Dobrý den poslední dobou mám nehorázně zpomalený internet. Videa se načítají hrozně pomalu. Ve World of Warcraft latency doshauje klidně i 10000 ms. A mám podezření na backdoora.
Spyware terminator mi našel toto: Trojan.ExOptions.Gen
a nejde to smazat vždy napíše hlášku:
Mazání registrů selhalo: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe
Mazání registrů selhalo: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
Našel jsem tu na fóru pár témat kde se tenhle případ řešil zkoušel jsem následovat rady moderátora ale nepomohlo proto zakládám svůj nový.
Log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by FEARFUL at 2010-04-21 17:57:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 231 GB (48%) free of 477 GB
Total RAM: 3582 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:52, on 21.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\FEARFUL\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\FEARFUL.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B55FCC5-ED07-441D-8ECF-73C106CCEA40}: NameServer = 160.218.10.200 160.218.43.200
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca314635ed9e0) (gupdate1ca314635ed9e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe
--
End of file - 11145 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-04-14 1241960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-27 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
Bitlord Toolbar - C:\Program Files\TorrentMan\tbTor0.dll [2010-01-14 2166296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-09 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-27 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-27 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7c5c0f58-e061-457d-9033-77307f5ed00c} - Bitlord Toolbar - C:\Program Files\TorrentMan\tbTor0.dll [2010-01-14 2166296]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-04-14 1241960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-05-25 1953792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-15 86016]
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"Launch LGDCore"=C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [2006-07-23 1126400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-04-14 2176512]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-09 2140880]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-03-24 3037696]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-03-31 133368]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Hry\World of Warcraft\Launcher.exe"="C:\Hry\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\FEARFUL\Plocha\Stronghold\Stronghold Crusader.exe"="C:\Documents and Settings\FEARFUL\Plocha\Stronghold\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Documents and Settings\FEARFUL\Plocha\aoe2\age2_x1.exe"="C:\Documents and Settings\FEARFUL\Plocha\aoe2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Hry\Diablo II\Diablo II.exe"="C:\Hry\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction"
"C:\Hry\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe"="C:\Hry\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Hry\Wolfenstein - Enemy Territory\ET.exe"="C:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold_TL.exe"="C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold_TL.exe:*:Enabled:Europa1400Gold_TL"
"C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold.exe"="C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold.exe:*:Enabled:Europa1400Gold"
"C:\Hry\UT2004\System\UT2004.exe"="C:\Hry\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Hry\1C\RC Cars\RCCARS.EXE"="C:\Hry\1C\RC Cars\RCCARS.EXE:*:Enabled:RCCars executable"
"C:\Documents and Settings\FEARFUL\Plocha\Port Royale\PortRoyale.exe"="C:\Documents and Settings\FEARFUL\Plocha\Port Royale\PortRoyale.exe:*:Enabled:Port Royale"
"C:\Hry\World of Warcraft\BackgroundDownloader.exe"="C:\Hry\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hry\Warcraft III\Warcraft III.exe"="C:\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe"="C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\Hry\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Hry\CGN\Re-Volt\REVOLT.EXE"="C:\Hry\CGN\Re-Volt\REVOLT.EXE:*:Enabled:REVOLT"
"C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Hry\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Hry\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Hry\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Hry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Hry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Hry\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hry\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hry\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Hry\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Hry\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Hry\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:\Hry\Codemasters\DiRT\DiRT.exe"="C:\Hry\Codemasters\DiRT\DiRT.exe:*:Enabled:DiRT Executable"
"C:\Hry\Ubisoft\Techland\Call of Juarez\coj.exe"="C:\Hry\Ubisoft\Techland\Call of Juarez\coj.exe:*:Enabled:The Call of Juarez"
"C:\Hry\World of Warcraft\WoW-3.2.2.10505-to-3.3.0.10958-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.2.2.10505-to-3.3.0.10958-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hry\TrackMania United\TmUnited.exe"="C:\Hry\TrackMania United\TmUnited.exe:*:Enabled:TmUnited"
"C:\Hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\LuxRender\luxconsole.exe"="C:\Program Files\LuxRender\luxconsole.exe:*:Enabled:LuxRender Slave"
"C:\Hry\Microsoft Games\Age of Empires III\age3x.exe"="C:\Hry\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\Hry\EA GAMES\The Battle for Middle-earth (tm)\game.dat"="C:\Hry\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aomx.exe"="C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\Documents and Settings\FEARFUL\Plocha\Need for Speed Most Wanted\speed.exe"="C:\Documents and Settings\FEARFUL\Plocha\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"C:\Hry\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aom.exe"="C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aom.exe:*:Enabled:Age of Mythology"
"C:\Documents and Settings\FEARFUL\Local Settings\Apps\2.0\T3N1ZNG9.VWC\PD9V5ZB8.0B0\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe"="C:\Documents and Settings\FEARFUL\Local Settings\Apps\2.0\T3N1ZNG9.VWC\PD9V5ZB8.0B0\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\startcd.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d42e9958-f2d8-11de-a22d-001d7d9b1790}]
shell\AutoRun\command - wd_windows_tools\WDSetup.exe
======List of files/folders created in the last 3 months======
2010-04-21 17:57:10 ----D---- C:\rsit
2010-04-21 17:57:10 ----D---- C:\Program Files\trend micro
2010-04-20 21:49:21 ----D---- C:\Program Files\Crawler
2010-04-20 19:05:06 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\Malwarebytes
2010-04-20 19:04:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-20 19:04:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-20 17:12:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-04-20 17:03:56 ----D---- C:\Program Files\CCleaner
2010-04-04 10:44:17 ----D---- C:\Program Files\ESET
2010-03-31 10:00:48 ----D---- C:\Program Files\ICQ6Toolbar
2010-03-31 10:00:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-03-31 09:57:28 ----D---- C:\Program Files\ICQ7.1
2010-03-28 15:18:07 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\uTorrent
2010-03-24 20:11:52 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\WTouch
2010-03-24 20:11:51 ----N---- C:\WINDOWS\system32\Touch_Tablet.dll
2010-03-24 20:11:48 ----D---- C:\Program Files\WTouch
2010-03-24 20:11:43 ----D---- C:\Program Files\TabletPlugins
2010-03-24 20:09:28 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\WTablet
2010-03-24 20:02:54 ----D---- C:\WINDOWS\system32\WTablet
2010-03-24 20:02:49 ----N---- C:\WINDOWS\system32\Wintab32.dll
2010-03-24 20:02:49 ----A---- C:\WINDOWS\system32\Pen_Tablet.dll
2010-03-24 20:02:46 ----A---- C:\WINDOWS\system32\Pen_Tablet.exe
2010-03-24 20:02:41 ----D---- C:\Program Files\Tablet
2010-03-24 18:36:47 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\Spyware Terminator
2010-03-24 18:36:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-03-24 18:36:41 ----D---- C:\Program Files\Spyware Terminator
2010-03-24 15:08:51 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\inkscape
2010-03-24 15:04:29 ----D---- C:\Program Files\Inkscape
2010-03-13 16:29:03 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-03-13 16:26:10 ----D---- C:\3c7e26aeca254384f86473fc70
2010-03-13 15:59:00 ----RHD---- C:\AHCache
2010-02-25 21:18:00 ----D---- C:\Program Files\Zoner
2010-02-25 18:56:02 ----D---- C:\Program Files\Active GIF Creator 2.23
2010-02-22 14:53:14 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\Dev-Cpp
2010-02-22 14:52:47 ----D---- C:\Dev-Cpp
2010-02-22 13:50:52 ----D---- C:\Program Files\cygwin
2010-02-14 01:45:38 ----D---- C:\Program Files\EKO
2010-02-11 20:50:17 ----D---- C:\Program Files\Bunkspeed
2010-02-08 09:51:42 ----HD---- C:\Documents and Settings\FEARFUL\Data aplikací\FDBTemp
2010-02-05 17:38:06 ----D---- C:\Program Files\LogMeIn Hamachi
2010-02-03 20:10:20 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\My Battle for Middle-earth Files
2010-01-25 18:34:03 ----D---- C:\Program Files\7-Zip
======List of files/folders modified in the last 3 months======
2010-04-21 17:57:38 ----D---- C:\WINDOWS\Temp
2010-04-21 17:57:10 ----RD---- C:\Program Files
2010-04-21 17:56:58 ----D---- C:\WINDOWS\Prefetch
2010-04-21 17:56:31 ----A---- C:\WINDOWS\ModemLog_AnyDATA CDMA USB Modem (PID 6501) #3.txt
2010-04-21 16:08:57 ----A---- C:\WINDOWS\red_dialer.ini
2010-04-21 13:47:37 ----SD---- C:\WINDOWS\Tasks
2010-04-21 13:47:04 ----D---- C:\WINDOWS
2010-04-20 22:14:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-20 21:35:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-20 21:33:15 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\ICQ
2010-04-20 19:26:03 ----D---- C:\WINDOWS\system32
2010-04-20 19:04:47 ----D---- C:\WINDOWS\system32\drivers
2010-04-20 17:28:50 ----D---- C:\Program Files\Mozilla Firefox
2010-04-20 17:28:29 ----D---- C:\Program Files\BitLord
2010-04-20 17:18:35 ----SHD---- C:\WINDOWS\Installer
2010-04-20 17:18:35 ----HD---- C:\Config.Msi
2010-04-20 17:18:33 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-04-20 17:13:03 ----HD---- C:\WINDOWS\inf
2010-04-20 17:05:09 ----D---- C:\WINDOWS\Debug
2010-04-20 16:55:31 ----SHD---- C:\System Volume Information
2010-04-20 16:55:31 ----D---- C:\WINDOWS\system32\Restore
2010-04-20 16:52:07 ----D---- C:\WINDOWS\Minidump
2010-04-20 15:09:11 ----D---- C:\tmp
2010-04-19 17:01:43 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-17 01:32:20 ----D---- C:\Program Files\Common Files
2010-04-17 01:31:06 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-04-17 00:26:58 ----D---- C:\WINDOWS\WinSxS
2010-04-14 16:27:29 ----D---- C:\Program Files\Google
2010-04-12 22:35:28 ----D---- C:\Program Files\FlashGet
2010-04-12 15:44:55 ----D---- C:\Downloads
2010-04-02 23:27:38 ----D---- C:\Program Files\blender-2.49b-windows
2010-03-31 10:00:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-25 16:18:00 ----D---- C:\Program Files\ghgfhgfh
2010-03-24 20:03:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-13 16:46:30 ----RSD---- C:\WINDOWS\assembly
2010-03-13 16:44:07 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-13 16:28:50 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-13 16:27:11 ----D---- C:\WINDOWS\system32\XPSViewer
2010-03-13 16:27:08 ----D---- C:\WINDOWS\system32\en-us
2010-03-13 16:27:05 ----RSD---- C:\WINDOWS\Fonts
2010-03-13 16:25:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-12 15:40:33 ----D---- C:\Hry
2010-02-25 21:17:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-14 14:10:28 ----SD---- C:\Documents and Settings\FEARFUL\Data aplikací\Microsoft
2010-02-08 17:53:11 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\gtk-2.0
2010-02-05 17:37:59 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\Hamachi
2010-01-25 18:13:38 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\Indigo Renderer
2010-01-24 23:00:03 ----D---- C:\Program Files\Common Files\Adobe
2010-01-24 22:59:59 ----A---- C:\WINDOWS\win.ini
2010-01-23 08:23:46 ----D---- C:\Documents and Settings\FEARFUL\Data aplikací\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-09 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-09 95872]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-05-24 271360]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-09 139192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-05-24 18048]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 65408]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-08-07 98944]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2009-05-20 13736]
S3 ayrms8uq;ayrms8uq; C:\WINDOWS\system32\drivers\ayrms8uq.sys []
S3 aze5mdbf;aze5mdbf; C:\WINDOWS\system32\drivers\aze5mdbf.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-09 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-27 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-08-14 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-16 214520]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-14 488960]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2009-11-24 4497704]
R2 WTouchService;WTouch Service; C:\Program Files\WTouch\WTouchService.exe [2009-11-24 113448]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S2 gupdate1ca314635ed9e0;Služba Google Update (gupdate1ca314635ed9e0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-09 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 194032]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc); C:\WINDOWS\system32\pr2ah4nc.exe [2007-05-18 407152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-09 33560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-26 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Snad je tenhle log správný pokud ne pokuste se mě navést předem děkuji.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zpomalený internet - Trojan.ExOptions.Gen
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Zpomalený internet - Trojan.ExOptions.Gen
Zdravím 
Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy. Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
CREATERESTOREPOINT- Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: Zpomalený internet - Trojan.ExOptions.Gen
Provedeno
OTL.txt
OTL logfile created on: 21.4.2010 18:21:42 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\FEARFUL\Dokumenty\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 225,55 Gb Free Space | 48,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FEARFUL-DBB43B4
Current User Name: FEARFUL
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.21 18:20:25 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FEARFUL\Dokumenty\Downloads\OTL.exe
PRC - [2010.04.14 15:21:08 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.04.14 15:21:07 | 002,176,512 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2010.03.28 05:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010.03.24 18:36:49 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010.03.09 10:13:08 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010.03.09 10:12:56 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.24 01:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009.11.24 01:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009.10.29 13:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.07.23 03:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006.06.15 12:36:18 | 000,229,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2005.07.21 04:13:42 | 001,294,442 | ---- | M] () -- C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
========== Modules (SafeList) ==========
MOD - [2010.04.21 18:20:25 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FEARFUL\Dokumenty\Downloads\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010.04.14 15:21:08 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.03.09 10:14:36 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.03.09 10:13:08 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.10.29 13:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.08.26 10:19:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007.05.18 21:53:29 | 000,407,152 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\WINDOWS\System32\pr2ah4nc.exe -- (pr2ah4nc) DiRT Drivers Auto Removal (pr2ah4nc)
SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004.03.18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2010.03.24 18:36:48 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.03.09 10:13:32 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.03.09 10:13:00 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.03.09 10:11:22 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.12 11:14:30 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.24 11:19:04 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.05.24 11:19:04 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.20 20:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.04.21 15:21:49 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009.01.15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.08.07 11:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.07.18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.13 17:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007.05.18 21:53:01 | 000,064,880 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pe3ah4nc.sys -- (pe3ah4nc) DiRT Environment Driver (pe3ah4nc)
DRV - [2007.05.18 21:52:38 | 000,055,160 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ps6ah4nc.sys -- (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc)
DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005.05.02 13:55:40 | 000,065,408 | R--- | M] (AnyDATA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adusbmdm65.sys -- (adusbmdm6501) AnyDATA CDMA USB Modem Driver (PID 6501)
DRV - [2005.05.02 13:55:34 | 000,064,896 | R--- | M] (AnyDATA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adusbser65.sys -- (adusbser6501) AnyDATA CDMA USB Serial Port (PID 6501)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436374069-1801674531-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-436374069-1801674531-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-436374069-1801674531-839522115-1003\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-436374069-1801674531-839522115-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-436374069-1801674531-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... 2.0.0.2&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ [2010.04.20 21:49:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.10 06:51:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.16 13:38:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.04.04 10:44:20 | 000,000,000 | ---D | M]
[2009.04.21 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Extensions
[2010.04.14 22:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\extensions
[2010.03.31 10:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.31 10:00:45 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\searchplugins\icqplugin.gif
[2010.03.31 10:00:45 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\searchplugins\icqplugin.src
[2010.04.09 14:24:04 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\searchplugins\icqplugin.xml
[2010.04.14 22:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.04.21 17:29:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\stahuj@centrum.cz
[2009.09.21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009.08.16 23:38:27 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.16 23:38:27 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.16 23:38:27 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.16 23:38:27 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.16 23:38:27 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2001.10.25 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-436374069-1801674531-839522115-1003\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKU\S-1-5-21-436374069-1801674531-839522115-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-436374069-1801674531-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-436374069-1801674531-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-436374069-1801674531-839522115-1003..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-436374069-1801674531-839522115-1003..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1801674531-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-436374069-1801674531-839522115-1003\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d42e9958-f2d8-11de-a22d-001d7d9b1790}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\startcd.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.04.21 17:00:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)
========== Files/Folders - Created Within 30 Days ==========
[2010.04.21 17:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.21 17:57:10 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.21 13:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
[2010.04.20 21:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010.04.20 19:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\Malwarebytes
[2010.04.20 19:04:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.20 19:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.04.20 19:04:44 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.20 19:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.20 17:27:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\FEARFUL\Recent
[2010.04.20 17:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
[2010.04.20 17:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.04.19 17:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Dokumenty\W7_ULTIMATE
[2010.04.19 14:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\WTablet
[2010.04.04 10:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.04.03 00:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Plocha\blender-2.49b-windows
[2010.04.02 22:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Plocha\blender-2.5-alpha2-win32
[2010.03.31 10:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.03.31 10:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.03.31 09:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\AOL
[2010.03.31 09:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1
[2010.03.28 15:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\uTorrent
[2010.03.24 20:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\WTouch
[2010.03.24 20:11:51 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Touch_Tablet.dll
[2010.03.24 20:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010.03.24 20:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010.03.24 20:11:16 | 006,393,640 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\PenTablet.cpl
[2010.03.24 20:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\WTablet
[2010.03.24 20:03:46 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys
[2010.03.24 20:03:14 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys
[2010.03.24 20:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet
[2010.03.24 20:02:49 | 000,416,040 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.dll
[2010.03.24 20:02:49 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2010.03.24 20:02:46 | 004,497,704 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
