Preventívna Kontrola

Zpráva

P.Varga · #1 Příspěvek od **P.Varga** » 12 črc 2010 08:40

Logfile of random's system information tool 1.08 (written by random/random)
Run by Varga at 2010-07-12 09:33:59
Microsoft Windows 7 Ultimate
System drive C: has 2000 MB (2%) free of 100 GB
Total RAM: 4096 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:34:14, on 12. 7. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\JetAudio\JetAudio.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Varga.exe
C:\Users\Varga\AppData\winupdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WebIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WebIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E52EE745-7A6C-490F-9686-BDBA8676D162} (CVServerObject Object) - http://poulain.italp.qc.ca/VideoServer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASWLSVC - Unknown owner - C:\Windows\SysWOW64\ASWLSVC.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files (x86)\Uniblue\DiskRescue\UBDiskRescueSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10411 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k iissvcs
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
"C:\Program Files\TortoiseSVN\bin\TSVNCache.exe"
"C:\Program Files\WinFast\WFDTV\DTVSchdl.exe"
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\JetAudio\JetAudio.exe" /tempplay "C:\Users\Varga\AppData\Local\Temp\$jadtmp$.pls"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1596 CREDAT:14344
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1596 CREDAT:14355
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3529117251-1704060926-2748439740-10015_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3529117251-1704060926-2748439740-10015 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1596 CREDAT:14368
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1596 CREDAT:14376
"C:\Users\Varga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5JALRNN\RSITx64[1].exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Uniblue DiskRescue 2009.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WebIE.dll [2010-06-11 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WebIE.dll [2010-06-11 503808]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2008-12-11 6952480]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2008-12-11 1833504]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-03-24 2839840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-06-09 2920448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adelaide]
C:\windows\tamara64\adelaide.lnk []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\Windows\mHotkey.exe [2007-01-17 550912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Center]
C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe [2006-03-02 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\esperance]
C:\windows\tamara64\esperance.bat []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-06-09 2920448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2010-06-09 101888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
C:\PROGRA~2\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Varga^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
C:\Users\Varga\Desktop\ICo\AC Web Ultimate Repack\Server\mysql\bin\winmysqladmin.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2009-07-27 180224]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2010-06-09 101888]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-03-18 275360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=1
"NoResolveSearch"=1
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\PCNetSoftware\RAC Server\RACs.exe"="C:\Program Files (x86)\PCNetSoftware\RAC Server\RACs.exe:*:Enabled:Remote Administrator Control Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-12 09:34:00 ----D---- C:\Program Files\trend micro
2010-07-11 10:38:58 ----AD---- C:\Windows\rundll16.exe
2010-07-11 10:38:58 ----AD---- C:\Windows\logo1_.exe
2010-07-11 09:59:14 ----A---- C:\Windows\ntbtlog.txt
2010-07-11 09:50:39 ----D---- C:\ProgramData\COMODO
2010-07-11 09:48:36 ----D---- C:\Program Files\COMODO
2010-07-11 09:47:26 ----D---- C:\ProgramData\Comodo Downloader
2010-07-10 23:05:10 ----A---- C:\Windows\SYSWOW64\unicows.dll
2010-07-10 23:04:50 ----A---- C:\Windows\SYSWOW64\drivers\ULCDRHlp.sys
2010-07-10 23:02:33 ----A---- C:\Windows\SYSWOW64\Dvbpws.dll
2010-07-09 16:38:47 ----D---- C:\ProgramData\CyberLink
2010-07-09 16:38:32 ----D---- C:\Program Files (x86)\CyberLink
2010-07-09 15:01:27 ----D---- C:\Program Files (x86)\AMD
2010-07-09 15:00:34 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2010-07-09 15:00:34 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2010-07-09 15:00:34 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-07-09 15:00:34 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-07-09 15:00:31 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2010-07-09 15:00:31 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-07-07 14:35:45 ----D---- C:\Users\Varga\AppData\Roaming\mIRC
2010-07-07 14:35:45 ----D---- C:\Program Files (x86)\mIRC
2010-07-07 13:01:31 ----D---- C:\Users\Varga\AppData\Roaming\Passware
2010-07-07 13:01:25 ----D---- C:\Program Files (x86)\Passware
2010-07-07 12:59:03 ----D---- C:\Users\Varga\AppData\Roaming\Miranda
2010-07-07 12:58:25 ----D---- C:\Program Files (x86)\Miranda IM
2010-07-07 11:55:57 ----D---- C:\Windows\rescache
2010-07-06 08:46:20 ----D---- C:\Users\Varga\AppData\Roaming\SeriousBit
