 4:22:56 AM | Computer Name = Tomas-PC | Source = MCUpdate | ID = 0
Description = 10:22:54 - Chyba při připojování k Internetu 10:22:54 - Nelze kontaktovat
server..

Error - 6/28/2010 3:12:40 PM | Computer Name = Tomas-PC | Source = MCUpdate | ID = 0
Description = 21:12:40 - Chyba při připojování k Internetu 21:12:40 - Nelze kontaktovat
server..

Error - 6/28/2010 3:12:55 PM | Computer Name = Tomas-PC | Source = MCUpdate | ID = 0
Description = 21:12:45 - Chyba při připojování k Internetu 21:12:45 - Nelze kontaktovat
server..

Error - 7/16/2010 5:16:32 AM | Computer Name = Tomas-PC | Source = MCUpdate | ID = 0
Description = 11:16:32 - Chyba při připojování k Internetu 11:16:32 - Nelze kontaktovat
server..

Error - 7/16/2010 5:16:50 AM | Computer Name = Tomas-PC | Source = MCUpdate | ID = 0
Description = 11:16:37 - Chyba při připojování k Internetu 11:16:37 - Nelze kontaktovat
server..

[ ODiag Events ]
Error - 12/14/2010 6:27:15 AM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcx. Error code: N/A

Error - 12/14/2010 6:28:18 AM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcx. Error code: N/A

Error - 12/14/2010 6:39:33 AM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcx. Error code: N/A

Error - 2/8/2011 5:49:10 PM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcx. Error code: N/A

Error - 2/8/2011 5:49:55 PM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcx. Error code: N/A

Error - 4/5/2011 5:31:33 PM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcx. Error code: N/A

Error - 4/5/2011 5:33:34 PM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcx. Error code: N/A

Error - 4/10/2011 8:23:14 AM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcx. Error code: N/A

Error - 4/14/2011 9:56:22 AM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcx. Error code: N/A

[ OSession Events ]
Error - 12/14/2010 6:27:14 AM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/14/2010 6:28:18 AM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/14/2010 6:39:33 AM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 682
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/8/2011 5:49:09 PM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/8/2011 5:49:55 PM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/5/2011 5:31:32 PM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/5/2011 5:33:34 PM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/10/2011 8:23:13 AM | Computer Name = Tomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/23/2012 6:12:08 PM | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7000
Description = Služba McAfee Virus and Spyware Protection Service neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 11/23/2012 6:12:26 PM | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: mfehidk xqmb

Error - 11/23/2012 6:29:03 PM | Computer Name = Tomas-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11/23/2012 6:29:03 PM | Computer Name = Tomas-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/23/2012 6:29:18 PM | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7000
Description = Služba McAfee Virus and Spyware Protection Service neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 11/23/2012 6:29:45 PM | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: mfehidk xqmb

Error - 11/24/2012 8:43:53 AM | Computer Name = Tomas-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11/24/2012 8:43:53 AM | Computer Name = Tomas-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/24/2012 8:44:03 AM | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7000
Description = Služba McAfee Virus and Spyware Protection Service neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 11/24/2012 8:45:04 AM | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: mfehidk xqmb