[2010.03.24 20:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010.03.24 18:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\Spyware Terminator
[2010.03.24 18:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2010.03.24 18:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.03.24 15:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\inkscape
[2010.03.24 15:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2010.03.23 22:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Dokumenty\1
[2009.09.09 14:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.09.09 14:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2009.07.30 12:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2009.04.21 15:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.04.21 15:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.04.21 15:11:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.04.21 15:11:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.04.21 17:53:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.21 17:10:42 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2010.04.21 16:19:18 | 000,092,739 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Dokumenty\24563_414380367068_208735512068_5828709_1827084_n.jpg
[2010.04.21 16:08:57 | 000,000,244 | ---- | M] () -- C:\WINDOWS\red_dialer.ini
[2010.04.21 13:47:37 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.04.21 13:46:39 | 000,206,530 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.04.21 13:46:36 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.21 13:46:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.21 13:46:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.20 22:14:32 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\FEARFUL\ntuser.dat
[2010.04.20 20:30:05 | 000,080,103 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Dokumenty\mh4pzn.jpg
[2010.04.20 19:04:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.20 17:12:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.20 17:03:56 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Plocha\CCleaner.lnk
[2010.04.20 16:55:06 | 001,531,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.20 16:53:49 | 000,065,216 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.04.20 15:49:34 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010.04.20 15:49:34 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2010.04.19 19:56:34 | 000,023,584 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Dokumenty\bookmarks.html
[2010.04.19 17:07:10 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\FEARFUL\default.pls
[2010.04.19 17:01:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.19 16:27:21 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.18 20:28:12 | 370,409,471 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Dokumenty\W7_ULTIMATE_7600.16385.090713-1255_x86_x64_CZ_EN_SK_Activated.iso
[2010.04.18 20:28:12 | 370,409,471 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Dokumenty\Kopie - W7_ULTIMATE_7600.16385.090713-1255_x86_x64_CZ_EN_SK_Activated.iso
[2010.04.18 08:02:26 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\FEARFUL\ntuser.ini
[2010.04.16 13:38:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.04.15 11:50:52 | 000,403,881 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Plocha\_4_0d.pdf
[2010.04.14 16:27:45 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.04.13 07:14:49 | 734,457,166 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\Ulovit miliardare.avi
[2010.04.11 15:55:30 | 008,276,752 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\aom10to110.exe
[2010.04.11 15:54:33 | 002,175,368 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\AgeOfMythologyv1.10FixedexeEng.rar
[2010.04.11 15:28:14 | 008,264,162 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\aom10to109.zip
[2010.04.01 01:02:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2010.03.31 10:01:08 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ICQ7.1.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.25 00:00:30 | 000,003,439 | ---- | M] () -- C:\Documents and Settings\FEARFUL\.recently-used.xbel
[2010.03.24 20:11:04 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\TouchTabletUserDefaults.xml
[2010.03.24 20:11:04 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\PenTabletUserDefaults.xml
[2010.03.24 18:37:01 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.03.24 18:36:48 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.03.24 15:08:00 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Inkscape.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.21 16:19:18 | 000,092,739 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Dokumenty\24563_414380367068_208735512068_5828709_1827084_n.jpg
[2010.04.20 21:21:56 | 1673,986,047 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Plocha\rzr-sim3.iso
[2010.04.20 20:30:05 | 000,080,103 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Dokumenty\mh4pzn.jpg
[2010.04.20 19:04:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.20 17:03:56 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Plocha\CCleaner.lnk
[2010.04.19 19:56:34 | 000,023,584 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Dokumenty\bookmarks.html
[2010.04.19 17:13:54 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2010.04.19 17:13:54 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2010.04.19 17:09:50 | 370,409,471 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Dokumenty\Kopie - W7_ULTIMATE_7600.16385.090713-1255_x86_x64_CZ_EN_SK_Activated.iso
[2010.04.15 11:50:52 | 000,403,881 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Plocha\_4_0d.pdf
[2010.04.14 16:27:45 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.04.13 18:06:58 | 734,457,166 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\Ulovit miliardare.avi
[2010.04.11 15:58:19 | 008,276,752 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\aom10to110.exe
[2010.04.11 15:58:19 | 002,175,368 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\AgeOfMythologyv1.10FixedexeEng.rar
[2010.04.11 15:21:00 | 008,264,162 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\aom10to109.zip
[2010.03.31 10:01:08 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\ICQ7.1.lnk
[2010.03.28 15:24:01 | 370,409,471 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Dokumenty\W7_ULTIMATE_7600.16385.090713-1255_x86_x64_CZ_EN_SK_Activated.iso
[2010.03.25 00:00:30 | 000,003,439 | ---- | C] () -- C:\Documents and Settings\FEARFUL\.recently-used.xbel
[2010.03.24 20:11:20 | 001,595,175 | ---- | C] () -- C:\WINDOWS\System32\PenTablet.znc
[2010.03.24 20:02:41 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\TouchTabletUserDefaults.xml
[2010.03.24 20:02:41 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\PenTabletUserDefaults.xml
[2010.03.24 18:37:01 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.03.24 18:36:48 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.03.24 15:08:00 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Inkscape.lnk
[2010.01.16 12:46:32 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.01.09 15:23:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.01.09 15:23:49 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.01.09 13:09:52 | 000,000,309 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.08.20 14:52:13 | 000,611,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009.08.11 14:21:30 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.08.11 14:21:23 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Data aplikací\PnkBstrK.sys
[2009.07.27 03:02:35 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\FEARFUL\dxva_sig.txt
[2009.07.24 16:38:54 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009.07.18 01:16:16 | 003,156,992 | -HS- | C] () -- C:\Documents and Settings\FEARFUL\DokumentyMqb77c_save2pc.exe
[2009.06.27 12:40:34 | 006,815,744 | ---- | C] () -- C:\Documents and Settings\FEARFUL\ntuser.dat
[2009.06.17 15:32:02 | 003,156,992 | -HS- | C] () -- C:\Documents and Settings\FEARFUL\DokumentyFuk3Uw_save2pc.exe
[2009.06.17 15:21:26 | 003,156,992 | -HS- | C] () -- C:\Documents and Settings\FEARFUL\DokumentyJjb0Iy_save2pc.exe
[2009.06.16 22:26:53 | 003,156,992 | -HS- | C] () -- C:\Documents and Settings\FEARFUL\DokumentyClW8Yu_save2pc.exe
[2009.06.16 22:16:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.13 11:32:49 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.06.13 11:29:18 | 000,000,016 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2009.05.24 11:19:04 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.05.24 11:19:04 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.05.23 16:28:05 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\FEARFUL\intlname.ols
[2009.05.14 14:09:52 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.02 17:09:14 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\fusioncache.dat
[2009.05.02 12:00:04 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2009.04.24 13:13:24 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.04.23 18:19:11 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.04.23 18:19:10 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.04.23 18:19:10 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.04.23 17:56:57 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.04.23 15:16:51 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.04.21 17:56:50 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\FEARFUL\default.pls
[2009.04.21 17:53:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.21 15:57:26 | 000,000,244 | ---- | C] () -- C:\WINDOWS\red_dialer.ini
[2009.04.21 15:14:42 | 000,000,272 | -HS- | C] () -- C:\Documents and Settings\FEARFUL\ntuser.ini
[2009.04.21 15:14:41 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\FEARFUL\ntuser.dat.LOG
[2009.01.15 08:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.01.15 08:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.01.15 08:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.01.15 08:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009.11.17 01:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2010.01.16 13:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Age of Empires 3
[2009.04.23 17:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.04.23 15:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
[2009.04.21 16:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.06.29 10:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Fallout3
[2010.03.31 10:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.04.23 15:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.04.21 18:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2010.04.17 01:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.12.19 15:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TrackMania United
[2009.11.17 01:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\ACD Systems
[2010.01.09 15:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\AnvSoft
[2009.06.16 22:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Any Video Converter
[2009.05.03 13:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Blender Foundation
[2009.04.23 17:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools
[2009.04.23 18:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools Lite
[2009.04.23 17:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools Pro
[2009.06.07 22:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Datalayer
[2010.02.22 15:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Dev-Cpp
[2010.02.08 09:52:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\FDBTemp
[2009.09.24 17:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\GHISLER
[2010.02.08 17:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\gtk-2.0
[2010.04.20 21:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\ICQ
[2010.01.25 18:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Indigo Renderer
[2010.03.24 15:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\inkscape
[2010.02.04 21:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\My Battle for Middle-earth Files
[2010.01.03 19:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\My Battle for Middle-earth(tm) II Files
[2009.04.23 15:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Nokia
[2009.04.23 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\PC Suite
[2010.04.21 18:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Spyware Terminator
[2009.08.01 11:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\The Creative Assembly
[2010.04.20 16:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\uTorrent
[2010.03.24 20:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\WTouch
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun -- [2008.12.29 12:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd)
"AlcoholAutomount" = "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount -- [2009.04.24 05:16:34 | 000,203,928 | ---- | M] (Alcohol Soft Development Team)
"SpywareTerminatorUpdate" = "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2010.03.24 18:36:49 | 003,037,696 | ---- | M] (Crawler.com)
"ICQ" = "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 -- [2010.03.31 09:57:30 | 000,133,368 | ---- | M] (ICQ, LLC.)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< c:\windows\*.* /U >
[8 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.11.17 01:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\ACD Systems
[2010.01.23 08:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Adobe
[2009.04.23 19:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Ahead
[2010.01.09 15:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\AnvSoft
[2009.06.16 22:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Any Video Converter
[2009.05.03 13:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Blender Foundation
[2009.04.23 17:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools
[2009.04.23 18:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools Lite
[2009.04.23 17:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools Pro
[2009.06.07 22:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Datalayer
[2010.02.22 15:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Dev-Cpp
[2010.02.08 09:52:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\FDBTemp
[2009.09.24 17:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\GHISLER
[2009.09.09 14:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Google
[2010.02.08 17:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\gtk-2.0
[2010.02.05 17:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Hamachi
[2010.04.20 21:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\ICQ
[2009.04.21 15:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Identities
[2010.01.25 18:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Indigo Renderer
[2010.03.24 15:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\inkscape
[2009.04.21 15:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\InstallShield
[2009.04.21 17:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Macromedia
[2010.04.20 19:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Malwarebytes
[2010.01.09 15:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Media Player Classic
[2010.02.14 14:10:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Microsoft
[2009.04.21 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla
[2010.02.04 21:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\My Battle for Middle-earth Files
[2010.01.03 19:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\My Battle for Middle-earth(tm) II Files
[2009.04.23 15:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Nokia
[2009.04.23 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\PC Suite
[2009.08.23 16:22:28 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\SecuROM
[2010.04.21 18:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Spyware Terminator
[2009.05.27 16:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Sun
[2009.10.14 19:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\teamspeak2
[2009.08.01 11:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\The Creative Assembly
[2010.04.20 16:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\uTorrent
[2009.04.24 15:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Ventrilo
[2009.04.22 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\WinRAR
[2010.04.21 13:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\WTablet
[2010.03.24 20:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\WTouch
OTL.txt
OTL logfile created on: 21.4.2010 18:21:42 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\FEARFUL\Dokumenty\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 225,55 Gb Free Space | 48,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FEARFUL-DBB43B4
Current User Name: FEARFUL
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.04.21 18:20:25 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FEARFUL\Dokumenty\Downloads\OTL.exe
PRC - [2010.04.14 15:21:08 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.04.14 15:21:07 | 002,176,512 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2010.03.28 05:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010.03.24 18:36:49 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010.03.09 10:13:08 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010.03.09 10:12:56 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.24 01:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009.11.24 01:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009.10.29 13:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.07.23 03:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006.06.15 12:36:18 | 000,229,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2005.07.21 04:13:42 | 001,294,442 | ---- | M] () -- C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
========== Modules (SafeList) ==========
MOD - [2010.04.21 18:20:25 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FEARFUL\Dokumenty\Downloads\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010.04.14 15:21:08 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.03.09 10:14:36 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.03.09 10:13:08 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.10.29 13:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.08.26 10:19:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007.05.18 21:53:29 | 000,407,152 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\WINDOWS\System32\pr2ah4nc.exe -- (pr2ah4nc) DiRT Drivers Auto Removal (pr2ah4nc)
SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004.03.18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2010.03.24 18:36:48 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.03.09 10:13:32 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.03.09 10:13:00 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.03.09 10:11:22 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.12 11:14:30 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.24 11:19:04 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.05.24 11:19:04 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.20 20:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.04.21 15:21:49 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009.01.15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.08.07 11:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.07.18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.13 17:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007.05.18 21:53:01 | 000,064,880 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pe3ah4nc.sys -- (pe3ah4nc) DiRT Environment Driver (pe3ah4nc)
DRV - [2007.05.18 21:52:38 | 000,055,160 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ps6ah4nc.sys -- (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc)
DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005.05.02 13:55:40 | 000,065,408 | R--- | M] (AnyDATA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adusbmdm65.sys -- (adusbmdm6501) AnyDATA CDMA USB Modem Driver (PID 6501)
DRV - [2005.05.02 13:55:34 | 000,064,896 | R--- | M] (AnyDATA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adusbser65.sys -- (adusbser6501) AnyDATA CDMA USB Serial Port (PID 6501)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436374069-1801674531-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-436374069-1801674531-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-436374069-1801674531-839522115-1003\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-436374069-1801674531-839522115-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-436374069-1801674531-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... 2.0.0.2&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ [2010.04.20 21:49:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.10 06:51:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.16 13:38:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.04.04 10:44:20 | 000,000,000 | ---D | M]
[2009.04.21 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Extensions
[2010.04.14 22:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\extensions
[2010.03.31 10:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.31 10:00:45 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\searchplugins\icqplugin.gif
[2010.03.31 10:00:45 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\searchplugins\icqplugin.src
[2010.04.09 14:24:04 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\searchplugins\icqplugin.xml
[2010.04.14 22:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.04.21 17:29:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\stahuj@centrum.cz
[2009.09.21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009.08.16 23:38:27 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.16 23:38:27 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.16 23:38:27 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.16 23:38:27 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.16 23:38:27 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2001.10.25 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-436374069-1801674531-839522115-1003\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKU\S-1-5-21-436374069-1801674531-839522115-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-436374069-1801674531-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-436374069-1801674531-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-436374069-1801674531-839522115-1003..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-436374069-1801674531-839522115-1003..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1801674531-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-436374069-1801674531-839522115-1003\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d42e9958-f2d8-11de-a22d-001d7d9b1790}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\startcd.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.04.21 17:00:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)
========== Files/Folders - Created Within 30 Days ==========
[2010.04.21 17:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.21 17:57:10 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.21 13:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
[2010.04.20 21:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010.04.20 19:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\Malwarebytes