2010-07-04 18:45:46 ----D---- C:\Program Files (x86)\Game_Maker8
2010-07-04 14:47:23 ----D---- C:\Program Files (x86)\ICQ-Banner-Remover
2010-07-04 14:41:32 ----D---- C:\ProgramData\ICQ
2010-07-04 12:34:34 ----D---- C:\Users\Varga\AppData\Roaming\System32
2010-07-04 12:27:31 ----D---- C:\Program Files (x86)\RAR Password Cracker
2010-07-03 16:38:55 ----D---- C:\Users\Varga\AppData\Roaming\install
2010-07-03 11:36:55 ----D---- C:\directory
2010-07-03 08:51:57 ----D---- C:\Program Files (x86)\PFPortChecker
2010-07-03 08:19:36 ----D---- C:\Program Files (x86)\Nmap
2010-07-02 19:07:37 ----RSHD---- C:\Users\Varga\AppData\Roaming\WindowsUpdate
2010-07-02 13:54:25 ----D---- C:\Program Files (x86)\001 File Joiner and Splitter 4.0
2010-07-01 16:35:51 ----D---- C:\Program Files (x86)\Advanced Port Scanner
2010-07-01 09:11:38 ----D---- C:\Program Files (x86)\Advanced IP Address Calculator
2010-07-01 09:08:27 ----A---- C:\Windows\SYSWOW64\BASSMOD.dll
2010-07-01 09:08:20 ----A---- C:\Windows\winin.ini
2010-07-01 09:08:19 ----A---- C:\Windows\SYSWOW64\RACServerLogon.dll
2010-07-01 09:08:18 ----D---- C:\Program Files (x86)\PCNetSoftware
2010-06-30 11:12:17 ----D---- C:\ProgramData\PopCap Games
2010-06-28 11:34:42 ----D---- C:\Windows\pss
2010-06-27 10:00:09 ----D---- C:\Program Files (x86)\Coolendář
2010-06-26 12:52:51 ----A---- C:\Windows\SYSWOW64\libmysql_d.dll
2010-06-26 12:52:47 ----D---- C:\Program Files (x86)\PremiumSoft
2010-06-23 12:06:18 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2010-06-23 12:06:17 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2010-06-23 12:06:17 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2010-06-23 12:06:17 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2010-06-23 12:06:17 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2010-06-23 12:06:17 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-23 12:06:17 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-23 12:06:17 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-23 12:06:17 ----A---- C:\Windows\system32\mscoree.dll
2010-06-23 12:06:17 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 12:03:50 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2010-06-23 12:03:50 ----A---- C:\Windows\system32\ntdll.dll
2010-06-23 12:03:38 ----A---- C:\Windows\system32\CPFilters.dll
2010-06-23 12:03:37 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2010-06-23 12:03:36 ----A---- C:\Windows\system32\msdri.dll
2010-06-20 13:28:52 ----D---- C:\Program Files (x86)\WinPcap
2010-06-19 19:02:58 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2010-06-19 19:02:58 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2010-06-19 19:02:58 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-06-19 19:02:58 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-06-19 19:02:57 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2010-06-19 19:02:57 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-06-18 17:17:56 ----A---- C:\Windows\UC.PIF
2010-06-18 17:17:56 ----A---- C:\Windows\RAR.PIF
2010-06-18 17:17:56 ----A---- C:\Windows\PKZIP.PIF
2010-06-18 17:17:56 ----A---- C:\Windows\PKUNZIP.PIF
2010-06-18 17:17:56 ----A---- C:\Windows\NOCLOSE.PIF
2010-06-18 17:17:56 ----A---- C:\Windows\LHA.PIF
2010-06-18 17:17:56 ----A---- C:\Windows\ARJ.PIF
2010-06-18 16:15:40 ----D---- C:\Windows\Uninstall
2010-06-17 14:43:10 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2010-06-17 14:43:10 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2010-06-17 14:43:10 ----A---- C:\Windows\system32\OpenCL.dll
2010-06-17 14:43:10 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-06-17 14:43:08 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2010-06-17 14:43:08 ----A---- C:\Windows\SYSWOW64\nvencodemft.dll
2010-06-17 14:43:08 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2010-06-17 14:43:08 ----A---- C:\Windows\system32\nvoglv64.dll
2010-06-17 14:43:08 ----A---- C:\Windows\system32\nvencodemft.dll
2010-06-17 14:43:08 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-06-17 14:43:07 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2010-06-17 14:43:07 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2010-06-17 14:43:07 ----A---- C:\Windows\system32\nvd3dumx.dll
2010-06-17 14:43:07 ----A---- C:\Windows\system32\nvcuvid.dll
2010-06-17 14:43:07 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-06-17 14:43:05 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2010-06-17 14:43:05 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2010-06-17 14:43:05 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2010-06-17 14:43:05 ----A---- C:\Windows\system32\nvcuda.dll
2010-06-17 14:43:04 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2010-06-17 14:43:04 ----A---- C:\Windows\system32\nvcompiler.dll
2010-06-17 14:43:04 ----A---- C:\Windows\system32\nvcod1921.dll
2010-06-17 14:43:04 ----A---- C:\Windows\system32\nvcod.dll
2010-06-15 17:47:34 ----A---- C:\Windows\AlcUpd64.exe
2010-06-15 17:47:34 ----A---- C:\Windows\AlcRmv64.exe
2010-06-15 17:47:31 ----D---- C:\Program Files (x86)\Realtek AC97
2010-06-15 17:47:28 ----A---- C:\Windows\HideWin.exe
2010-06-15 15:40:44 ----D---- C:\Program Files (x86)\Tunatic
2010-06-14 17:39:29 ----A---- C:\Windows\SYSWOW64\shutup.exe
2010-06-14 17:39:29 ----A---- C:\Windows\SYSWOW64\delay.exe
2010-06-14 17:09:29 ----D---- C:\Program Files (x86)\Quick Batch File Compiler
2010-06-14 17:03:41 ----D---- C:\Program Files (x86)\ExeScript