< End of report >

#20 Příspěvek od **vyosek** » 24 lis 2012 22:54

Odintalujte Anvi Smart Defender

Pouzijte tohle http://download.mcafee.com/products/lic ... s/MCPR.exe

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart -- (myAgtSvc)
SRV - [2012/11/15 02:28:00 | 000,701,720 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (ADBlockerSrv)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\sicr.sys -- (xqmb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\N360\0308030.006\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\N360\0308030.006\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\mfehidk.sys -- (mfehidk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tomas\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/07 08:16:20 | 000,022,864 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdrs.sys -- (asdrs)
DRV - [2012/11/07 08:16:20 | 000,014,160 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdws.sys -- (asdws)
DRV - [2012/11/07 08:16:18 | 000,016,208 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\System32\drivers\asdrm.sys -- (asdrm)
DRV - [2012/09/07 13:52:04 | 000,015,696 | ---- | M] () [File_System | System | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys -- (asdnet)
DRV - [2009/05/16 02:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 02:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 02:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 02:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKLM\..\URLSearchHook: {3cb37734-f8da-48ef-89e2-f393f707e839} - C:\Program Files\Security_Stronghold\prxtbSecu.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\URLSearchHook: {3cb37734-f8da-48ef-89e2-f393f707e839} - C:\Program Files\Security_Stronghold\prxtbSecu.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101246&mntrId=94590207000000000000904ce54c3b48
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?cl ... src=crm&q={searchTerms}&locale={locale.underscore}
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_csCZ423
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DB51F5BD-4F35-4D6B-8F20-5421585FB4E8}&mid=b9b32211c21647d0a10ad16e55ad4d25-180177ba7b3b5d7d22637b162c19a5ad643dd8c8&lang=cs&ds=AVG&pr=pr&d=2012-07-12 12:35:04&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-609705737-2719623672-2951999228-1001\..\SearchScopes\{A34045D1-713C-42D6-D900-14720FBD9817}: "URL" = http://torrentreactor.wyzostart.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-156-0-1FchS
FF - prefs.js..CT3231225.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Security Stronghold Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3231225&SearchSource=13&CUI=SB_CUI"
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.2.1.265
FF - prefs.js..extensions.enabledAddons: {3cb37734-f8da-48ef-89e2-f393f707e839}:10.13.40.15
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3231225&SearchSource=2&q="
[2012/11/22 22:54:27 | 000,000,000 | ---D | M] (Security Stronghold) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}
[2012/11/19 11:23:53 | 000,000,000 | ---D | M] (Ask.com Toolbar) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com
[2012/11/23 00:11:35 | 000,001,068 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\searchplugins\security-stronghold-customized-web-search.xml
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ADBlocker] C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe" File not found
O4 - HKLM..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" File not found
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/11/22 22:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/11/22 22:55:44 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Local\Conduit
[2012/11/22 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Security_Stronghold
[2012/11/20 23:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/11/20 23:57:22 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Roaming\IObit
[2012/11/19 11:27:07 | 000,022,864 | ---- | C] (Anvisoft) -- C:\windows\System32\drivers\asdrs.sys
[2012/11/19 11:27:07 | 000,016,208 | ---- | C] (Anvisoft) -- C:\windows\System32\drivers\asdrm.sys
[2012/11/19 11:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2012/11/19 11:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2011/01/16 21:30:13 | 002,691,072 | ---- | C] ( ) -- C:\windows\ulandi.exe
[2010/05/21 10:39:37 | 000,004,608 | ---- | C] () -- C:\Users\Tomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/19 11:27:27 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Anvisoft
[2012/11/20 23:57:22 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\IObit
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[11 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[2012/11/24 13:43:58 | 000,000,936 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0e9e608b0d21.job
[2012/11/24 14:20:14 | 000,000,940 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/11/14 21:36:30 | 000,000,320 | ---- | M] () -- C:\windows\Tasks\HPCeeScheduleForTomas.job
[2011/03/15 19:40:11 | 000,000,186 | ---- | M] () -- C:\windows\Tasks\{1B60B4E4-394C-4FBA-AB32-9C4021774DF9}.job
[2011/03/15 19:47:22 | 000,000,546 | ---- | M] () -- C:\windows\Tasks\{5A483B7F-7467-4A8E-842E-D974BA11704C}.job

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MVS Splash"=-
"McAfee Managed Services Tray"=-
"HP Software Update"=-
""=-
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateSched"=-
"ADBlocker"=-
"Anvi Smart Defender"=-
"IObit Malware Fighter"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-

:files
C:\Program Files\Anvisoft\Anvi Smart Defender
C:\Program Files\IObit
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