[2010.04.20 19:04:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.20 19:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.04.20 19:04:44 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.20 19:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.20 17:27:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\FEARFUL\Recent
[2010.04.20 17:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
[2010.04.20 17:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.04.19 17:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Dokumenty\W7_ULTIMATE
[2010.04.19 14:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\WTablet
[2010.04.04 10:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.04.03 00:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Plocha\blender-2.49b-windows
[2010.04.02 22:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Plocha\blender-2.5-alpha2-win32
[2010.03.31 10:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.03.31 10:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.03.31 09:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\AOL
[2010.03.31 09:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1
[2010.03.28 15:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\uTorrent
[2010.03.24 20:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\WTouch
[2010.03.24 20:11:51 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Touch_Tablet.dll
[2010.03.24 20:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010.03.24 20:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010.03.24 20:11:16 | 006,393,640 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\PenTablet.cpl
[2010.03.24 20:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\WTablet
[2010.03.24 20:03:46 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys
[2010.03.24 20:03:14 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys
[2010.03.24 20:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet
[2010.03.24 20:02:49 | 000,416,040 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.dll
[2010.03.24 20:02:49 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2010.03.24 20:02:46 | 004,497,704 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
[2010.03.24 20:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010.03.24 18:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\Spyware Terminator
[2010.03.24 18:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2010.03.24 18:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.03.24 15:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Data aplikací\inkscape
[2010.03.24 15:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2010.03.23 22:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FEARFUL\Dokumenty\1
[2009.09.09 14:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.09.09 14:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2009.07.30 12:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2009.04.21 15:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.04.21 15:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.04.21 15:11:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.04.21 15:11:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.04.21 17:53:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.21 17:10:42 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2010.04.21 16:19:18 | 000,092,739 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Dokumenty\24563_414380367068_208735512068_5828709_1827084_n.jpg
[2010.04.21 16:08:57 | 000,000,244 | ---- | M] () -- C:\WINDOWS\red_dialer.ini
[2010.04.21 13:47:37 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.04.21 13:46:39 | 000,206,530 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.04.21 13:46:36 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.21 13:46:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.21 13:46:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.20 22:14:32 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\FEARFUL\ntuser.dat
[2010.04.20 20:30:05 | 000,080,103 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Dokumenty\mh4pzn.jpg
[2010.04.20 19:04:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.20 17:12:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.20 17:03:56 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Plocha\CCleaner.lnk
[2010.04.20 16:55:06 | 001,531,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.20 16:53:49 | 000,065,216 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.04.20 15:49:34 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010.04.20 15:49:34 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2010.04.19 19:56:34 | 000,023,584 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Dokumenty\bookmarks.html
[2010.04.19 17:07:10 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\FEARFUL\default.pls
[2010.04.19 17:01:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.19 16:27:21 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.18 20:28:12 | 370,409,471 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Dokumenty\W7_ULTIMATE_7600.16385.090713-1255_x86_x64_CZ_EN_SK_Activated.iso
[2010.04.18 20:28:12 | 370,409,471 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Dokumenty\Kopie - W7_ULTIMATE_7600.16385.090713-1255_x86_x64_CZ_EN_SK_Activated.iso
[2010.04.18 08:02:26 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\FEARFUL\ntuser.ini
[2010.04.16 13:38:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.04.15 11:50:52 | 000,403,881 | ---- | M] () -- C:\Documents and Settings\FEARFUL\Plocha\_4_0d.pdf
[2010.04.14 16:27:45 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.04.13 07:14:49 | 734,457,166 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\Ulovit miliardare.avi
[2010.04.11 15:55:30 | 008,276,752 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\aom10to110.exe
[2010.04.11 15:54:33 | 002,175,368 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\AgeOfMythologyv1.10FixedexeEng.rar
[2010.04.11 15:28:14 | 008,264,162 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\aom10to109.zip
[2010.04.01 01:02:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2010.03.31 10:01:08 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ICQ7.1.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.25 00:00:30 | 000,003,439 | ---- | M] () -- C:\Documents and Settings\FEARFUL\.recently-used.xbel
[2010.03.24 20:11:04 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\TouchTabletUserDefaults.xml
[2010.03.24 20:11:04 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\PenTabletUserDefaults.xml
[2010.03.24 18:37:01 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.03.24 18:36:48 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.03.24 15:08:00 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Inkscape.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.04.21 16:19:18 | 000,092,739 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Dokumenty\24563_414380367068_208735512068_5828709_1827084_n.jpg
[2010.04.20 21:21:56 | 1673,986,047 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Plocha\rzr-sim3.iso
[2010.04.20 20:30:05 | 000,080,103 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Dokumenty\mh4pzn.jpg
[2010.04.20 19:04:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.20 17:03:56 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Plocha\CCleaner.lnk
[2010.04.19 19:56:34 | 000,023,584 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Dokumenty\bookmarks.html
[2010.04.19 17:13:54 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2010.04.19 17:13:54 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2010.04.19 17:09:50 | 370,409,471 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Dokumenty\Kopie - W7_ULTIMATE_7600.16385.090713-1255_x86_x64_CZ_EN_SK_Activated.iso
[2010.04.15 11:50:52 | 000,403,881 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Plocha\_4_0d.pdf
[2010.04.14 16:27:45 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.04.13 18:06:58 | 734,457,166 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\Ulovit miliardare.avi
[2010.04.11 15:58:19 | 008,276,752 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\aom10to110.exe
[2010.04.11 15:58:19 | 002,175,368 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\AgeOfMythologyv1.10FixedexeEng.rar
[2010.04.11 15:21:00 | 008,264,162 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\aom10to109.zip
[2010.03.31 10:01:08 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\ICQ7.1.lnk
[2010.03.28 15:24:01 | 370,409,471 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Dokumenty\W7_ULTIMATE_7600.16385.090713-1255_x86_x64_CZ_EN_SK_Activated.iso
[2010.03.25 00:00:30 | 000,003,439 | ---- | C] () -- C:\Documents and Settings\FEARFUL\.recently-used.xbel
[2010.03.24 20:11:20 | 001,595,175 | ---- | C] () -- C:\WINDOWS\System32\PenTablet.znc
[2010.03.24 20:02:41 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\TouchTabletUserDefaults.xml
[2010.03.24 20:02:41 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\PenTabletUserDefaults.xml
[2010.03.24 18:37:01 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.03.24 18:36:48 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.03.24 15:08:00 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Inkscape.lnk
[2010.01.16 12:46:32 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.01.09 15:23:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.01.09 15:23:49 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.01.09 13:09:52 | 000,000,309 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.08.20 14:52:13 | 000,611,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009.08.11 14:21:30 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.08.11 14:21:23 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Data aplikací\PnkBstrK.sys
[2009.07.27 03:02:35 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\FEARFUL\dxva_sig.txt
[2009.07.24 16:38:54 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009.07.18 01:16:16 | 003,156,992 | -HS- | C] () -- C:\Documents and Settings\FEARFUL\DokumentyMqb77c_save2pc.exe
[2009.06.27 12:40:34 | 006,815,744 | ---- | C] () -- C:\Documents and Settings\FEARFUL\ntuser.dat
[2009.06.17 15:32:02 | 003,156,992 | -HS- | C] () -- C:\Documents and Settings\FEARFUL\DokumentyFuk3Uw_save2pc.exe
[2009.06.17 15:21:26 | 003,156,992 | -HS- | C] () -- C:\Documents and Settings\FEARFUL\DokumentyJjb0Iy_save2pc.exe
[2009.06.16 22:26:53 | 003,156,992 | -HS- | C] () -- C:\Documents and Settings\FEARFUL\DokumentyClW8Yu_save2pc.exe
[2009.06.16 22:16:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.13 11:32:49 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.06.13 11:29:18 | 000,000,016 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2009.05.24 11:19:04 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.05.24 11:19:04 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.05.23 16:28:05 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\FEARFUL\intlname.ols
[2009.05.14 14:09:52 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.02 17:09:14 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\FEARFUL\Local Settings\Data aplikací\fusioncache.dat
[2009.05.02 12:00:04 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2009.04.24 13:13:24 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.04.23 18:19:11 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.04.23 18:19:10 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.04.23 18:19:10 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.04.23 17:56:57 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.04.23 15:16:51 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.04.21 17:56:50 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\FEARFUL\default.pls
[2009.04.21 17:53:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.21 15:57:26 | 000,000,244 | ---- | C] () -- C:\WINDOWS\red_dialer.ini
[2009.04.21 15:14:42 | 000,000,272 | -HS- | C] () -- C:\Documents and Settings\FEARFUL\ntuser.ini
[2009.04.21 15:14:41 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\FEARFUL\ntuser.dat.LOG
[2009.01.15 08:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.01.15 08:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.01.15 08:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.01.15 08:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009.11.17 01:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2010.01.16 13:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Age of Empires 3
[2009.04.23 17:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.04.23 15:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
[2009.04.21 16:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.06.29 10:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Fallout3
[2010.03.31 10:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.04.23 15:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.04.21 18:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2010.04.17 01:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.12.19 15:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TrackMania United
[2009.11.17 01:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\ACD Systems
[2010.01.09 15:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\AnvSoft
[2009.06.16 22:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Any Video Converter
[2009.05.03 13:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Blender Foundation
[2009.04.23 17:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools
[2009.04.23 18:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools Lite
[2009.04.23 17:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools Pro
[2009.06.07 22:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Datalayer
[2010.02.22 15:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Dev-Cpp
[2010.02.08 09:52:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\FDBTemp
[2009.09.24 17:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\GHISLER
[2010.02.08 17:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\gtk-2.0
[2010.04.20 21:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\ICQ
[2010.01.25 18:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Indigo Renderer
[2010.03.24 15:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\inkscape
[2010.02.04 21:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\My Battle for Middle-earth Files
[2010.01.03 19:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\My Battle for Middle-earth(tm) II Files
[2009.04.23 15:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Nokia
[2009.04.23 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\PC Suite
[2010.04.21 18:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Spyware Terminator
[2009.08.01 11:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\The Creative Assembly
[2010.04.20 16:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\uTorrent
[2010.03.24 20:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\WTouch
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun -- [2008.12.29 12:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd)
"AlcoholAutomount" = "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount -- [2009.04.24 05:16:34 | 000,203,928 | ---- | M] (Alcohol Soft Development Team)
"SpywareTerminatorUpdate" = "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2010.03.24 18:36:49 | 003,037,696 | ---- | M] (Crawler.com)
"ICQ" = "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 -- [2010.03.31 09:57:30 | 000,133,368 | ---- | M] (ICQ, LLC.)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< c:\windows\*.* /U >
[8 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.11.17 01:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\ACD Systems
[2010.01.23 08:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Adobe
[2009.04.23 19:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Ahead
[2010.01.09 15:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\AnvSoft
[2009.06.16 22:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Any Video Converter
[2009.05.03 13:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Blender Foundation
[2009.04.23 17:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools
[2009.04.23 18:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools Lite
[2009.04.23 17:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\DAEMON Tools Pro
[2009.06.07 22:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Datalayer
[2010.02.22 15:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Dev-Cpp
[2010.02.08 09:52:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\FDBTemp
[2009.09.24 17:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\GHISLER
[2009.09.09 14:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Google
[2010.02.08 17:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\gtk-2.0
[2010.02.05 17:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Hamachi
[2010.04.20 21:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\ICQ
[2009.04.21 15:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Identities
[2010.01.25 18:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Indigo Renderer
[2010.03.24 15:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\inkscape
[2009.04.21 15:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\InstallShield
[2009.04.21 17:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Macromedia
[2010.04.20 19:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Malwarebytes
[2010.01.09 15:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Media Player Classic
[2010.02.14 14:10:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Microsoft
[2009.04.21 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Mozilla
[2010.02.04 21:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\My Battle for Middle-earth Files
[2010.01.03 19:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\My Battle for Middle-earth(tm) II Files
[2009.04.23 15:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Nokia
[2009.04.23 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\PC Suite
[2009.08.23 16:22:28 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\SecuROM
[2010.04.21 18:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Spyware Terminator
[2009.05.27 16:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Sun
[2009.10.14 19:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\teamspeak2
[2009.08.01 11:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\The Creative Assembly
[2010.04.20 16:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\uTorrent
[2009.04.24 15:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\Ventrilo
[2009.04.22 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\WinRAR
[2010.04.21 13:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\WTablet
[2010.03.24 20:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FEARFUL\Data aplikací\WTouch
Re: Zpomalený internet - Trojan.ExOptions.Gen
< %APPDATA%\*.exe /s >
[2009.05.02 12:05:18 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\FEARFUL\Data aplikací\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
[2010.02.08 09:51:47 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\FEARFUL\Data aplikací\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
[2009.08.01 18:40:32 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\FEARFUL\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.07.12 11:14:30 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009.04.21 17:02:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.04.21 17:02:46 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.04.21 17:02:46 | 000,499,712 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:FB1B13D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:40FCD9A0
< End of report >
[2009.05.02 12:05:18 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\FEARFUL\Data aplikací\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
[2010.02.08 09:51:47 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\FEARFUL\Data aplikací\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
[2009.08.01 18:40:32 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\FEARFUL\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.07.12 11:14:30 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009.04.21 17:02:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.04.21 17:02:46 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.04.21 17:02:46 | 000,499,712 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:FB1B13D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:40FCD9A0
< End of report >
Re: Zpomalený internet - Trojan.ExOptions.Gen
Extras.txt
OTL Extras logfile created on: 21.4.2010 18:21:42 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\FEARFUL\Dokumenty\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 225,55 Gb Free Space | 48,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FEARFUL-DBB43B4
Current User Name: FEARFUL
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-436374069-1801674531-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Hry\World of Warcraft\Launcher.exe" = C:\Hry\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- File not found
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Documents and Settings\FEARFUL\Plocha\Stronghold\Stronghold Crusader.exe" = C:\Documents and Settings\FEARFUL\Plocha\Stronghold\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\Documents and Settings\FEARFUL\Plocha\aoe2\age2_x1.exe" = C:\Documents and Settings\FEARFUL\Plocha\aoe2\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- File not found
"C:\Hry\Diablo II\Diablo II.exe" = C:\Hry\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction -- (Blizzard North)
"C:\Hry\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Hry\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Hry\Wolfenstein - Enemy Territory\ET.exe" = C:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold_TL.exe" = C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold_TL.exe:*:Enabled:Europa1400Gold_TL -- ()
"C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold.exe" = C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold.exe:*:Enabled:Europa1400Gold -- ()
"C:\Hry\UT2004\System\UT2004.exe" = C:\Hry\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
"C:\Hry\1C\RC Cars\RCCARS.EXE" = C:\Hry\1C\RC Cars\RCCARS.EXE:*:Enabled:RCCars executable -- (Computer Graphics Studio CREAT)
"C:\Documents and Settings\FEARFUL\Plocha\Port Royale\PortRoyale.exe" = C:\Documents and Settings\FEARFUL\Plocha\Port Royale\PortRoyale.exe:*:Enabled:Port Royale -- (Ascaron Entertainment GmbH)
"C:\Hry\World of Warcraft\BackgroundDownloader.exe" = C:\Hry\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Hry\Warcraft III\Warcraft III.exe" = C:\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe" = C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Hry\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- File not found
"C:\Hry\CGN\Re-Volt\REVOLT.EXE" = C:\Hry\CGN\Re-Volt\REVOLT.EXE:*:Enabled:REVOLT -- ()
"C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Hry\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Hry\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Hry\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- File not found
"C:\Hry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Hry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Hry\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Hry\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Hry\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = C:\Hry\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- (Electronic Arts Inc.)