======List of files/folders modified in the last 1 months======

2010-07-12 09:34:03 ----D---- C:\Windows\Temp
2010-07-12 09:34:00 ----RD---- C:\Program Files
2010-07-12 09:22:22 ----D---- C:\Windows\system32\config
2010-07-12 09:18:20 ----D---- C:\ProgramData\NVIDIA
2010-07-11 23:08:36 ----D---- C:\Users\Varga\AppData\Roaming\Skype
2010-07-11 19:06:35 ----D---- C:\Windows\system32\drivers\etc
2010-07-11 19:06:31 ----SHD---- C:\System Volume Information
2010-07-11 18:28:24 ----D---- C:\Program Files (x86)\Audacity
2010-07-11 16:08:29 ----D---- C:\Users\Varga\AppData\Roaming\skypePM
2010-07-11 10:38:58 ----D---- C:\Windows
2010-07-11 10:33:33 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-07-11 10:30:12 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-07-11 10:27:46 ----D---- C:\Windows\system32\drivers
2010-07-11 10:27:46 ----D---- C:\Windows\inf
2010-07-11 10:27:43 ----D---- C:\Windows\system32\DriverStore
2010-07-11 10:24:38 ----D---- C:\Windows\system32\NDF
2010-07-11 10:05:06 ----D---- C:\Windows\Prefetch
2010-07-11 10:00:57 ----D---- C:\Windows\SysWOW64
2010-07-11 09:57:35 ----SHD---- C:\Windows\Installer
2010-07-11 09:57:33 ----D---- C:\Config.Msi
2010-07-11 09:50:39 ----HD---- C:\ProgramData
2010-07-11 09:49:00 ----D---- C:\Windows\system32\catroot
2010-07-11 09:48:38 ----D---- C:\Windows\System32
2010-07-10 23:04:50 ----D---- C:\Windows\SYSWOW64\drivers
2010-07-09 16:38:32 ----RD---- C:\Program Files (x86)
2010-07-09 15:00:56 ----D---- C:\Program Files (x86)\Common Files
2010-07-09 15:00:31 ----D---- C:\Windows\Logs
2010-07-09 14:56:48 ----RSD---- C:\Windows\Fonts
2010-07-07 13:37:58 ----D---- C:\Windows\Downloaded Program Files
2010-07-07 12:01:33 ----A---- C:\Windows\SYSWOW64\slwga.dll
2010-07-07 12:01:33 ----A---- C:\Windows\system32\systemcpl.dll
2010-07-07 12:01:33 ----A---- C:\Windows\system32\slwga.dll
2010-07-07 11:55:57 ----D---- C:\Windows\SYSWOW64\sk-SK
2010-07-07 11:55:56 ----D---- C:\Windows\SYSWOW64\en-US
2010-07-07 11:55:56 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-07-07 11:55:56 ----D---- C:\Windows\system32\sk-SK
2010-07-07 11:55:55 ----D---- C:\Windows\system32\en-US
2010-07-07 11:55:55 ----D---- C:\Windows\system32\cs-CZ
2010-07-07 10:19:18 ----D---- C:\Windows\winsxs
2010-07-02 14:32:41 ----SD---- C:\Users\Varga\AppData\Roaming\Microsoft
2010-07-01 09:13:58 ----D---- C:\Program Files (x86)\Advanced IP Scanner
2010-06-28 13:06:19 ----D---- C:\Windows\Microsoft.NET
2010-06-26 18:27:43 ----D---- C:\Users\Varga\AppData\Roaming\Adobe
2010-06-25 16:19:07 ----D---- C:\COP
2010-06-23 20:03:21 ----D---- C:\Windows\AppPatch
2010-06-23 12:08:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-23 12:07:20 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-06-23 12:06:12 ----D---- C:\Windows\ehome
2010-06-19 12:06:57 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2010-06-17 14:46:39 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-06-17 14:45:34 ----D---- C:\Program Files\NVIDIA Corporation
2010-06-17 14:45:13 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-06-15 14:49:36 ----D---- C:\Windows\debug
2010-06-14 19:59:07 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2010-06-14 17:39:30 ----RSD---- C:\Windows\Media