tob2 · #21 Příspěvek od **tob2** » 24 lis 2012 23:31

All processes killed
========== OTL ==========
Error: No service named myAgtSvc was found to stop!
Service\Driver key myAgtSvc not found.
File C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart not found.
Error: No service named asdsrv was found to stop!
Service\Driver key asdsrv not found.
File C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe not found.
Error: No service named ADBlockerSrv was found to stop!
Service\Driver key ADBlockerSrv not found.
File C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe not found.
Error: No service named xqmb was found to stop!
Service\Driver key xqmb not found.
File system32\drivers\sicr.sys not found.
Error: No service named SYMNDISV was found to stop!
Service\Driver key SYMNDISV not found.
File C:\windows\System32\Drivers\N360\0308030.006\SYMNDISV.SYS not found.
Error: No service named SYMFW was found to stop!
Service\Driver key SYMFW not found.
File C:\windows\System32\Drivers\N360\0308030.006\SYMFW.SYS not found.
Error: No service named mfehidk was found to stop!
Service\Driver key mfehidk not found.
File system32\drivers\mfehidk.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\Users\Tomas\AppData\Local\Temp\catchme.sys not found.
Error: No service named asdrs was found to stop!
Service\Driver key asdrs not found.
File C:\Windows\System32\drivers\asdrs.sys not found.
Error: No service named asdws was found to stop!
Service\Driver key asdws not found.
File C:\Windows\System32\drivers\asdws.sys not found.
Error: No service named asdrm was found to stop!
Service\Driver key asdrm not found.
File C:\Windows\System32\drivers\asdrm.sys not found.
Error: No service named asdnet was found to stop!
Service\Driver key asdnet not found.
File C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys not found.
Error: No service named MfeAVFK was found to stop!
Service\Driver key MfeAVFK not found.
File C:\Windows\System32\drivers\mfeavfk.sys not found.
Error: Unable to stop service mfetdik!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfetdik deleted successfully.
C:\Windows\System32\drivers\mfetdik.sys moved successfully.
Error: No service named MfeBOPK was found to stop!
Service\Driver key MfeBOPK not found.
File C:\Windows\System32\drivers\mfebopk.sys not found.
Error: No service named MfeRKDK was found to stop!
Service\Driver key MfeRKDK not found.
File C:\Windows\System32\drivers\mferkdk.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{3cb37734-f8da-48ef-89e2-f393f707e839} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cb37734-f8da-48ef-89e2-f393f707e839}\ deleted successfully.
C:\Program Files\Security_Stronghold\prxtbSecu.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-609705737-2719623672-2951999228-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-609705737-2719623672-2951999228-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-609705737-2719623672-2951999228-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-609705737-2719623672-2951999228-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3cb37734-f8da-48ef-89e2-f393f707e839} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cb37734-f8da-48ef-89e2-f393f707e839}\ not found.
File C:\Program Files\Security_Stronghold\prxtbSecu.dll not found.
HKEY_USERS\S-1-5-21-609705737-2719623672-2951999228-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-609705737-2719623672-2951999228-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-609705737-2719623672-2951999228-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-609705737-2719623672-2951999228-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-609705737-2719623672-2951999228-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-609705737-2719623672-2951999228-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-609705737-2719623672-2951999228-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A34045D1-713C-42D6-D900-14720FBD9817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A34045D1-713C-42D6-D900-14720FBD9817}\ not found.
Prefs.js: true removed from CT3231225.browser.search.defaultthis.engineName
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Security Stronghold Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://search.conduit.com/?ctid=CT32312 ... CUI=SB_CUI" removed from browser.startup.homepage
Prefs.js: toolbar@ask.com:3.2.1.265 removed from extensions.enabledAddons
Prefs.js: {3cb37734-f8da-48ef-89e2-f393f707e839}:10.13.40.15 removed from extensions.enabledAddons
Prefs.js: "http://search.conduit.com/ResultsExt.as ... ource=2&q=" removed from keyword.URL
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\Plugins folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\modules folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\META-INF folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\lib folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\defaults\preferences folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\defaults folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\sl folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\lib\jquery.alerts folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\lib folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\core folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa\404 folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\wa folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\menu folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\gf folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ui folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\sp\spsd\images folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\sp\spsd folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\sp\spbd\images folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\sp\spbd folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\sp\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\sp folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\options\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\options\images folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\options\css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\options folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\msd folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\features\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\features folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\api folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ac\res folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ac\img folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ac\css folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\ac folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al\aboutBox folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb\al folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content\tb folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225\content folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome\CT3231225 folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}\chrome folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839} folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\searchplugins\security-stronghold-customized-web-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ADBlocker deleted successfully.
File C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Anvi Smart Defender not found.
File C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfee Managed Services Tray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MVS Splash deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ not found.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Users\Tomas\AppData\Local\Conduit\CT3231225 folder moved successfully.
C:\Users\Tomas\AppData\Local\Conduit folder moved successfully.
C:\Program Files\Security_Stronghold folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
C:\Users\Tomas\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Tomas\AppData\Roaming\IObit folder moved successfully.
File C:\windows\System32\drivers\asdrs.sys not found.
File C:\windows\System32\drivers\asdrm.sys not found.
C:\ProgramData\Anvisoft\Anvi Smart Defender folder moved successfully.
C:\ProgramData\Anvisoft folder moved successfully.
Folder C:\Program Files\Anvisoft\ not found.
C:\Windows\ulandi.exe moved successfully.
C:\Users\Tomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Users\Tomas\AppData\Roaming\Anvisoft folder moved successfully.
Folder C:\Users\Tomas\AppData\Roaming\IObit\ not found.
C:\windows\msdownld.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP195B.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DAE.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8FA2.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBEE0.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCC65.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD96E.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF173.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF431.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF98E.tmp folder deleted successfully.
C:\windows\Installer\MSI355A.tmp deleted successfully.
C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt7D1C.tmp deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd0e9e608b0d21.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\HPCeeScheduleForTomas.job moved successfully.
C:\Windows\Tasks\{1B60B4E4-394C-4FBA-AB32-9C4021774DF9}.job moved successfully.
C:\Windows\Tasks\{5A483B7F-7467-4A8E-842E-D974BA11704C}.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MVS Splash not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfee Managed Services Tray not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ADBlocker not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Anvi Smart Defender not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Anvisoft\Anvi Smart Defender not found.
File\Folder C:\Program Files\IObit not found.
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tomas
->Temp folder emptied: 66576348 bytes
->Temporary Internet Files folder emptied: 228880059 bytes
->Java cache emptied: 30788082 bytes
->FireFox cache emptied: 137980142 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 371193 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17760 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 444.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Tomas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Tomas
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11242012_232047