"C:\Hry\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE" = C:\Hry\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem -- (Team 17 Ltd)
"C:\Hry\Codemasters\DiRT\DiRT.exe" = C:\Hry\Codemasters\DiRT\DiRT.exe:*:Enabled:DiRT Executable -- (Codemasters)
"C:\Hry\Ubisoft\Techland\Call of Juarez\coj.exe" = C:\Hry\Ubisoft\Techland\Call of Juarez\coj.exe:*:Enabled:The Call of Juarez -- File not found
"C:\Hry\World of Warcraft\WoW-3.2.2.10505-to-3.3.0.10958-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.2.2.10505-to-3.3.0.10958-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Hry\TrackMania United\TmUnited.exe" = C:\Hry\TrackMania United\TmUnited.exe:*:Enabled:TmUnited -- ()
"C:\Hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\LuxRender\luxconsole.exe" = C:\Program Files\LuxRender\luxconsole.exe:*:Enabled:LuxRender Slave -- ()
"C:\Hry\Microsoft Games\Age of Empires III\age3x.exe" = C:\Hry\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Hry\EA GAMES\The Battle for Middle-earth (tm)\game.dat" = C:\Hry\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm) -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aomx.exe" = C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Documents and Settings\FEARFUL\Plocha\Need for Speed Most Wanted\speed.exe" = C:\Documents and Settings\FEARFUL\Plocha\Need for Speed Most Wanted\speed.exe:*:Enabled:speed -- ()
"C:\Hry\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aom.exe" = C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aom.exe:*:Enabled:Age of Mythology -- (Ensemble Studios)
"C:\Documents and Settings\FEARFUL\Local Settings\Apps\2.0\T3N1ZNG9.VWC\PD9V5ZB8.0B0\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = C:\Documents and Settings\FEARFUL\Local Settings\Apps\2.0\T3N1ZNG9.VWC\PD9V5ZB8.0B0\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04DD2EE7-31BB-4186-9A30-447283BC26F8}" = HyperShot
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2EE90F26-20B3-4423-81DE-E57E5D2E4FEF}" = Zoner GIF Animator 5
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3d9ac095-e115-4e94-bdef-7f7edf17697d}" = Python 2.6.3
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = The Battle for Middle-earth (tm)
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66EBD70F-A42C-475F-AEDF-277378151029}" = Nero 7 Essentials
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F8EEE16-9240-4B20-8357-13CE74D1858C}" = RC Cars
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9DFF6811-C498-45E4-94C8-A0B98FCBEC32}" = ESET NOD32 Antivirus
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13E90B0-4E1C-11DB-6784-0152EAA218BE}" = Call of Duty(R) 2 Patch 1.3
"{C289183E-1DD8-42FA-8DFE-94F61ED1CFA3}_is1" = LuxRender 0.6.1 x86 SSE2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DBECFA83-42DC-4585-A970-A764AB01A956}" = Call Of Duty(R) 2
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{de2f2d9c-53e2-40ee-8209-74da63cb060e}" = Python 3.0.1
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"7-Zip" = 7-Zip 4.65
"Active GIF Creator 2.23" = Active GIF Creator 2.23
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.1
"Any Video Converter_is1" = Any Video Converter 2.7.4
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"Blendigo" = Blendigo
"Bobot Version 04.01" = Bobot Version 04.01
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II" = Diablo II
"DivXCodec" = DivX 4.11 Codec
"DungeonSiege2" = Dungeon Siege 2
"Easy Wireless Net" = Easy Wireless Net V1.18
"EAX Unified" = EAX Unified
"Europa 1400 - Gold Edition" = Europa 1400 - Gold Edition
"ffdshow_is1" = ffdshow [rev 3178] [2010-01-03]
"FlashGet" = FlashGet 1.9.0.1012
"GameParkClient_is1" = GamePark
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"ICQToolbar" = ICQ Toolbar
"Inkscape" = Inkscape 0.47
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Micro DVD Player" = Micro DVD Player
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"PunkBusterSvc" = PunkBuster Services
"Re-Volt_is1" = Re-Volt - www.classic-gaming.net
"save2pc Light_is1" = save2pc Light 3.51
"slovesa 1.0.0.0_is1" = slovesa version 1.0.0.0
"Spyware Terminator_is1" = Spyware Terminator
"Steam App 10500" = Empire: Total War
"TmUnited_is1" = TrackMania United 0.2.0.0
"TorrentMan Toolbar" = TorrentMan Toolbar
"Totalcmd" = Total Commander (Remove or Repair)
"UT2004" = Unreal Tournament 2004
"VentriloMIX" = VentriloMIX
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YafaRay MinGW32 Build" = YafaRay MinGW32 Build
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-436374069-1801674531-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.4.2010 15:53:26 | Computer Name = FEARFUL-DBB43B4 | Source = Google Update | ID = 20
Description =
Error - 20.4.2010 11:14:18 | Computer Name = FEARFUL-DBB43B4 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 20.4.2010 11:14:42 | Computer Name = FEARFUL-DBB43B4 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 20.4.2010 11:15:07 | Computer Name = FEARFUL-DBB43B4 | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 20.4.2010 11:16:18 | Computer Name = FEARFUL-DBB43B4 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 20.4.2010 11:16:29 | Computer Name = FEARFUL-DBB43B4 | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 20.4.2010 11:16:33 | Computer Name = FEARFUL-DBB43B4 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 20.4.2010 11:16:36 | Computer Name = FEARFUL-DBB43B4 | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 20.4.2010 11:17:17 | Computer Name = FEARFUL-DBB43B4 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 20.4.2010 11:17:26 | Computer Name = FEARFUL-DBB43B4 | Source = MSSecurityEssentials | ID = 5000
Description =
OTL Extras logfile created on: 21.4.2010 18:21:42 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\FEARFUL\Dokumenty\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 225,55 Gb Free Space | 48,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FEARFUL-DBB43B4
Current User Name: FEARFUL
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-436374069-1801674531-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Hry\World of Warcraft\Launcher.exe" = C:\Hry\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- File not found
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Documents and Settings\FEARFUL\Plocha\Stronghold\Stronghold Crusader.exe" = C:\Documents and Settings\FEARFUL\Plocha\Stronghold\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\Documents and Settings\FEARFUL\Plocha\aoe2\age2_x1.exe" = C:\Documents and Settings\FEARFUL\Plocha\aoe2\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- File not found
"C:\Hry\Diablo II\Diablo II.exe" = C:\Hry\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction -- (Blizzard North)
"C:\Hry\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Hry\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Hry\Wolfenstein - Enemy Territory\ET.exe" = C:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold_TL.exe" = C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold_TL.exe:*:Enabled:Europa1400Gold_TL -- ()
"C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold.exe" = C:\Hry\Encore\Europa 1400 - Gold Edition\Europa1400Gold.exe:*:Enabled:Europa1400Gold -- ()
"C:\Hry\UT2004\System\UT2004.exe" = C:\Hry\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
"C:\Hry\1C\RC Cars\RCCARS.EXE" = C:\Hry\1C\RC Cars\RCCARS.EXE:*:Enabled:RCCars executable -- (Computer Graphics Studio CREAT)
"C:\Documents and Settings\FEARFUL\Plocha\Port Royale\PortRoyale.exe" = C:\Documents and Settings\FEARFUL\Plocha\Port Royale\PortRoyale.exe:*:Enabled:Port Royale -- (Ascaron Entertainment GmbH)
"C:\Hry\World of Warcraft\BackgroundDownloader.exe" = C:\Hry\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Hry\Warcraft III\Warcraft III.exe" = C:\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe" = C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Hry\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- File not found
"C:\Hry\CGN\Re-Volt\REVOLT.EXE" = C:\Hry\CGN\Re-Volt\REVOLT.EXE:*:Enabled:REVOLT -- ()
"C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Hry\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Hry\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Hry\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Hry\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- File not found
"C:\Hry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Hry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Hry\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Hry\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Hry\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = C:\Hry\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- (Electronic Arts Inc.)
"C:\Hry\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE" = C:\Hry\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem -- (Team 17 Ltd)
"C:\Hry\Codemasters\DiRT\DiRT.exe" = C:\Hry\Codemasters\DiRT\DiRT.exe:*:Enabled:DiRT Executable -- (Codemasters)
"C:\Hry\Ubisoft\Techland\Call of Juarez\coj.exe" = C:\Hry\Ubisoft\Techland\Call of Juarez\coj.exe:*:Enabled:The Call of Juarez -- File not found
"C:\Hry\World of Warcraft\WoW-3.2.2.10505-to-3.3.0.10958-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.2.2.10505-to-3.3.0.10958-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Hry\TrackMania United\TmUnited.exe" = C:\Hry\TrackMania United\TmUnited.exe:*:Enabled:TmUnited -- ()
"C:\Hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\LuxRender\luxconsole.exe" = C:\Program Files\LuxRender\luxconsole.exe:*:Enabled:LuxRender Slave -- ()
"C:\Hry\Microsoft Games\Age of Empires III\age3x.exe" = C:\Hry\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Hry\EA GAMES\The Battle for Middle-earth (tm)\game.dat" = C:\Hry\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm) -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aomx.exe" = C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Documents and Settings\FEARFUL\Plocha\Need for Speed Most Wanted\speed.exe" = C:\Documents and Settings\FEARFUL\Plocha\Need for Speed Most Wanted\speed.exe:*:Enabled:speed -- ()
"C:\Hry\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe" = C:\Hry\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aom.exe" = C:\Documents and Settings\FEARFUL\Plocha\Age of Mythology\aom.exe:*:Enabled:Age of Mythology -- (Ensemble Studios)
"C:\Documents and Settings\FEARFUL\Local Settings\Apps\2.0\T3N1ZNG9.VWC\PD9V5ZB8.0B0\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = C:\Documents and Settings\FEARFUL\Local Settings\Apps\2.0\T3N1ZNG9.VWC\PD9V5ZB8.0B0\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04DD2EE7-31BB-4186-9A30-447283BC26F8}" = HyperShot
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2EE90F26-20B3-4423-81DE-E57E5D2E4FEF}" = Zoner GIF Animator 5
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3d9ac095-e115-4e94-bdef-7f7edf17697d}" = Python 2.6.3
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = The Battle for Middle-earth (tm)
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66EBD70F-A42C-475F-AEDF-277378151029}" = Nero 7 Essentials
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F8EEE16-9240-4B20-8357-13CE74D1858C}" = RC Cars
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9DFF6811-C498-45E4-94C8-A0B98FCBEC32}" = ESET NOD32 Antivirus
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13E90B0-4E1C-11DB-6784-0152EAA218BE}" = Call of Duty(R) 2 Patch 1.3
"{C289183E-1DD8-42FA-8DFE-94F61ED1CFA3}_is1" = LuxRender 0.6.1 x86 SSE2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DBECFA83-42DC-4585-A970-A764AB01A956}" = Call Of Duty(R) 2
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{de2f2d9c-53e2-40ee-8209-74da63cb060e}" = Python 3.0.1
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"7-Zip" = 7-Zip 4.65
"Active GIF Creator 2.23" = Active GIF Creator 2.23
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.1
"Any Video Converter_is1" = Any Video Converter 2.7.4
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"Blendigo" = Blendigo
"Bobot Version 04.01" = Bobot Version 04.01
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II" = Diablo II
"DivXCodec" = DivX 4.11 Codec
"DungeonSiege2" = Dungeon Siege 2
"Easy Wireless Net" = Easy Wireless Net V1.18
"EAX Unified" = EAX Unified
"Europa 1400 - Gold Edition" = Europa 1400 - Gold Edition
"ffdshow_is1" = ffdshow [rev 3178] [2010-01-03]
"FlashGet" = FlashGet 1.9.0.1012
"GameParkClient_is1" = GamePark
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"ICQToolbar" = ICQ Toolbar
"Inkscape" = Inkscape 0.47
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Micro DVD Player" = Micro DVD Player
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"PunkBusterSvc" = PunkBuster Services
"Re-Volt_is1" = Re-Volt - www.classic-gaming.net
"save2pc Light_is1" = save2pc Light 3.51
"slovesa 1.0.0.0_is1" = slovesa version 1.0.0.0
"Spyware Terminator_is1" = Spyware Terminator
"Steam App 10500" = Empire: Total War
"TmUnited_is1" = TrackMania United 0.2.0.0
"TorrentMan Toolbar" = TorrentMan Toolbar
"Totalcmd" = Total Commander (Remove or Repair)
"UT2004" = Unreal Tournament 2004
"VentriloMIX" = VentriloMIX
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YafaRay MinGW32 Build" = YafaRay MinGW32 Build
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-436374069-1801674531-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.4.2010 15:53:26 | Computer Name = FEARFUL-DBB43B4 | Source = Google Update | ID = 20
Description =
Error - 20.4.2010 11:14:18 | Computer Name = FEARFUL-DBB43B4 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 20.4.2010 11:14:42 | Computer Name = FEARFUL-DBB43B4 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 20.4.2010 11:15:07 | Computer Name = FEARFUL-DBB43B4 | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 20.4.2010 11:16:18 | Computer Name = FEARFUL-DBB43B4 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 20.4.2010 11:16:29 | Computer Name = FEARFUL-DBB43B4 | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 20.4.2010 11:16:33 | Computer Name = FEARFUL-DBB43B4 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 20.4.2010 11:16:36 | Computer Name = FEARFUL-DBB43B4 | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 20.4.2010 11:17:17 | Computer Name = FEARFUL-DBB43B4 | Source = MPSampleSubmission | ID = 5000
Description =
Error - 20.4.2010 11:17:26 | Computer Name = FEARFUL-DBB43B4 | Source = MSSecurityEssentials | ID = 5000
Description =
Re: Zpomalený internet - Trojan.ExOptions.Gen
[ System Events ]
Error - 20.4.2010 15:30:14 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 20.4.2010 15:30:14 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 20.4.2010 15:30:14 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 20.4.2010 15:30:14 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 15 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 20.4.2010 15:31:45 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 20.4.2010 15:31:45 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 20.4.2010 15:31:45 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 20.4.2010 15:31:45 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 15 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 20.4.2010 15:33:00 | Computer Name = FEARFUL-DBB43B4 | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Služba brány aplikačního rozhraní.
Error - 20.4.2010 15:33:00 | Computer Name = FEARFUL-DBB43B4 | Source = Service Control Manager | ID = 7000
Description = Služba Služba brány aplikačního rozhraní neuspěla při spuštění v důsledku
následující chyby: %%1053
< End of report >
omlouvám se že je to takhle rozkouskovaně ale nepovolilo mi to forum kvůli počtu znaků
Error - 20.4.2010 15:30:14 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 20.4.2010 15:30:14 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 20.4.2010 15:30:14 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 20.4.2010 15:30:14 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 15 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 20.4.2010 15:31:45 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 20.4.2010 15:31:45 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 20.4.2010 15:31:45 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)
Error - 20.4.2010 15:31:45 | Computer Name = FEARFUL-DBB43B4 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 15 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.
Error - 20.4.2010 15:33:00 | Computer Name = FEARFUL-DBB43B4 | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Služba brány aplikačního rozhraní.
Error - 20.4.2010 15:33:00 | Computer Name = FEARFUL-DBB43B4 | Source = Service Control Manager | ID = 7000
Description = Služba Služba brány aplikačního rozhraní neuspěla při spuštění v důsledku
následující chyby: %%1053
< End of report >
omlouvám se že je to takhle rozkouskovaně ale nepovolilo mi to forum kvůli počtu znaků
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Zpomalený internet - Trojan.ExOptions.Gen
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:OTL
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-436374069-1801674531-839522115-1003\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:FB1B13D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:40FCD9A0
O33 - MountPoints2\D\Shell - "" = AutoRun
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]Re: Zpomalený internet - Trojan.ExOptions.Gen
Provedeno:
log:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_USERS\S-1-5-21-436374069-1801674531-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\*\ deleted successfully.
Invalid CLSID key: *
C:\WINDOWS\002692_.tmp deleted successfully.
C:\WINDOWS\DUMP2e53.tmp deleted successfully.