2010-06-14 15:25:05 ----D---- C:\Program Files (x86)\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2008-08-18 170528]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-06-04 236112]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-06-01 33208]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-03-24 139704]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-06-01 85208]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-27 90544]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 359552]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-03-24 163888]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-03-24 169592]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-03-24 50600]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 47632]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-03-24 33608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-12-11 1577120]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys [2007-01-15 1452072]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3); C:\Windows\system32\drivers\wfeaglxt.sys [2009-10-21 474240]
S2 RACDriver;RAC ovladač; \??\C:\Program Files (x86)\PCNetSoftware\RAC Server\RACDriver.sys [2007-03-20 8208]
S3 ASNDIS4;ASNDIS4 Protocol Driver; \??\C:\Windows\syswow64\ASNDIS4.SYS []
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-04-11 23080]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 ULCDRHlp;ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vpcuxd;USB Virtualization Stub Service; C:\Windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-06-01 2348600]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-03-24 810120]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 116560]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 116560]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-06-07 159336]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-06-12 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2010-06-14 219128]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 ASWLSVC;ASWLSVC; C:\Windows\SysWOW64\ASWLSVC.exe [2004-05-06 496640]
S2 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE [2009-07-14 19456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20 136176]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1823112]
S2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
S2 Uniblue DiskRescue;Uniblue DiskRescue; C:\Program Files (x86)\Uniblue\DiskRescue\UBDiskRescueSrv.exe [2008-09-10 229648]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-05-29 77944]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-03-24 42336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-02 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-05-02 655624]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-07-08 395048]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 116560]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 12 črc 2010 08:52

Zdravim a pekne dopoledne preji

Vy jste se dal na chov konicku druhu trojskeho

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Doporucuji odinstalovat Spybot - Search & Destroy - program ma jiz nejlepsi leta za sebou a posledni 3-4 roky neni schopen reagovat na aktualini hrozby

Nahrady za Spybota:
- Spyware Terminator - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=44730
- SuperAntiSpyare - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=51359
Samozrejme pouzivejte jen jeden z nich

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

C:\windows\tamara64\esperance.bat
C:\Windows\system32\guard64.dll
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
Kliknete na Otestovat soubor
Vysledek analyzy sem vlozte (jako odkaz)

Jak sem "mrsknete" odkazy na vysledky VT, tak se dame do mazani

P.Varga · #3 Příspěvek od **P.Varga** » 12 črc 2010 08:58

Ďakujem za skorú odpoveď.
Esperance.bat je môj výtvor.
A virustotal u mňa nefunguje. A okrem toho som skúsil novirusthanks.org a nemôže nájst guard64.dll len guard32.dll