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#22 Příspěvek od **vyosek** » 25 lis 2012 07:12

Tak snad se nam nyni podari spustit ComboFix, ono je tam toho hodne

tob2 · #23 Příspěvek od **tob2** » 25 lis 2012 15:44

Dobrý den, posílám log z Combofixu:

ComboFix 12-11-22.03 - Tomas 25.11.2012 15:18:42.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3069.1785 [GMT 1:00]
Spuštěný z: c:\users\Tomas\Downloads\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ST6UNST.000
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-25 do 2012-11-25 )))))))))))))))))))))))))))))))
.
.
2012-11-25 14:29 . 2012-11-25 14:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-24 22:08 . 2012-11-24 22:08 -------- d-----w- C:\_OTL
2012-11-24 13:04 . 2012-11-24 13:04 512 ----a-w- C:\PhysicalMBR.bin
2012-11-23 22:27 . 2012-11-23 22:27 -------- d-----w- c:\program files\Verdict Free
2012-11-23 14:26 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA1DC49B-F819-4950-A215-9E950EF64959}\mpengine.dll
2012-11-22 21:54 . 2012-11-22 21:54 -------- d-----w- c:\users\Tomas\AppData\Local\CRE
2012-11-20 22:26 . 2012-11-20 22:26 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-11-19 10:23 . 2012-11-19 10:23 -------- d-----w- c:\program files\MSSOAP
2012-11-19 09:12 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 09:12 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 09:12 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-19 09:09 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 09:09 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 09:09 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-19 09:09 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-19 09:09 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-19 09:09 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-19 09:09 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-18 21:32 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-18 21:32 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-18 21:32 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-18 21:32 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-18 21:32 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-18 21:32 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-18 21:32 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-18 21:32 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-18 21:30 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-18 21:30 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-18 21:30 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-18 21:30 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-18 21:27 . 2012-11-18 21:27 -------- d-----w- c:\users\Tomas\AppData\Roaming\Malwarebytes
2012-11-18 21:27 . 2012-11-18 21:27 -------- d-----w- c:\programdata\Malwarebytes
2012-11-17 20:06 . 2012-11-22 18:18 -------- d-----w- c:\program files\trend micro
2012-11-17 20:06 . 2012-11-17 20:06 -------- d-----w- C:\rsit
2012-11-02 19:41 . 2012-11-02 19:47 -------- d-----w- c:\users\Tomas\AppData\Local\STDUViewer
2012-11-02 19:41 . 2012-11-02 19:41 -------- d-----w- c:\program files\Common Files\STDUtility
2012-11-02 19:41 . 2012-11-02 19:41 -------- d-----w- c:\program files\STDU Viewer
2012-10-31 23:09 . 2012-10-31 23:40 -------- d-----w- c:\users\Tomas\AppData\Local\NPE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 18:28 . 2012-10-09 18:50 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-09 18:48 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-09 18:48 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-09 18:48 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 22:19 . 2012-07-17 09:26 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-05 458844]
.
c:\users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Game Alarm.lnk - c:\games\Game Alarm\gamealarm.exe [2010-7-13 19721728]