C:\WINDOWS\DUMP5062.tmp deleted successfully.
C:\WINDOWS\DUMP6b5c.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:FB1B13D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:40FCD9A0 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: FEARFUL
->Temp folder emptied: 1506061 bytes
->Temporary Internet Files folder emptied: 12396851 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71565769 bytes
->Google Chrome cache emptied: 151388094 bytes
->Flash cache emptied: 613 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33664 bytes
User: NetworkService
->Temp folder emptied: 3480 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9170 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 226,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: FEARFUL
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
OTL by OldTimer - Version 3.2.1.3 log created on 04212010_184752
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
log:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_USERS\S-1-5-21-436374069-1801674531-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\*\ deleted successfully.
Invalid CLSID key: *
C:\WINDOWS\002692_.tmp deleted successfully.
C:\WINDOWS\DUMP2e53.tmp deleted successfully.
C:\WINDOWS\DUMP5062.tmp deleted successfully.
C:\WINDOWS\DUMP6b5c.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:FB1B13D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:40FCD9A0 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: FEARFUL
->Temp folder emptied: 1506061 bytes
->Temporary Internet Files folder emptied: 12396851 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71565769 bytes
->Google Chrome cache emptied: 151388094 bytes
->Flash cache emptied: 613 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33664 bytes
User: NetworkService
->Temp folder emptied: 3480 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9170 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 226,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: FEARFUL
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
OTL by OldTimer - Version 3.2.1.3 log created on 04212010_184752
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Zpomalený internet - Trojan.ExOptions.Gen
Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229- Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
- Nic nemažte
MBAM má občas falešné detekce a mohl by smazat např. systémové soubory. - Log vložte sem.
Re: Zpomalený internet - Trojan.ExOptions.Gen
Provedeno:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 4012
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
21.4.2010 19:45:20
mbam-log-2010-04-21 (19-45-20).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 274835
Uplynulý čas: 47 minuta(y), 19 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 4012
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
21.4.2010 19:45:20
mbam-log-2010-04-21 (19-45-20).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 274835
Uplynulý čas: 47 minuta(y), 19 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Zpomalený internet - Trojan.ExOptions.Gen
Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe- Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
- Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
- Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
- Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
- Během skenování může být počítač restartován.
Re: Zpomalený internet - Trojan.ExOptions.Gen
Provedeno:
ComboFix 10-04-21.01 - FEARFUL 21.04.2010 20:19:15.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3206 [GMT 2:00]
Spuštěný z: c:\documents and settings\FEARFUL\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-21 do 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-21 16:47 . 2010-04-21 16:47 -------- d-----w- C:\_OTL
2010-04-21 15:57 . 2010-04-21 16:05 -------- d-----w- c:\program files\trend micro
2010-04-21 15:57 . 2010-04-21 15:57 -------- d-----w- C:\rsit
2010-04-20 19:49 . 2010-04-20 19:58 -------- d-----w- c:\program files\Crawler
2010-04-20 17:04 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 17:04 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 17:04 . 2010-04-20 17:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 15:03 . 2010-04-20 15:03 -------- d-----w- c:\program files\CCleaner
2010-03-31 08:00 . 2010-03-31 08:00 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-31 07:57 . 2010-03-31 08:01 -------- d-----w- c:\program files\ICQ7.1
2010-03-24 18:11 . 2009-11-23 23:53 245032 ------w- c:\windows\system32\Touch_Tablet.dll
2010-03-24 18:11 . 2010-03-24 18:11 -------- d-----w- c:\program files\WTouch
2010-03-24 18:11 . 2010-03-24 18:11 -------- d-----w- c:\program files\TabletPlugins
2010-03-24 18:03 . 2007-02-16 18:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-03-24 18:03 . 2009-05-20 18:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-03-24 18:02 . 2010-03-24 18:11 -------- d-----w- c:\windows\system32\WTablet
2010-03-24 18:02 . 2009-11-23 23:53 416040 ----a-w- c:\windows\system32\Pen_Tablet.dll
2010-03-24 18:02 . 2009-11-23 20:16 284160 ------w- c:\windows\system32\Wintab32.dll
2010-03-24 18:02 . 2009-11-23 23:53 4497704 ----a-w- c:\windows\system32\Pen_Tablet.exe
2010-03-24 18:02 . 2010-03-24 18:11 -------- d-----w- c:\program files\Tablet
2010-03-24 16:36 . 2010-03-24 16:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-24 16:36 . 2010-04-21 16:01 -------- d-----w- c:\program files\Spyware Terminator
2010-03-24 13:04 . 2010-03-24 13:08 -------- d-----w- c:\program files\Inkscape
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 16:47 . 2001-10-25 12:00 502954 ----a-w- c:\windows\system32\perfh005.dat
2010-04-21 16:47 . 2001-10-25 12:00 107350 ----a-w- c:\windows\system32\perfc005.dat
2010-04-20 15:28 . 2009-04-25 09:54 -------- d-----w- c:\program files\BitLord
2010-04-14 14:27 . 2009-09-09 12:01 -------- d-----w- c:\program files\Google
2010-04-12 20:35 . 2009-08-25 23:31 -------- d-----w- c:\program files\FlashGet
2010-04-02 21:27 . 2009-11-16 21:34 -------- d-----w- c:\program files\blender-2.49b-windows
2010-03-31 08:00 . 2009-04-21 13:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-25 14:18 . 2009-11-03 20:26 -------- d-----w- c:\program files\ghgfhgfh
2010-03-11 11:41 . 2009-05-15 15:49 132153 ----a-w- c:\windows\War3Unin.dat
2010-02-25 19:18 . 2010-02-25 19:18 -------- d-----w- c:\program files\Zoner
2010-02-25 19:17 . 2009-04-21 15:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-25 16:56 . 2010-02-25 16:56 -------- d-----w- c:\program files\Active GIF Creator 2.23
2010-02-22 12:10 . 2010-02-22 11:50 -------- d-----w- c:\program files\cygwin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2010-01-14 20:52 2166296 ----a-w- c:\program files\TorrentMan\tbTor0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-24 3037696]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-03-31 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-14 2176512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Hry\\World of Warcraft\\Launcher.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Stronghold\\Stronghold Crusader.exe"=
"c:\\Hry\\Diablo II\\Diablo II.exe"=
"c:\\Hry\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Hry\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Hry\\Encore\\Europa 1400 - Gold Edition\\Europa1400Gold_TL.exe"=
"c:\\Hry\\Encore\\Europa 1400 - Gold Edition\\Europa1400Gold.exe"=
"c:\\Hry\\UT2004\\System\\UT2004.exe"=
"c:\\Hry\\1C\\RC Cars\\RCCARS.EXE"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Port Royale\\PortRoyale.exe"=
"c:\\Hry\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Hry\\CGN\\Re-Volt\\REVOLT.EXE"=
"c:\\Hry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Hry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Hry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Hry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Hry\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Hry\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"c:\\Hry\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-enGB-downloader.exe"=
"c:\\Hry\\TrackMania United\\TmUnited.exe"=
"c:\\Hry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\LuxRender\\luxconsole.exe"=
"c:\\Hry\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Hry\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Age of Mythology\\aomx.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Age of Mythology\\aom.exe"=
"c:\\Documents and Settings\\FEARFUL\\Local Settings\\Apps\\2.0\\T3N1ZNG9.VWC\\PD9V5ZB8.0B0\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [18.5.2007 21:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [18.5.2007 21:52 55160]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24.3.2010 18:36 142592]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 13:27 1074568]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31.3.2010 10:00 246520]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [24.3.2010 20:02 4497704]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [24.3.2010 20:11 113448]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [21.4.2009 15:59 65408]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [21.4.2009 15:52 64896]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.4.2009 17:56 721904]
S2 gupdate1ca314635ed9e0;Služba Google Update (gupdate1ca314635ed9e0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 14:06 133104]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 12:01]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 12:06]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 12:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-436374069-1801674531-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,a7,e1,14,96,00,b3,dc,5a,7b,09,a1,58,51,84,54,e5,05,53,d9,98,
2b,f4,97,6b,79,9e,da,00,9d,f0,58,03,ca,bf,05,3e,e2,18,b4,5a,dd,fd,4a,10,4a,\
"rkeysecu"=hex:fe,0a,22,57,ae,71,bf,41,ed,02,63,94,76,1a,43,bf
.
Celkový čas: 2010-04-21 20:24:05
ComboFix-quarantined-files.txt 2010-04-21 18:24
Před spuštěním: Volných bajtů: 242 509 524 992
Po spuštění: Volných bajtů: 242 475 212 800
- - End Of File - - 703178C5B1FE939F0A6E8E9B36665E75
ComboFix 10-04-21.01 - FEARFUL 21.04.2010 20:19:15.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3206 [GMT 2:00]
Spuštěný z: c:\documents and settings\FEARFUL\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-21 do 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-21 16:47 . 2010-04-21 16:47 -------- d-----w- C:\_OTL
2010-04-21 15:57 . 2010-04-21 16:05 -------- d-----w- c:\program files\trend micro
2010-04-21 15:57 . 2010-04-21 15:57 -------- d-----w- C:\rsit
2010-04-20 19:49 . 2010-04-20 19:58 -------- d-----w- c:\program files\Crawler
2010-04-20 17:04 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 17:04 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 17:04 . 2010-04-20 17:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 15:03 . 2010-04-20 15:03 -------- d-----w- c:\program files\CCleaner
2010-03-31 08:00 . 2010-03-31 08:00 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-31 07:57 . 2010-03-31 08:01 -------- d-----w- c:\program files\ICQ7.1
2010-03-24 18:11 . 2009-11-23 23:53 245032 ------w- c:\windows\system32\Touch_Tablet.dll
2010-03-24 18:11 . 2010-03-24 18:11 -------- d-----w- c:\program files\WTouch
2010-03-24 18:11 . 2010-03-24 18:11 -------- d-----w- c:\program files\TabletPlugins
2010-03-24 18:03 . 2007-02-16 18:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-03-24 18:03 . 2009-05-20 18:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-03-24 18:02 . 2010-03-24 18:11 -------- d-----w- c:\windows\system32\WTablet
2010-03-24 18:02 . 2009-11-23 23:53 416040 ----a-w- c:\windows\system32\Pen_Tablet.dll
2010-03-24 18:02 . 2009-11-23 20:16 284160 ------w- c:\windows\system32\Wintab32.dll
2010-03-24 18:02 . 2009-11-23 23:53 4497704 ----a-w- c:\windows\system32\Pen_Tablet.exe
2010-03-24 18:02 . 2010-03-24 18:11 -------- d-----w- c:\program files\Tablet
2010-03-24 16:36 . 2010-03-24 16:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-24 16:36 . 2010-04-21 16:01 -------- d-----w- c:\program files\Spyware Terminator
2010-03-24 13:04 . 2010-03-24 13:08 -------- d-----w- c:\program files\Inkscape
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 16:47 . 2001-10-25 12:00 502954 ----a-w- c:\windows\system32\perfh005.dat
2010-04-21 16:47 . 2001-10-25 12:00 107350 ----a-w- c:\windows\system32\perfc005.dat
2010-04-20 15:28 . 2009-04-25 09:54 -------- d-----w- c:\program files\BitLord
2010-04-14 14:27 . 2009-09-09 12:01 -------- d-----w- c:\program files\Google
2010-04-12 20:35 . 2009-08-25 23:31 -------- d-----w- c:\program files\FlashGet
2010-04-02 21:27 . 2009-11-16 21:34 -------- d-----w- c:\program files\blender-2.49b-windows
2010-03-31 08:00 . 2009-04-21 13:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-25 14:18 . 2009-11-03 20:26 -------- d-----w- c:\program files\ghgfhgfh
2010-03-11 11:41 . 2009-05-15 15:49 132153 ----a-w- c:\windows\War3Unin.dat
2010-02-25 19:18 . 2010-02-25 19:18 -------- d-----w- c:\program files\Zoner
2010-02-25 19:17 . 2009-04-21 15:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-25 16:56 . 2010-02-25 16:56 -------- d-----w- c:\program files\Active GIF Creator 2.23
2010-02-22 12:10 . 2010-02-22 11:50 -------- d-----w- c:\program files\cygwin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2010-01-14 20:52 2166296 ----a-w- c:\program files\TorrentMan\tbTor0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-24 3037696]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-03-31 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-14 2176512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Hry\\World of Warcraft\\Launcher.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Stronghold\\Stronghold Crusader.exe"=
"c:\\Hry\\Diablo II\\Diablo II.exe"=
"c:\\Hry\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Hry\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Hry\\Encore\\Europa 1400 - Gold Edition\\Europa1400Gold_TL.exe"=
"c:\\Hry\\Encore\\Europa 1400 - Gold Edition\\Europa1400Gold.exe"=
"c:\\Hry\\UT2004\\System\\UT2004.exe"=
"c:\\Hry\\1C\\RC Cars\\RCCARS.EXE"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Port Royale\\PortRoyale.exe"=
"c:\\Hry\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Hry\\CGN\\Re-Volt\\REVOLT.EXE"=
"c:\\Hry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Hry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Hry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Hry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Hry\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Hry\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"c:\\Hry\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-enGB-downloader.exe"=
"c:\\Hry\\TrackMania United\\TmUnited.exe"=
"c:\\Hry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\LuxRender\\luxconsole.exe"=
"c:\\Hry\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Hry\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Age of Mythology\\aomx.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Age of Mythology\\aom.exe"=
"c:\\Documents and Settings\\FEARFUL\\Local Settings\\Apps\\2.0\\T3N1ZNG9.VWC\\PD9V5ZB8.0B0\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [18.5.2007 21:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [18.5.2007 21:52 55160]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24.3.2010 18:36 142592]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 13:27 1074568]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31.3.2010 10:00 246520]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [24.3.2010 20:02 4497704]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [24.3.2010 20:11 113448]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [21.4.2009 15:59 65408]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [21.4.2009 15:52 64896]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.4.2009 17:56 721904]
S2 gupdate1ca314635ed9e0;Služba Google Update (gupdate1ca314635ed9e0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 14:06 133104]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 12:01]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 12:06]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 12:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-436374069-1801674531-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,a7,e1,14,96,00,b3,dc,5a,7b,09,a1,58,51,84,54,e5,05,53,d9,98,
2b,f4,97,6b,79,9e,da,00,9d,f0,58,03,ca,bf,05,3e,e2,18,b4,5a,dd,fd,4a,10,4a,\
"rkeysecu"=hex:fe,0a,22,57,ae,71,bf,41,ed,02,63,94,76,1a,43,bf
.
Celkový čas: 2010-04-21 20:24:05
ComboFix-quarantined-files.txt 2010-04-21 18:24
Před spuštěním: Volných bajtů: 242 509 524 992
Po spuštění: Volných bajtů: 242 475 212 800
- - End Of File - - 703178C5B1FE939F0A6E8E9B36665E75
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Zpomalený internet - Trojan.ExOptions.Gen
Pokud nemáte, přesuňte Combofix na plochu
- Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.
Kód: Vybrat vše
Folder::
C:\Program Files\ghgfhgfh
- Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
- Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
- Po aplikaci na Vás vypadne další log,vložte ho sem
Re: Zpomalený internet - Trojan.ExOptions.Gen
Provedeno, problém se startem nebyl.