#4 Příspěvek od **vyosek** » 12 črc 2010 09:09

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{BFC32E1D-EE75-4A48-BC60-104E11EE2431}]

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Windows\rundll16.exe
C:\Windows\logo1_.exe

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Kliknete na cervene tlacitko MoveIt!
Sem pote dejte obsah okna Results (pod zelenou carou)
Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

P.Varga · #5 Příspěvek od **P.Varga** » 12 črc 2010 10:50

All processes killed
========== REGISTRY ==========
HKCU\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.centrum.sk/" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{BFC32E1D-EE75-4A48-BC60-104E11EE2431}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFC32E1D-EE75-4A48-BC60-104E11EE2431}\ deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI316F.tmp moved successfully.
C:\WINDOWS\Installer\MSI375A.tmp moved successfully.
C:\WINDOWS\Installer\MSI91C9.tmp moved successfully.
C:\WINDOWS\Installer\MSID774.tmp moved successfully.
C:\WINDOWS\Installer\MSIDCD2.tmp moved successfully.
C:\WINDOWS\Installer\MSIE57E.tmp moved successfully.
C:\WINDOWS\Installer\MSIE84D.tmp moved successfully.
C:\WINDOWS\Installer\MSIECE0.tmp moved successfully.
C:\WINDOWS\Temp\HTT2EC5.tmp moved successfully.
C:\WINDOWS\Temp\HTT3FDC.tmp moved successfully.
C:\WINDOWS\Temp\HTT94B2.tmp moved successfully.
C:\WINDOWS\Temp\HTTE3A9.tmp moved successfully.
C:\WINDOWS\Temp\TS_5B77.tmp moved successfully.
C:\WINDOWS\Temp\TS_C11D.tmp moved successfully.
C:\Windows\rundll16.exe folder moved successfully.
C:\Windows\logo1_.exe folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Varga
->Temp folder emptied: 542501196 bytes
->Temporary Internet Files folder emptied: 37148761 bytes
->Java cache emptied: 1432585 bytes
->FireFox cache emptied: 49368775 bytes
->Flash cache emptied: 37694 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47619421 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85153 bytes
RecycleBin emptied: 627143 bytes

Total Files Cleaned = 647,00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.14.0 log created on 07122010_113841

Files moved on Reboot...
C:\Users\Varga\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Varga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L4KRUQB1\afr[1].htm moved successfully.
C:\Users\Varga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TCXSIY2\afr[1].htm moved successfully.

Registry entries deleted on Reboot...

#6 Příspěvek od **vyosek** » 12 črc 2010 11:21

Jak se chova PC

P.Varga · #7 Příspěvek od **P.Varga** » 12 črc 2010 11:33

Firefoxu,thunderbirdu, trvá spustenie okolo 20 minút.
V procesoch ich vidím ale ich okno nie.

#8 Příspěvek od **vyosek** » 12 črc 2010 11:52

Zkoustel jste je preinstalovat

Zalohu mailu a nastaveni FF muzete udelat pomoci MozBackup http://www.studna.cz/mozbackup-p-2499.html

P.Varga · #9 Příspěvek od **P.Varga** » 12 črc 2010 12:01

Tak po preinštalovaní a reštarte sa už ani nedá spustiť. V procesoch je tak 10 sekúnd a potom ho niečo zhodí.

#10 Příspěvek od **vyosek** » 12 črc 2010 12:43

Nejake divne

Mohl bych vedet co dela ten esperance.bat, pripadne jeho obsah sem ci do SZ (pokud jsou tam nejake citvlivejsi udaje)

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 5min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

P.Varga · #11 Příspěvek od **P.Varga** » 12 črc 2010 12:55

obsah esperance.bat
echo off
cls
delay 60000
shutup /l
pause
exit

P.Varga · #12 Příspěvek od **P.Varga** » 12 črc 2010 14:06

Tak po dlhej dobe tu je log:

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

Processes (SafeList)