Landi 11.lnk - c:\program files\landi 11\Landi11.exe [2011-1-16 2691072]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-3 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121123.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0604000.009\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [x]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: 2012-11-19 11:23; toolbar@ask.com; c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com
FF - ExtSQL: 2012-11-22 22:54; {3cb37734-f8da-48ef-89e2-f393f707e839}; c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-05229619.sys
AddRemove-Adventure Maker v4.5.2_is1 - c:\program files\Adventure Maker v4.5.2\unins000.exe
AddRemove-Bridge - c:\program files\Bridge\uninstall.exe
AddRemove-Deluxe Ski Jump 3_is1 - c:\program files\Deluxe Ski Jump 3\Uninstall\unins000.exe
AddRemove-Flaming Ball_is1 - c:\program files\Flaming Ball\unins000.exe
AddRemove-FLVPlayer4Free Free FLV Player_is1 - c:\program files\FLVPlayer4Free\unins000.exe
AddRemove-GOM Video Converter - c:\program files\GRETECH\GOMVideoConverter\uninstall.exe
AddRemove-Kat - c:\program files\MPPR\Kat\DeIsL1.isu
AddRemove-KeepNote_is1 - c:\program files\KeepNote\unins000.exe
AddRemove-Landi 11 - c:\windows\ulandi.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-Map Maker Pro - c:\map maker\uninst.exe
AddRemove-Math Mechanixs_is1 - c:\program files\Math Mechanixs\Math Mechanixs\unins000.exe
AddRemove-PlayBASIC_is1 - c:\program files\PlayBASIC\unins000.exe
AddRemove-Security_Stronghold Toolbar - c:\program files\Security_Stronghold\uninstall.exe
AddRemove-Smooth Gallery Builder_is1 - c:\program files\Smooth Gallery Builder\unins000.exe
AddRemove-Total English Intermediate - c:\windows\system32\TOTALE~1.SCR
AddRemove-Turbo Pascal 7.0 - c:\program files\TP\DeIsL2.isu
AddRemove-Universe53 - c:\program files\Oldgames\Universe\Uninst.exe
AddRemove-Water Quest_is1 - c:\program files\Water Quest\unins000.exe
AddRemove-{0A3A1D04-4949-40EC-B2A4-E1E801D86365}_is1 - c:\program files\Královna jezer\unins000.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-fc10-UK_DAILYMIRROR_MAIN - c:\games\Football Challenge 2010 (UK)\uninstall.exe
AddRemove-King's Quest II - c:\program files\AGD Interactive\King's Quest II\Uninstall.exe
AddRemove-Quest for Glory II - c:\program files\AGD Interactive\Quest for Glory II\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-11-25 15:38:00
ComboFix-quarantined-files.txt 2012-11-25 14:37
.
Před spuštěním: Volných bajtů: 249 015 578 624
Po spuštění: Volných bajtů: 248 910 598 144
.
- - End Of File - - ABD9C1E16E42ABAAD4DA91180804D0F5

#24 Příspěvek od **vyosek** » 25 lis 2012 22:38

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Driver::
yksvc

NetSvc::
yksvc

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"yksvcs"=-

Firefox::
FF - ProfilePath - c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: 2012-11-19 11:23; toolbar@ask.com; c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

tob2 · #25 Příspěvek od **tob2** » 25 lis 2012 23:11

Dobrý den, řídil jsem se Vašimi pokyny a teď mi nejde spustit žádný program, nic. Jak se toho mám zbavit?

#26 Příspěvek od **vyosek** » 25 lis 2012 23:12

Zdravim

Proc nejde spustit? Dava to nejakou hlasku?

tob2 · #27 Příspěvek od **tob2** » 25 lis 2012 23:57

Omlouvám se, už zase všechno funguje. Je možné zkusit ještě něco jiného než Combofix?

#28 Příspěvek od **vyosek** » 26 lis 2012 00:36

On psal hlasku Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni ale ta je popsana v postupu

Dejte mi sem log z CF

tob2 · #29 Příspěvek od **tob2** » 26 lis 2012 17:58

Dobrý den, ten log je na ploše, ale nejde spustit. Nechci už Combofix znovu spouštět, mohlo by se něco stát s daty. Co byste mi poradil místo programu Combofix? (Pokud už můj počítač není zavirovaný můžeme téma ukončit.) Děkuji Vám za pomoc.

#30 Příspěvek od **vyosek** » 26 lis 2012 18:03

Jak nejde spustit??

VIRY.CZ

prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem

Re: prosím o radu se spywarem