ComboFix 10-04-21.01 - FEARFUL 21.04.2010 21:15:23.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3053 [GMT 2:00]
Spuštěný z: c:\documents and settings\FEARFUL\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\FEARFUL\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ghgfhgfh
c:\program files\ghgfhgfh\bhjh\andie_valentino.wmv
c:\program files\ghgfhgfh\bhjh\angel_dark_2.wmv
c:\program files\ghgfhgfh\bhjh\bree_olson_5.wmv
c:\program files\ghgfhgfh\bhjh\high.wmv
c:\program files\ghgfhgfh\bhjh\krystal_steal_3.wmv
c:\program files\ghgfhgfh\bhjh\low.wmv
c:\program files\ghgfhgfh\bhjh\rychlyprachy19-01.wmv
c:\program files\ghgfhgfh\bhjh\rychlyprachy22-01.wmv
c:\program files\ghgfhgfh\bhjh\rychlyprachy4-01.wmv
c:\program files\ghgfhgfh\bhjh\Thumbs.db
c:\program files\ghgfhgfh\fotky skola\[Originals]\P1291506.jpg
c:\program files\ghgfhgfh\fotky skola\[Originals]\P1291506.jpg.xmp
c:\program files\ghgfhgfh\fotky skola\[Originals]\PA230471.JPG
c:\program files\ghgfhgfh\fotky skola\[Originals]\PA230471.JPG.xmp
c:\program files\ghgfhgfh\fotky skola\06042010150.jpg
c:\program files\ghgfhgfh\fotky skola\13341_103170706368626_100000270916565_83524_1955755_n.jpg
c:\program files\ghgfhgfh\fotky skola\2.JPG
c:\program files\ghgfhgfh\fotky skola\4537_1008714958226_1835535025_14809_3976772_n.jpg
c:\program files\ghgfhgfh\fotky skola\jana I.bmp
c:\program files\ghgfhgfh\fotky skola\P1291506.jpg
c:\program files\ghgfhgfh\fotky skola\PA230471.JPG
c:\program files\ghgfhgfh\fotky skola\PA230520.JPG
c:\program files\ghgfhgfh\fotky skola\PA230522.JPG
c:\program files\ghgfhgfh\fotky skola\Snímek 057.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 058.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 059.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 060.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 061.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 062.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 063.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 064.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 065.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 066.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 067.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 068.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 069.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 070.jpg
c:\program files\ghgfhgfh\fotky skola\Thumbs.db
c:\program files\ghgfhgfh\fotky\PA230463.JPG
c:\program files\ghgfhgfh\fotky\PA230464.JPG
c:\program files\ghgfhgfh\fotky\PA230465.JPG
c:\program files\ghgfhgfh\fotky\PA230466.JPG
c:\program files\ghgfhgfh\fotky\PA230467.JPG
c:\program files\ghgfhgfh\fotky\PA230468.JPG
c:\program files\ghgfhgfh\fotky\PA230469.JPG
c:\program files\ghgfhgfh\fotky\PA230470.JPG
c:\program files\ghgfhgfh\fotky\PA230471.JPG
c:\program files\ghgfhgfh\fotky\PA230472.JPG
c:\program files\ghgfhgfh\fotky\PA230473.JPG
c:\program files\ghgfhgfh\fotky\PA230474.JPG
c:\program files\ghgfhgfh\fotky\PA230475.JPG
c:\program files\ghgfhgfh\fotky\PA230476.JPG
c:\program files\ghgfhgfh\fotky\PA230477.JPG
c:\program files\ghgfhgfh\fotky\PA230478.JPG
c:\program files\ghgfhgfh\fotky\PA230479.JPG
c:\program files\ghgfhgfh\fotky\PA230480.JPG
c:\program files\ghgfhgfh\fotky\PA230481.JPG
c:\program files\ghgfhgfh\fotky\PA230482.JPG
c:\program files\ghgfhgfh\fotky\PA230483.JPG
c:\program files\ghgfhgfh\fotky\PA230484.JPG
c:\program files\ghgfhgfh\fotky\PA230485.JPG
c:\program files\ghgfhgfh\fotky\PA230486.JPG
c:\program files\ghgfhgfh\fotky\PA230487.JPG
c:\program files\ghgfhgfh\fotky\PA230488.JPG
c:\program files\ghgfhgfh\fotky\PA230489.JPG
c:\program files\ghgfhgfh\fotky\PA230490.JPG
c:\program files\ghgfhgfh\fotky\PA230491.JPG
c:\program files\ghgfhgfh\fotky\PA230492.JPG
c:\program files\ghgfhgfh\fotky\PA230493.JPG
c:\program files\ghgfhgfh\fotky\PA230494.JPG
c:\program files\ghgfhgfh\fotky\PA230495.JPG
c:\program files\ghgfhgfh\fotky\PA230496.JPG
c:\program files\ghgfhgfh\fotky\PA230497.JPG
c:\program files\ghgfhgfh\fotky\PA230498.JPG
c:\program files\ghgfhgfh\fotky\PA230499.JPG
c:\program files\ghgfhgfh\fotky\PA230500.JPG
c:\program files\ghgfhgfh\fotky\PA230501.JPG
c:\program files\ghgfhgfh\fotky\PA230502.JPG
c:\program files\ghgfhgfh\fotky\PA230503.JPG
c:\program files\ghgfhgfh\fotky\PA230504.JPG
c:\program files\ghgfhgfh\fotky\PA230505.JPG
c:\program files\ghgfhgfh\fotky\PA230506.JPG
c:\program files\ghgfhgfh\fotky\PA230507.JPG
c:\program files\ghgfhgfh\fotky\PA230508.JPG
c:\program files\ghgfhgfh\fotky\PA230509.JPG
c:\program files\ghgfhgfh\fotky\PA230510.JPG
c:\program files\ghgfhgfh\fotky\PA230511.JPG
c:\program files\ghgfhgfh\fotky\PA230512.JPG
c:\program files\ghgfhgfh\fotky\PA230513.JPG
c:\program files\ghgfhgfh\fotky\PA230514.JPG
c:\program files\ghgfhgfh\fotky\PA230515.JPG
c:\program files\ghgfhgfh\fotky\PA230516.JPG
c:\program files\ghgfhgfh\fotky\PA230517.JPG
c:\program files\ghgfhgfh\fotky\PA230518.JPG
c:\program files\ghgfhgfh\fotky\PA230519.JPG
c:\program files\ghgfhgfh\fotky\PA230520.JPG
c:\program files\ghgfhgfh\fotky\PA230521.JPG
c:\program files\ghgfhgfh\fotky\PA230522.JPG
c:\program files\ghgfhgfh\fotky\PA230523.JPG
c:\program files\ghgfhgfh\fotky\PA230524.JPG
c:\program files\ghgfhgfh\fotky\PA230525.JPG
c:\program files\ghgfhgfh\fotky\PA230526.JPG
c:\program files\ghgfhgfh\fotky\PA230527.JPG
c:\program files\ghgfhgfh\fotky\PA230528.JPG
c:\program files\ghgfhgfh\fotky\PA230529.JPG
c:\program files\ghgfhgfh\fotky\PA230530.JPG
c:\program files\ghgfhgfh\fotky\PA230531.JPG
c:\program files\ghgfhgfh\fotky\PA230532.JPG
c:\program files\ghgfhgfh\fotky\PA230533.JPG
c:\program files\ghgfhgfh\fotky\PA230534.JPG
c:\program files\ghgfhgfh\fotky\PA230535.JPG
c:\program files\ghgfhgfh\fotky\PA230536.JPG
c:\program files\ghgfhgfh\fotky\PA230537.JPG
c:\program files\ghgfhgfh\fotky\PA230538.JPG
c:\program files\ghgfhgfh\fotky\PA230539.JPG
c:\program files\ghgfhgfh\fotky\PA230540.JPG
c:\program files\ghgfhgfh\fotky\PA230541.JPG
c:\program files\ghgfhgfh\fotky\PA230542.JPG
c:\program files\ghgfhgfh\fotky\PA230543.JPG
c:\program files\ghgfhgfh\fotky\PA230544.JPG
c:\program files\ghgfhgfh\fotky\PA230545.JPG
c:\program files\ghgfhgfh\fotky\PA230547.JPG
c:\program files\ghgfhgfh\fotky\PA230548.JPG
c:\program files\ghgfhgfh\fotky\PA230549.JPG
c:\program files\ghgfhgfh\fotky\PA230550.JPG
c:\program files\ghgfhgfh\fotky\PA230551.JPG
c:\program files\ghgfhgfh\fotky\PA230552.JPG
c:\program files\ghgfhgfh\fotky\PA230553.JPG
c:\program files\ghgfhgfh\fotky\PA230554.JPG
c:\program files\ghgfhgfh\fotky\PA230556.JPG
c:\program files\ghgfhgfh\fotky\PA230557.JPG
c:\program files\ghgfhgfh\fotky\PA230558.JPG
c:\program files\ghgfhgfh\fotky\PA230560.JPG
c:\program files\ghgfhgfh\fotky\PA230561.JPG
c:\program files\ghgfhgfh\fotky\PA230562.JPG
c:\program files\ghgfhgfh\fotky\PA230563.JPG
c:\program files\ghgfhgfh\fotky\PA230564.JPG
c:\program files\ghgfhgfh\fotky\Thumbs.db
c:\program files\ghgfhgfh\fotky_sraz\sraz 001.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 002.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 003-uprava.JPG
c:\program files\ghgfhgfh\fotky_sraz\sraz 003.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 004-uprava.JPG
c:\program files\ghgfhgfh\fotky_sraz\sraz 004.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 005-uprava.JPG
c:\program files\ghgfhgfh\fotky_sraz\sraz 005.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 006-uprava.JPG
c:\program files\ghgfhgfh\fotky_sraz\sraz 006.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 007-uprava.JPG
c:\program files\ghgfhgfh\fotky_sraz\sraz 007.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 008.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 009.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 010.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 011.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 012.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 013.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 014.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 015.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 016.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 017.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 018.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 019.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 020.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 021.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 022.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 023.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 024.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 025.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 026.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 027.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 028.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 029.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 030.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 031.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 032.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 033.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 034.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 035.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 036.jpg
c:\program files\ghgfhgfh\fotky_sraz\Thumbs.db
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 001.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 002.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 003.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 004.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 005.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 006.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 007.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 008.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 009.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 010.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 011.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 012.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 013.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 014.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 015.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 016.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 017.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 018.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 019.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 020.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 021.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 022.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 023.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 024.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 025.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 026.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 027.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 028.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 030.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 031.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 032.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 033.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 034.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 036.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 037.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 038.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 039.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 040.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 041.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 042.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 043.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 046.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 047.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 048.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 049.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 050.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 051.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 052.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 053.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 054.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 055.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 056.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 057.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 058.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 059.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 060.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 061.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 062.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 063.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 064.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 065.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 066.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 067.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 068.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 069.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 070.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 071.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 072.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 075.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 076.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 077.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 078.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 079.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 080.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 081.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 082.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 083.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 084.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 085.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 087.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 088.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 089.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 090.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 092.jpg
c:\program files\ghgfhgfh\stuzkovani\Thumbs.db
c:\program files\ghgfhgfh\večírek\P1050433.JPG
c:\program files\ghgfhgfh\večírek\P1050434.JPG
c:\program files\ghgfhgfh\večírek\P1050435.JPG
c:\program files\ghgfhgfh\večírek\P1050436.JPG
c:\program files\ghgfhgfh\večírek\P1050437.JPG
c:\program files\ghgfhgfh\večírek\P1050438.JPG
c:\program files\ghgfhgfh\večírek\P1050439.JPG
c:\program files\ghgfhgfh\večírek\P1050440.JPG
c:\program files\ghgfhgfh\večírek\P1050441.JPG
c:\program files\ghgfhgfh\večírek\P1050442.JPG
c:\program files\ghgfhgfh\večírek\P1050443.JPG
c:\program files\ghgfhgfh\večírek\P1050445.JPG
c:\program files\ghgfhgfh\večírek\P1050446.JPG
c:\program files\ghgfhgfh\večírek\P1050447.JPG
c:\program files\ghgfhgfh\večírek\P1050448.JPG
c:\program files\ghgfhgfh\večírek\P1050449.JPG
c:\program files\ghgfhgfh\večírek\P1050450.JPG
c:\program files\ghgfhgfh\večírek\P1050451.JPG
c:\program files\ghgfhgfh\večírek\P1050452.JPG
c:\program files\ghgfhgfh\večírek\P1050453.JPG
c:\program files\ghgfhgfh\večírek\P1050454.JPG
c:\program files\ghgfhgfh\večírek\P1050455.JPG
c:\program files\ghgfhgfh\večírek\P1050456.JPG
c:\program files\ghgfhgfh\večírek\P1050457.JPG
c:\program files\ghgfhgfh\večírek\P1050458.JPG
c:\program files\ghgfhgfh\večírek\P1050459.JPG
c:\program files\ghgfhgfh\večírek\P1050460.JPG
c:\program files\ghgfhgfh\večírek\P1050461.JPG
c:\program files\ghgfhgfh\večírek\P1050462.JPG
c:\program files\ghgfhgfh\večírek\P1050463.JPG
c:\program files\ghgfhgfh\večírek\P1050464.JPG
c:\program files\ghgfhgfh\večírek\P1050465.JPG
c:\program files\ghgfhgfh\večírek\P1050466.JPG
c:\program files\ghgfhgfh\večírek\P1050467.JPG
c:\program files\ghgfhgfh\večírek\P1050468.JPG
c:\program files\ghgfhgfh\večírek\P1050469.JPG
c:\program files\ghgfhgfh\večírek\P1050470.JPG
c:\program files\ghgfhgfh\večírek\P1050471.JPG
c:\program files\ghgfhgfh\večírek\P1050472.JPG
c:\program files\ghgfhgfh\večírek\P1050473.JPG
c:\program files\ghgfhgfh\večírek\P1050474.JPG
c:\program files\ghgfhgfh\večírek\P1050475.JPG
c:\program files\ghgfhgfh\večírek\P1050476.JPG
c:\program files\ghgfhgfh\večírek\P1050477.JPG
c:\program files\ghgfhgfh\večírek\P1050478.JPG
c:\program files\ghgfhgfh\večírek\P1050479.JPG
c:\program files\ghgfhgfh\večírek\P1050480.JPG
c:\program files\ghgfhgfh\večírek\P1050481.JPG
c:\program files\ghgfhgfh\večírek\P1050482.JPG
c:\program files\ghgfhgfh\večírek\P1050483.JPG
c:\program files\ghgfhgfh\večírek\P1050484.JPG
c:\program files\ghgfhgfh\večírek\P1050486.JPG
c:\program files\ghgfhgfh\večírek\P1050487.JPG
c:\program files\ghgfhgfh\večírek\P1050488.JPG
c:\program files\ghgfhgfh\večírek\P1050489.JPG
c:\program files\ghgfhgfh\večírek\P1050490.JPG
c:\program files\ghgfhgfh\večírek\P1050491.JPG
c:\program files\ghgfhgfh\večírek\P1050492.JPG
c:\program files\ghgfhgfh\večírek\P1050493.JPG
c:\program files\ghgfhgfh\večírek\P1050494.JPG
c:\program files\ghgfhgfh\večírek\P1050495.JPG
c:\program files\ghgfhgfh\večírek\P1050496.JPG
c:\program files\ghgfhgfh\večírek\P1050497.JPG
c:\program files\ghgfhgfh\večírek\P1050498.JPG
c:\program files\ghgfhgfh\večírek\P1050499.JPG
c:\program files\ghgfhgfh\večírek\P1050500.JPG
c:\program files\ghgfhgfh\večírek\P1050501.JPG
c:\program files\ghgfhgfh\večírek\P1050502.JPG
c:\program files\ghgfhgfh\večírek\P1050503.JPG
c:\program files\ghgfhgfh\večírek\P1050504.JPG
c:\program files\ghgfhgfh\večírek\P1050505.JPG
c:\program files\ghgfhgfh\večírek\P1050506.JPG
c:\program files\ghgfhgfh\večírek\P1050507.JPG
c:\program files\ghgfhgfh\večírek\P1050508.JPG
c:\program files\ghgfhgfh\večírek\P1050509.JPG
c:\program files\ghgfhgfh\večírek\P1050511.JPG
c:\program files\ghgfhgfh\večírek\P1050512.JPG
c:\program files\ghgfhgfh\večírek\P1050513.JPG
c:\program files\ghgfhgfh\večírek\P1050514.JPG
c:\program files\ghgfhgfh\večírek\P1050515.JPG
c:\program files\ghgfhgfh\večírek\P1050516.JPG
c:\program files\ghgfhgfh\večírek\P1050517.JPG
c:\program files\ghgfhgfh\večírek\P1050518.JPG
c:\program files\ghgfhgfh\večírek\P1050519.JPG
c:\program files\ghgfhgfh\večírek\P1050520.JPG
c:\program files\ghgfhgfh\večírek\P1050521.JPG
c:\program files\ghgfhgfh\večírek\P1050522.JPG
c:\program files\ghgfhgfh\večírek\P1050523.JPG
c:\program files\ghgfhgfh\večírek\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-21 do 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-21 18:26 . 2010-04-21 19:00 -------- d-----w- c:\windows\LastGood
2010-04-21 16:47 . 2010-04-21 16:47 -------- d-----w- C:\_OTL
2010-04-21 15:57 . 2010-04-21 16:05 -------- d-----w- c:\program files\trend micro
2010-04-21 15:57 . 2010-04-21 15:57 -------- d-----w- C:\rsit
2010-04-20 19:49 . 2010-04-20 19:58 -------- d-----w- c:\program files\Crawler
2010-04-20 17:04 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 17:04 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 17:04 . 2010-04-20 17:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 15:03 . 2010-04-20 15:03 -------- d-----w- c:\program files\CCleaner
2010-03-31 08:00 . 2010-03-31 08:00 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-31 07:57 . 2010-03-31 08:01 -------- d-----w- c:\program files\ICQ7.1
2010-03-24 18:11 . 2009-11-23 23:53 245032 ------w- c:\windows\system32\Touch_Tablet.dll
2010-03-24 18:11 . 2010-03-24 18:11 -------- d-----w- c:\program files\WTouch
2010-03-24 18:11 . 2010-03-24 18:11 -------- d-----w- c:\program files\TabletPlugins
2010-03-24 18:03 . 2007-02-16 18:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-03-24 18:03 . 2009-05-20 18:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-03-24 18:02 . 2010-03-24 18:11 -------- d-----w- c:\windows\system32\WTablet
2010-03-24 18:02 . 2009-11-23 23:53 416040 ----a-w- c:\windows\system32\Pen_Tablet.dll
2010-03-24 18:02 . 2009-11-23 20:16 284160 ------w- c:\windows\system32\Wintab32.dll
2010-03-24 18:02 . 2009-11-23 23:53 4497704 ----a-w- c:\windows\system32\Pen_Tablet.exe
2010-03-24 18:02 . 2010-03-24 18:11 -------- d-----w- c:\program files\Tablet
2010-03-24 16:36 . 2010-03-24 16:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-24 16:36 . 2010-04-21 18:26 -------- d-----w- c:\program files\Spyware Terminator
2010-03-24 13:04 . 2010-03-24 13:08 -------- d-----w- c:\program files\Inkscape
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 16:47 . 2001-10-25 12:00 502954 ----a-w- c:\windows\system32\perfh005.dat
2010-04-21 16:47 . 2001-10-25 12:00 107350 ----a-w- c:\windows\system32\perfc005.dat
2010-04-20 15:28 . 2009-04-25 09:54 -------- d-----w- c:\program files\BitLord
2010-04-14 14:27 . 2009-09-09 12:01 -------- d-----w- c:\program files\Google
2010-04-12 20:35 . 2009-08-25 23:31 -------- d-----w- c:\program files\FlashGet
2010-04-02 21:27 . 2009-11-16 21:34 -------- d-----w- c:\program files\blender-2.49b-windows
2010-03-31 08:00 . 2009-04-21 13:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 11:41 . 2009-05-15 15:49 132153 ----a-w- c:\windows\War3Unin.dat
2010-02-25 19:18 . 2010-02-25 19:18 -------- d-----w- c:\program files\Zoner
2010-02-25 19:17 . 2009-04-21 15:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-25 16:56 . 2010-02-25 16:56 -------- d-----w- c:\program files\Active GIF Creator 2.23
2010-02-22 12:10 . 2010-02-22 11:50 -------- d-----w- c:\program files\cygwin
.