PRC - [2010/07/12 13:55:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Varga\Desktop\OTL.exe
PRC - [2010/07/07 13:17:28 | 005,976,064 | ---- | M] (Scendix Software GmbH) -- C:\ProgramData\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
PRC - [2010/07/01 22:24:44 | 000,785,503 | ---- | M] ( ) -- C:\Program Files (x86)\Miranda IM\miranda32.exe
PRC - [2010/06/28 13:17:10 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 13:17:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/19 12:06:55 | 011,959,472 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/06/14 19:59:07 | 000,219,128 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/06/12 16:49:03 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/06/09 16:25:32 | 002,920,448 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFDTV\WFWIZ.exe
PRC - [2010/06/09 13:53:26 | 000,101,888 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
PRC - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/28 16:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/26 11:19:16 | 003,438,592 | ---- | M] (JetAudio, Inc.) -- C:\Program Files (x86)\JetAudio\JetAudio.exe
PRC - [2009/07/27 04:37:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2008/09/10 17:22:32 | 000,229,648 | ---- | M] (Uniblue) -- C:\Program Files (x86)\Uniblue\DiskRescue\UBDiskRescueSrv.exe
PRC - [2007/01/08 16:58:02 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
PRC - [2006/02/21 17:23:16 | 000,525,824 | ---- | M] () -- C:\Windows\SysWOW64\ASWL2K.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/05/06 12:21:04 | 000,496,640 | ---- | M] () -- C:\Windows\SysWOW64\ASWLSVC.exe

========== Modules (SafeList) ==========

MOD - [2010/07/12 13:55:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Varga\Desktop\OTL.exe
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2009/07/14 03:15:21 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fltLib.dll
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/06/29 19:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/01 19:00:54 | 002,348,600 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/05/02 13:04:11 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/03/24 20:39:50 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS)
SRV:64bit: - [2009/07/14 03:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC)
SRV:64bit: - [2009/07/14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 03:40:01 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV:64bit: - [2009/07/14 03:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2010/07/08 11:47:46 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/14 19:59:07 | 000,219,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/06/12 16:49:03 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/29 17:30:32 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/05/02 13:04:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/09/10 17:22:32 | 000,229,648 | ---- | M] (Uniblue) [Auto | Running] -- C:\Program Files (x86)\Uniblue\DiskRescue\UBDiskRescueSrv.exe -- (Uniblue DiskRescue)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/05/06 12:21:04 | 000,496,640 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASWLSVC.exe -- (ASWLSVC)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ASNDIS4.SYS -- (ASNDIS4)
DRV:64bit: - [2010/03/24 20:34:18 | 000,050,600 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/03/24 20:34:14 | 000,169,592 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/03/24 20:34:14 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/03/24 20:31:12 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/03/24 20:24:00 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/02/17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/10/21 18:33:02 | 000,474,240 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wfeaglxt.sys -- (WFLR6654) WinFast TV2000 XP Expert (FM1216MK3)
DRV:64bit: - [2009/10/20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 03:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009/09/23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2010/04/11 13:50:12 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007/03/20 12:50:30 | 000,008,208 | ---- | M] (Miloslav Novotný N+P) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\PCNetSoftware\RAC Server\RACDriver.sys -- (RACDriver)
DRV - [2007/02/07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2004/12/23 17:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ULCDRHlp.sys -- (ULCDRHlp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
IE - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 36 B1 53 72 10 CB 01 [binary data]
IE - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://sk.start3.mozilla.com/firefox?cl ... k:official"
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/28 13:17:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/28 13:17:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/19 12:06:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/04/11 16:02:26 | 000,000,000 | ---D | M]

[2010/04/11 14:04:42 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Extensions
[2009/12/09 16:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varga\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\7g3kg2b6.default\extensions
[2010/07/12 11:57:14 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions
[2010/06/11 18:16:43 | 000,000,000 | ---D | M] (WebTran) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2010/04/28 07:36:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/08 12:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/04/11 14:04:41 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/06/19 07:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}
[2010/01/05 12:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/04/15 16:40:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/10 22:25:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/29 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\artur.dubovoy@gmail.com
[2010/04/15 16:40:32 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\personas@christopher.beard
[2010/07/10 22:25:43 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\staged-xpis
[2010/04/25 17:59:08 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\Strata40@SpewBoy.au
[2010/04/26 11:28:30 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\StrataBuddy@ReduxTeam
[2010/04/11 14:04:40 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\tabprogressbar@studio17.wordpress.com
[2010/04/25 17:59:08 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mozilla\Firefox\Profiles\m9666mo0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
[2009/10/22 06:40:14 | 000,002,257 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Mozilla\FireFox\Profiles\m9666mo0.default\searchplugins\askcom.xml
[2010/06/10 15:08:15 | 000,005,310 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Mozilla\FireFox\Profiles\m9666mo0.default\searchplugins\footiefox.xml
[2010/05/12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Mozilla\FireFox\Profiles\m9666mo0.default\searchplugins\icqplugin.xml
[2009/12/06 14:20:23 | 000,001,945 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Mozilla\FireFox\Profiles\m9666mo0.default\searchplugins\myiptest---ip-lookup.xml
[2010/05/22 15:44:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/02 11:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/22 15:44:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/22 15:44:15 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:40:34 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/04/01 19:40:34 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/04/01 19:40:34 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/04/01 19:40:34 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/04/01 19:40:34 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/04/01 19:40:34 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010/07/04 14:47:41 | 000,000,904 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WebIE.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8:64bit: - Extra context menu item: E&xportovať do programu Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WebIE.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E52EE745-7A6C-490F-9686-BDBA8676D162} http://poulain.italp.qc.ca/VideoServer.cab (CVServerObject Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/29 17:23:58 | 000,000,000 | ---D | M] - D:\autocad2007 -- [ NTFS ]
O32 - AutoRun File - [2009/10/21 15:34:48 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.dvsd - pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 7 Days ==========

[2010/07/12 13:55:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Varga\Desktop\OTL.exe
[2010/07/12 13:12:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/07/12 11:38:41 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/12 11:37:42 | 000,520,192 | ---- | C] (OldTimer Tools) -- C:\Users\Varga\Desktop\OTM.exe
[2010/07/12 09:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/07/11 20:20:43 | 001,391,616 | ---- | C] (Irfan Skiljan) -- C:\Users\Varga\Desktop\iview427_setup.exe
[2010/07/11 18:27:51 | 000,421,346 | ---- | C] ( ) -- C:\Users\Varga\Desktop\Lame_v3.98.2_for_Audacity_on_Windows.exe
[2010/07/11 18:27:31 | 002,228,534 | ---- | C] ( ) -- C:\Users\Varga\Desktop\audacity-win-1.2.6.exe
[2010/07/11 09:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/07/11 09:48:49 | 000,000,000 | ---D | C] -- C:\Users\Varga\AppData\Roaming\MAXON
[2010/07/11 09:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/07/11 09:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/07/11 09:40:05 | 000,000,000 | ---D | C] -- C:\Users\Varga\Desktop\Cinebench
[2010/07/10 23:05:10 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2010/07/10 23:04:50 | 000,027,392 | ---- | C] (Ulead Systems, Inc.) -- C:\Windows\SysWow64\drivers\ULCDRHlp.sys
[2010/07/10 23:03:31 | 000,000,000 | ---D | C] -- C:\Users\Varga\Documents\WFRCConfig
[2010/07/10 14:16:07 | 000,000,000 | ---D | C] -- C:\Users\Varga\Desktop\Nový priečinok
[2010/07/09 16:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/07/09 16:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010/07/09 16:37:48 | 003,301,352 | ---- | C] ( ) -- C:\Users\Varga\Desktop\CyberLink.3105_Generic_CDT100618-01.exe
[2010/07/09 15:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2010/07/09 15:01:02 | 000,000,000 | ---D | C] -- C:\Users\Varga\AppData\Local\Downloaded Installations
[2010/07/09 15:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/07/09 15:00:34 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/07/09 15:00:34 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/07/09 15:00:34 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/07/09 15:00:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/07/09 15:00:31 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/07/09 15:00:31 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/07/07 14:35:45 | 000,000,000 | ---D | C] -- C:\Users\Varga\AppData\Roaming\mIRC
[2010/07/07 14:35:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2010/07/07 13:17:31 | 000,000,000 | ---D | C] -- C:\Users\Varga\Documents\Pamela Call Recordings
[2010/07/07 13:01:31 | 000,000,000 | ---D | C] -- C:\Users\Varga\AppData\Roaming\Passware
[2010/07/07 13:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Passware
[2010/07/07 12:59:03 | 000,000,000 | ---D | C] -- C:\Users\Varga\AppData\Roaming\Miranda
[2010/07/07 12:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Miranda IM
[2010/07/07 11:55:57 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2010/07/06 08:46:20 | 000,000,000 | ---D | C] -- C:\Users\Varga\AppData\Roaming\SeriousBit
[2010/07/05 17:07:54 | 000,000,000 | ---D | C] -- C:\Users\Varga\Desktop\qq