((((((((((((((((((((((((((((( SnapShot@2010-04-21_18.23.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-21 19:00 . 2010-03-09 08:13 95872 c:\windows\LastGood\system32\DRIVERS\epfwtdir.sys
+ 2010-04-21 19:00 . 2010-03-09 08:13 114984 c:\windows\LastGood\system32\DRIVERS\ehdrv.sys
+ 2010-04-21 19:00 . 2010-03-09 08:11 139192 c:\windows\LastGood\system32\DRIVERS\eamon.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2010-01-14 20:52 2166296 ----a-w- c:\program files\TorrentMan\tbTor0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-24 3037696]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-03-31 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-14 2176512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Hry\\World of Warcraft\\Launcher.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Stronghold\\Stronghold Crusader.exe"=
"c:\\Hry\\Diablo II\\Diablo II.exe"=
"c:\\Hry\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Hry\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Hry\\Encore\\Europa 1400 - Gold Edition\\Europa1400Gold_TL.exe"=
"c:\\Hry\\Encore\\Europa 1400 - Gold Edition\\Europa1400Gold.exe"=
"c:\\Hry\\UT2004\\System\\UT2004.exe"=
"c:\\Hry\\1C\\RC Cars\\RCCARS.EXE"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Port Royale\\PortRoyale.exe"=
"c:\\Hry\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Hry\\CGN\\Re-Volt\\REVOLT.EXE"=
"c:\\Hry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Hry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Hry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Hry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Hry\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Hry\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"c:\\Hry\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-enGB-downloader.exe"=
"c:\\Hry\\TrackMania United\\TmUnited.exe"=
"c:\\Hry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\LuxRender\\luxconsole.exe"=
"c:\\Hry\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Hry\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Age of Mythology\\aomx.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Age of Mythology\\aom.exe"=
"c:\\Documents and Settings\\FEARFUL\\Local Settings\\Apps\\2.0\\T3N1ZNG9.VWC\\PD9V5ZB8.0B0\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [18.5.2007 21:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [18.5.2007 21:52 55160]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24.3.2010 18:36 142592]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 13:27 1074568]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31.3.2010 10:00 246520]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [24.3.2010 20:02 4497704]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [24.3.2010 20:11 113448]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [21.4.2009 15:59 65408]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [21.4.2009 15:52 64896]
R4 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.4.2009 17:56 721904]
S2 gupdate1ca314635ed9e0;Služba Google Update (gupdate1ca314635ed9e0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 14:06 133104]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 12:01]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 12:06]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 12:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: {5B55FCC5-ED07-441D-8ECF-73C106CCEA40} = 160.218.10.200 160.218.43.200
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 21:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-436374069-1801674531-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,a7,e1,14,96,00,b3,dc,5a,7b,09,a1,58,51,84,54,e5,05,53,d9,98,
2b,f4,97,6b,79,9e,da,00,9d,f0,58,03,ca,bf,05,3e,e2,18,b4,5a,dd,fd,4a,10,4a,\
"rkeysecu"=hex:fe,0a,22,57,ae,71,bf,41,ed,02,63,94,76,1a,43,bf
.
Celkový čas: 2010-04-21 21:18:37
ComboFix-quarantined-files.txt 2010-04-21 19:18
ComboFix2.txt 2010-04-21 18:24
Před spuštěním: Volných bajtů: 242 273 034 240
Po spuštění: Volných bajtů: 242 239 492 096
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - CADE65BF0C561A303210EE20FEE1B67F
ComboFix 10-04-21.01 - FEARFUL 21.04.2010 21:15:23.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3053 [GMT 2:00]
Spuštěný z: c:\documents and settings\FEARFUL\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\FEARFUL\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ghgfhgfh
c:\program files\ghgfhgfh\bhjh\andie_valentino.wmv
c:\program files\ghgfhgfh\bhjh\angel_dark_2.wmv
c:\program files\ghgfhgfh\bhjh\bree_olson_5.wmv
c:\program files\ghgfhgfh\bhjh\high.wmv
c:\program files\ghgfhgfh\bhjh\krystal_steal_3.wmv
c:\program files\ghgfhgfh\bhjh\low.wmv
c:\program files\ghgfhgfh\bhjh\rychlyprachy19-01.wmv
c:\program files\ghgfhgfh\bhjh\rychlyprachy22-01.wmv
c:\program files\ghgfhgfh\bhjh\rychlyprachy4-01.wmv
c:\program files\ghgfhgfh\bhjh\Thumbs.db
c:\program files\ghgfhgfh\fotky skola\[Originals]\P1291506.jpg
c:\program files\ghgfhgfh\fotky skola\[Originals]\P1291506.jpg.xmp
c:\program files\ghgfhgfh\fotky skola\[Originals]\PA230471.JPG
c:\program files\ghgfhgfh\fotky skola\[Originals]\PA230471.JPG.xmp
c:\program files\ghgfhgfh\fotky skola\06042010150.jpg
c:\program files\ghgfhgfh\fotky skola\13341_103170706368626_100000270916565_83524_1955755_n.jpg
c:\program files\ghgfhgfh\fotky skola\2.JPG
c:\program files\ghgfhgfh\fotky skola\4537_1008714958226_1835535025_14809_3976772_n.jpg
c:\program files\ghgfhgfh\fotky skola\jana I.bmp
c:\program files\ghgfhgfh\fotky skola\P1291506.jpg
c:\program files\ghgfhgfh\fotky skola\PA230471.JPG
c:\program files\ghgfhgfh\fotky skola\PA230520.JPG
c:\program files\ghgfhgfh\fotky skola\PA230522.JPG
c:\program files\ghgfhgfh\fotky skola\Snímek 057.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 058.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 059.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 060.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 061.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 062.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 063.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 064.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 065.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 066.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 067.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 068.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 069.jpg
c:\program files\ghgfhgfh\fotky skola\Snímek 070.jpg
c:\program files\ghgfhgfh\fotky skola\Thumbs.db
c:\program files\ghgfhgfh\fotky\PA230463.JPG
c:\program files\ghgfhgfh\fotky\PA230464.JPG
c:\program files\ghgfhgfh\fotky\PA230465.JPG
c:\program files\ghgfhgfh\fotky\PA230466.JPG
c:\program files\ghgfhgfh\fotky\PA230467.JPG
c:\program files\ghgfhgfh\fotky\PA230468.JPG
c:\program files\ghgfhgfh\fotky\PA230469.JPG
c:\program files\ghgfhgfh\fotky\PA230470.JPG
c:\program files\ghgfhgfh\fotky\PA230471.JPG
c:\program files\ghgfhgfh\fotky\PA230472.JPG
c:\program files\ghgfhgfh\fotky\PA230473.JPG
c:\program files\ghgfhgfh\fotky\PA230474.JPG
c:\program files\ghgfhgfh\fotky\PA230475.JPG
c:\program files\ghgfhgfh\fotky\PA230476.JPG
c:\program files\ghgfhgfh\fotky\PA230477.JPG
c:\program files\ghgfhgfh\fotky\PA230478.JPG
c:\program files\ghgfhgfh\fotky\PA230479.JPG
c:\program files\ghgfhgfh\fotky\PA230480.JPG
c:\program files\ghgfhgfh\fotky\PA230481.JPG
c:\program files\ghgfhgfh\fotky\PA230482.JPG
c:\program files\ghgfhgfh\fotky\PA230483.JPG
c:\program files\ghgfhgfh\fotky\PA230484.JPG
c:\program files\ghgfhgfh\fotky\PA230485.JPG
c:\program files\ghgfhgfh\fotky\PA230486.JPG
c:\program files\ghgfhgfh\fotky\PA230487.JPG
c:\program files\ghgfhgfh\fotky\PA230488.JPG
c:\program files\ghgfhgfh\fotky\PA230489.JPG
c:\program files\ghgfhgfh\fotky\PA230490.JPG
c:\program files\ghgfhgfh\fotky\PA230491.JPG
c:\program files\ghgfhgfh\fotky\PA230492.JPG
c:\program files\ghgfhgfh\fotky\PA230493.JPG
c:\program files\ghgfhgfh\fotky\PA230494.JPG
c:\program files\ghgfhgfh\fotky\PA230495.JPG
c:\program files\ghgfhgfh\fotky\PA230496.JPG
c:\program files\ghgfhgfh\fotky\PA230497.JPG
c:\program files\ghgfhgfh\fotky\PA230498.JPG
c:\program files\ghgfhgfh\fotky\PA230499.JPG
c:\program files\ghgfhgfh\fotky\PA230500.JPG
c:\program files\ghgfhgfh\fotky\PA230501.JPG
c:\program files\ghgfhgfh\fotky\PA230502.JPG
c:\program files\ghgfhgfh\fotky\PA230503.JPG
c:\program files\ghgfhgfh\fotky\PA230504.JPG
c:\program files\ghgfhgfh\fotky\PA230505.JPG
c:\program files\ghgfhgfh\fotky\PA230506.JPG
c:\program files\ghgfhgfh\fotky\PA230507.JPG
c:\program files\ghgfhgfh\fotky\PA230508.JPG
c:\program files\ghgfhgfh\fotky\PA230509.JPG
c:\program files\ghgfhgfh\fotky\PA230510.JPG
c:\program files\ghgfhgfh\fotky\PA230511.JPG
c:\program files\ghgfhgfh\fotky\PA230512.JPG
c:\program files\ghgfhgfh\fotky\PA230513.JPG
c:\program files\ghgfhgfh\fotky\PA230514.JPG
c:\program files\ghgfhgfh\fotky\PA230515.JPG
c:\program files\ghgfhgfh\fotky\PA230516.JPG
c:\program files\ghgfhgfh\fotky\PA230517.JPG
c:\program files\ghgfhgfh\fotky\PA230518.JPG
c:\program files\ghgfhgfh\fotky\PA230519.JPG
c:\program files\ghgfhgfh\fotky\PA230520.JPG
c:\program files\ghgfhgfh\fotky\PA230521.JPG
c:\program files\ghgfhgfh\fotky\PA230522.JPG
c:\program files\ghgfhgfh\fotky\PA230523.JPG
c:\program files\ghgfhgfh\fotky\PA230524.JPG
c:\program files\ghgfhgfh\fotky\PA230525.JPG
c:\program files\ghgfhgfh\fotky\PA230526.JPG
c:\program files\ghgfhgfh\fotky\PA230527.JPG
c:\program files\ghgfhgfh\fotky\PA230528.JPG
c:\program files\ghgfhgfh\fotky\PA230529.JPG
c:\program files\ghgfhgfh\fotky\PA230530.JPG
c:\program files\ghgfhgfh\fotky\PA230531.JPG
c:\program files\ghgfhgfh\fotky\PA230532.JPG
c:\program files\ghgfhgfh\fotky\PA230533.JPG
c:\program files\ghgfhgfh\fotky\PA230534.JPG
c:\program files\ghgfhgfh\fotky\PA230535.JPG
c:\program files\ghgfhgfh\fotky\PA230536.JPG
c:\program files\ghgfhgfh\fotky\PA230537.JPG
c:\program files\ghgfhgfh\fotky\PA230538.JPG
c:\program files\ghgfhgfh\fotky\PA230539.JPG
c:\program files\ghgfhgfh\fotky\PA230540.JPG
c:\program files\ghgfhgfh\fotky\PA230541.JPG
c:\program files\ghgfhgfh\fotky\PA230542.JPG
c:\program files\ghgfhgfh\fotky\PA230543.JPG
c:\program files\ghgfhgfh\fotky\PA230544.JPG
c:\program files\ghgfhgfh\fotky\PA230545.JPG
c:\program files\ghgfhgfh\fotky\PA230547.JPG
c:\program files\ghgfhgfh\fotky\PA230548.JPG
c:\program files\ghgfhgfh\fotky\PA230549.JPG
c:\program files\ghgfhgfh\fotky\PA230550.JPG
c:\program files\ghgfhgfh\fotky\PA230551.JPG
c:\program files\ghgfhgfh\fotky\PA230552.JPG
c:\program files\ghgfhgfh\fotky\PA230553.JPG
c:\program files\ghgfhgfh\fotky\PA230554.JPG
c:\program files\ghgfhgfh\fotky\PA230556.JPG
c:\program files\ghgfhgfh\fotky\PA230557.JPG
c:\program files\ghgfhgfh\fotky\PA230558.JPG
c:\program files\ghgfhgfh\fotky\PA230560.JPG
c:\program files\ghgfhgfh\fotky\PA230561.JPG
c:\program files\ghgfhgfh\fotky\PA230562.JPG
c:\program files\ghgfhgfh\fotky\PA230563.JPG
c:\program files\ghgfhgfh\fotky\PA230564.JPG
c:\program files\ghgfhgfh\fotky\Thumbs.db
c:\program files\ghgfhgfh\fotky_sraz\sraz 001.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 002.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 003-uprava.JPG
c:\program files\ghgfhgfh\fotky_sraz\sraz 003.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 004-uprava.JPG
c:\program files\ghgfhgfh\fotky_sraz\sraz 004.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 005-uprava.JPG
c:\program files\ghgfhgfh\fotky_sraz\sraz 005.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 006-uprava.JPG
c:\program files\ghgfhgfh\fotky_sraz\sraz 006.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 007-uprava.JPG
c:\program files\ghgfhgfh\fotky_sraz\sraz 007.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 008.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 009.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 010.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 011.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 012.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 013.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 014.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 015.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 016.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 017.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 018.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 019.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 020.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 021.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 022.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 023.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 024.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 025.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 026.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 027.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 028.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 029.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 030.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 031.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 032.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 033.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 034.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 035.jpg
c:\program files\ghgfhgfh\fotky_sraz\sraz 036.jpg
c:\program files\ghgfhgfh\fotky_sraz\Thumbs.db
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 001.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 002.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 003.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 004.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 005.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 006.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 007.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 008.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 009.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 010.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 011.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 012.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 013.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 014.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 015.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 016.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 017.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 018.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 019.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 020.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 021.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 022.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 023.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 024.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 025.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 026.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 027.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 028.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 030.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 031.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 032.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 033.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 034.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 036.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 037.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 038.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 039.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 040.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 041.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 042.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 043.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 046.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 047.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 048.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 049.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 050.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 051.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 052.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 053.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 054.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 055.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 056.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 057.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 058.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 059.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 060.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 061.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 062.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 063.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 064.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 065.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 066.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 067.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 068.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 069.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 070.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 071.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 072.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 075.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 076.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 077.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 078.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 079.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 080.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 081.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 082.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 083.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 084.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 085.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 087.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 088.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 089.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 090.jpg
c:\program files\ghgfhgfh\stuzkovani\stužkování 09 092.jpg
c:\program files\ghgfhgfh\stuzkovani\Thumbs.db
c:\program files\ghgfhgfh\večírek\P1050433.JPG
c:\program files\ghgfhgfh\večírek\P1050434.JPG
c:\program files\ghgfhgfh\večírek\P1050435.JPG
c:\program files\ghgfhgfh\večírek\P1050436.JPG
c:\program files\ghgfhgfh\večírek\P1050437.JPG
c:\program files\ghgfhgfh\večírek\P1050438.JPG
c:\program files\ghgfhgfh\večírek\P1050439.JPG
c:\program files\ghgfhgfh\večírek\P1050440.JPG
c:\program files\ghgfhgfh\večírek\P1050441.JPG
c:\program files\ghgfhgfh\večírek\P1050442.JPG
c:\program files\ghgfhgfh\večírek\P1050443.JPG
c:\program files\ghgfhgfh\večírek\P1050445.JPG
c:\program files\ghgfhgfh\večírek\P1050446.JPG
c:\program files\ghgfhgfh\večírek\P1050447.JPG
c:\program files\ghgfhgfh\večírek\P1050448.JPG
c:\program files\ghgfhgfh\večírek\P1050449.JPG
c:\program files\ghgfhgfh\večírek\P1050450.JPG
c:\program files\ghgfhgfh\večírek\P1050451.JPG
c:\program files\ghgfhgfh\večírek\P1050452.JPG
c:\program files\ghgfhgfh\večírek\P1050453.JPG
c:\program files\ghgfhgfh\večírek\P1050454.JPG
c:\program files\ghgfhgfh\večírek\P1050455.JPG
c:\program files\ghgfhgfh\večírek\P1050456.JPG
c:\program files\ghgfhgfh\večírek\P1050457.JPG
c:\program files\ghgfhgfh\večírek\P1050458.JPG
c:\program files\ghgfhgfh\večírek\P1050459.JPG
c:\program files\ghgfhgfh\večírek\P1050460.JPG
c:\program files\ghgfhgfh\večírek\P1050461.JPG
c:\program files\ghgfhgfh\večírek\P1050462.JPG
c:\program files\ghgfhgfh\večírek\P1050463.JPG
c:\program files\ghgfhgfh\večírek\P1050464.JPG
c:\program files\ghgfhgfh\večírek\P1050465.JPG
c:\program files\ghgfhgfh\večírek\P1050466.JPG
c:\program files\ghgfhgfh\večírek\P1050467.JPG
c:\program files\ghgfhgfh\večírek\P1050468.JPG
c:\program files\ghgfhgfh\večírek\P1050469.JPG
c:\program files\ghgfhgfh\večírek\P1050470.JPG
c:\program files\ghgfhgfh\večírek\P1050471.JPG
c:\program files\ghgfhgfh\večírek\P1050472.JPG
c:\program files\ghgfhgfh\večírek\P1050473.JPG
c:\program files\ghgfhgfh\večírek\P1050474.JPG
c:\program files\ghgfhgfh\večírek\P1050475.JPG
c:\program files\ghgfhgfh\večírek\P1050476.JPG
c:\program files\ghgfhgfh\večírek\P1050477.JPG
c:\program files\ghgfhgfh\večírek\P1050478.JPG
c:\program files\ghgfhgfh\večírek\P1050479.JPG
c:\program files\ghgfhgfh\večírek\P1050480.JPG
c:\program files\ghgfhgfh\večírek\P1050481.JPG
c:\program files\ghgfhgfh\večírek\P1050482.JPG
c:\program files\ghgfhgfh\večírek\P1050483.JPG
c:\program files\ghgfhgfh\večírek\P1050484.JPG
c:\program files\ghgfhgfh\večírek\P1050486.JPG
c:\program files\ghgfhgfh\večírek\P1050487.JPG
c:\program files\ghgfhgfh\večírek\P1050488.JPG
c:\program files\ghgfhgfh\večírek\P1050489.JPG
c:\program files\ghgfhgfh\večírek\P1050490.JPG
c:\program files\ghgfhgfh\večírek\P1050491.JPG
c:\program files\ghgfhgfh\večírek\P1050492.JPG
c:\program files\ghgfhgfh\večírek\P1050493.JPG
c:\program files\ghgfhgfh\večírek\P1050494.JPG
c:\program files\ghgfhgfh\večírek\P1050495.JPG
c:\program files\ghgfhgfh\večírek\P1050496.JPG
c:\program files\ghgfhgfh\večírek\P1050497.JPG
c:\program files\ghgfhgfh\večírek\P1050498.JPG
c:\program files\ghgfhgfh\večírek\P1050499.JPG
c:\program files\ghgfhgfh\večírek\P1050500.JPG
c:\program files\ghgfhgfh\večírek\P1050501.JPG
c:\program files\ghgfhgfh\večírek\P1050502.JPG
c:\program files\ghgfhgfh\večírek\P1050503.JPG
c:\program files\ghgfhgfh\večírek\P1050504.JPG
c:\program files\ghgfhgfh\večírek\P1050505.JPG
c:\program files\ghgfhgfh\večírek\P1050506.JPG
c:\program files\ghgfhgfh\večírek\P1050507.JPG
c:\program files\ghgfhgfh\večírek\P1050508.JPG
c:\program files\ghgfhgfh\večírek\P1050509.JPG
c:\program files\ghgfhgfh\večírek\P1050511.JPG
c:\program files\ghgfhgfh\večírek\P1050512.JPG
c:\program files\ghgfhgfh\večírek\P1050513.JPG
c:\program files\ghgfhgfh\večírek\P1050514.JPG
c:\program files\ghgfhgfh\večírek\P1050515.JPG
c:\program files\ghgfhgfh\večírek\P1050516.JPG
c:\program files\ghgfhgfh\večírek\P1050517.JPG
c:\program files\ghgfhgfh\večírek\P1050518.JPG
c:\program files\ghgfhgfh\večírek\P1050519.JPG
c:\program files\ghgfhgfh\večírek\P1050520.JPG
c:\program files\ghgfhgfh\večírek\P1050521.JPG
c:\program files\ghgfhgfh\večírek\P1050522.JPG
c:\program files\ghgfhgfh\večírek\P1050523.JPG
c:\program files\ghgfhgfh\večírek\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-21 do 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-21 18:26 . 2010-04-21 19:00 -------- d-----w- c:\windows\LastGood
2010-04-21 16:47 . 2010-04-21 16:47 -------- d-----w- C:\_OTL
2010-04-21 15:57 . 2010-04-21 16:05 -------- d-----w- c:\program files\trend micro
2010-04-21 15:57 . 2010-04-21 15:57 -------- d-----w- C:\rsit
2010-04-20 19:49 . 2010-04-20 19:58 -------- d-----w- c:\program files\Crawler
2010-04-20 17:04 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 17:04 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 17:04 . 2010-04-20 17:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 15:03 . 2010-04-20 15:03 -------- d-----w- c:\program files\CCleaner
2010-03-31 08:00 . 2010-03-31 08:00 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-31 07:57 . 2010-03-31 08:01 -------- d-----w- c:\program files\ICQ7.1
2010-03-24 18:11 . 2009-11-23 23:53 245032 ------w- c:\windows\system32\Touch_Tablet.dll
2010-03-24 18:11 . 2010-03-24 18:11 -------- d-----w- c:\program files\WTouch
2010-03-24 18:11 . 2010-03-24 18:11 -------- d-----w- c:\program files\TabletPlugins
2010-03-24 18:03 . 2007-02-16 18:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-03-24 18:03 . 2009-05-20 18:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-03-24 18:02 . 2010-03-24 18:11 -------- d-----w- c:\windows\system32\WTablet
2010-03-24 18:02 . 2009-11-23 23:53 416040 ----a-w- c:\windows\system32\Pen_Tablet.dll
2010-03-24 18:02 . 2009-11-23 20:16 284160 ------w- c:\windows\system32\Wintab32.dll
2010-03-24 18:02 . 2009-11-23 23:53 4497704 ----a-w- c:\windows\system32\Pen_Tablet.exe
2010-03-24 18:02 . 2010-03-24 18:11 -------- d-----w- c:\program files\Tablet
2010-03-24 16:36 . 2010-03-24 16:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-24 16:36 . 2010-04-21 18:26 -------- d-----w- c:\program files\Spyware Terminator
2010-03-24 13:04 . 2010-03-24 13:08 -------- d-----w- c:\program files\Inkscape
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 16:47 . 2001-10-25 12:00 502954 ----a-w- c:\windows\system32\perfh005.dat
2010-04-21 16:47 . 2001-10-25 12:00 107350 ----a-w- c:\windows\system32\perfc005.dat
2010-04-20 15:28 . 2009-04-25 09:54 -------- d-----w- c:\program files\BitLord
2010-04-14 14:27 . 2009-09-09 12:01 -------- d-----w- c:\program files\Google
2010-04-12 20:35 . 2009-08-25 23:31 -------- d-----w- c:\program files\FlashGet
2010-04-02 21:27 . 2009-11-16 21:34 -------- d-----w- c:\program files\blender-2.49b-windows
2010-03-31 08:00 . 2009-04-21 13:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 11:41 . 2009-05-15 15:49 132153 ----a-w- c:\windows\War3Unin.dat
2010-02-25 19:18 . 2010-02-25 19:18 -------- d-----w- c:\program files\Zoner
2010-02-25 19:17 . 2009-04-21 15:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-25 16:56 . 2010-02-25 16:56 -------- d-----w- c:\program files\Active GIF Creator 2.23
2010-02-22 12:10 . 2010-02-22 11:50 -------- d-----w- c:\program files\cygwin
.
((((((((((((((((((((((((((((( SnapShot@2010-04-21_18.23.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-21 19:00 . 2010-03-09 08:13 95872 c:\windows\LastGood\system32\DRIVERS\epfwtdir.sys
+ 2010-04-21 19:00 . 2010-03-09 08:13 114984 c:\windows\LastGood\system32\DRIVERS\ehdrv.sys
+ 2010-04-21 19:00 . 2010-03-09 08:11 139192 c:\windows\LastGood\system32\DRIVERS\eamon.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2010-01-14 20:52 2166296 ----a-w- c:\program files\TorrentMan\tbTor0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2010-01-14 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-24 3037696]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-03-31 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-14 2176512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Hry\\World of Warcraft\\Launcher.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Stronghold\\Stronghold Crusader.exe"=
"c:\\Hry\\Diablo II\\Diablo II.exe"=
"c:\\Hry\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Hry\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Hry\\Encore\\Europa 1400 - Gold Edition\\Europa1400Gold_TL.exe"=
"c:\\Hry\\Encore\\Europa 1400 - Gold Edition\\Europa1400Gold.exe"=
"c:\\Hry\\UT2004\\System\\UT2004.exe"=
"c:\\Hry\\1C\\RC Cars\\RCCARS.EXE"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Port Royale\\PortRoyale.exe"=
"c:\\Hry\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Hry\\CGN\\Re-Volt\\REVOLT.EXE"=
"c:\\Hry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Hry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Hry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Hry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Hry\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Hry\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"c:\\Hry\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-enGB-downloader.exe"=
"c:\\Hry\\TrackMania United\\TmUnited.exe"=
"c:\\Hry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\LuxRender\\luxconsole.exe"=
"c:\\Hry\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Hry\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Age of Mythology\\aomx.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Hry\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Documents and Settings\\FEARFUL\\Plocha\\Age of Mythology\\aom.exe"=
"c:\\Documents and Settings\\FEARFUL\\Local Settings\\Apps\\2.0\\T3N1ZNG9.VWC\\PD9V5ZB8.0B0\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [18.5.2007 21:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [18.5.2007 21:52 55160]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24.3.2010 18:36 142592]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 13:27 1074568]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31.3.2010 10:00 246520]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [24.3.2010 20:02 4497704]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [24.3.2010 20:11 113448]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [21.4.2009 15:59 65408]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [21.4.2009 15:52 64896]
R4 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.4.2009 17:56 721904]
S2 gupdate1ca314635ed9e0;Služba Google Update (gupdate1ca314635ed9e0);c:\program files\Google\Update\GoogleUpdate.exe [9.9.2009 14:06 133104]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 12:01]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 12:06]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 12:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: {5B55FCC5-ED07-441D-8ECF-73C106CCEA40} = 160.218.10.200 160.218.43.200
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\FEARFUL\Data aplikací\Mozilla\Firefox\Profiles\f15exube.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 21:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-436374069-1801674531-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,a7,e1,14,96,00,b3,dc,5a,7b,09,a1,58,51,84,54,e5,05,53,d9,98,
2b,f4,97,6b,79,9e,da,00,9d,f0,58,03,ca,bf,05,3e,e2,18,b4,5a,dd,fd,4a,10,4a,\
"rkeysecu"=hex:fe,0a,22,57,ae,71,bf,41,ed,02,63,94,76,1a,43,bf
.
Celkový čas: 2010-04-21 21:18:37
ComboFix-quarantined-files.txt 2010-04-21 19:18
ComboFix2.txt 2010-04-21 18:24
Před spuštěním: Volných bajtů: 242 273 034 240
Po spuštění: Volných bajtů: 242 239 492 096
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - CADE65BF0C561A303210EE20FEE1B67F
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Zpomalený internet - Trojan.ExOptions.Gen
Složku c:\program files\ghgfhgfh znáte 
Chcete ji obnovit
Chcete ji obnovit 
Přispějete na provoz fóra?