========== Files - Modified Within 7 Days ==========

[2010/07/12 14:42:50 | 008,388,608 | -HS- | M] () -- C:\Users\Varga\ntuser.dat
[2010/07/12 14:20:04 | 003,741,696 | ---- | M] () -- C:\Users\Varga\Desktop\right_said_fred_stand_up_for_the_champions.mp3
[2010/07/12 13:58:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/12 13:55:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Varga\Desktop\OTL.exe
[2010/07/12 13:00:26 | 013,863,002 | ---- | M] () -- C:\Users\Varga\Desktop\Firefox 3.6.6 (sk) - 2010-07-12.pcv
[2010/07/12 12:59:48 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2010/07/12 12:30:28 | 000,000,159 | ---- | M] () -- C:\Users\Varga\Desktop\fix.bat
[2010/07/12 11:54:49 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/12 11:43:44 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/12 11:43:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/12 11:43:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/12 11:43:18 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 11:41:31 | 001,027,651 | -H-- | M] () -- C:\Users\Varga\AppData\Local\IconCache.db
[2010/07/12 11:37:56 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Users\Varga\Desktop\OTM.exe
[2010/07/12 11:25:31 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 11:25:31 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/11 23:00:18 | 000,074,098 | ---- | M] () -- C:\Users\Varga\Desktop\Hazard_T.jpg
[2010/07/11 21:03:29 | 000,049,034 | ---- | M] () -- C:\Users\Varga\Desktop\200px-Skull_and_crossbones5.jpg
[2010/07/11 20:50:10 | 000,065,971 | ---- | M] () -- C:\Users\Varga\Desktop\200px-Skull_and_crossbones3.jpg
[2010/07/11 20:42:08 | 000,041,156 | ---- | M] () -- C:\Users\Varga\Desktop\200px-Skull_and_crossbones2.png
[2010/07/11 20:42:08 | 000,000,132 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2010/07/11 20:34:35 | 000,010,996 | ---- | M] () -- C:\Users\Varga\Desktop\200px-Skull_and_crossbones.svg.png
[2010/07/11 20:21:09 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2010/07/11 20:21:09 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/07/11 20:20:53 | 001,391,616 | ---- | M] (Irfan Skiljan) -- C:\Users\Varga\Desktop\iview427_setup.exe
[2010/07/11 20:16:47 | 000,020,990 | ---- | M] () -- C:\Users\Varga\Desktop\Hazard_T.svg
[2010/07/11 20:08:55 | 000,188,653 | ---- | M] () -- C:\Users\Varga\Desktop\000.jpg
[2010/07/11 18:36:50 | 003,002,496 | ---- | M] () -- C:\Users\Varga\Desktop\Smooth Criminal 8-bit.mp3
[2010/07/11 18:35:58 | 005,904,659 | ---- | M] () -- C:\Users\Varga\Desktop\Smooth Criminal 8-bit2.mp3
[2010/07/11 18:28:24 | 000,000,952 | ---- | M] () -- C:\Users\Varga\Desktop\Audacity.lnk
[2010/07/11 18:28:06 | 000,421,346 | ---- | M] ( ) -- C:\Users\Varga\Desktop\Lame_v3.98.2_for_Audacity_on_Windows.exe
[2010/07/11 18:27:42 | 002,228,534 | ---- | M] ( ) -- C:\Users\Varga\Desktop\audacity-win-1.2.6.exe
[2010/07/11 17:11:12 | 018,361,314 | ---- | M] () -- C:\Users\Varga\Desktop\AVGN Nes Acessories.mp4
[2010/07/11 16:34:46 | 104,850,151 | ---- | M] () -- C:\Users\Varga\Desktop\t_screwattack_vgv_rambo_gt.wmv
[2010/07/11 15:04:47 | 000,012,288 | ---- | M] () -- C:\Users\Varga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/11 14:59:56 | 069,224,537 | ---- | M] () -- C:\Users\Varga\Desktop\t_screwattack_avgn_bugsbunnybirthday_gt.wmv
[2010/07/11 14:44:07 | 127,675,195 | ---- | M] () -- C:\Users\Varga\Desktop\t_screwattack_avgn_halloween07_gt.wmv
[2010/07/11 14:33:11 | 101,145,983 | ---- | M] () -- C:\Users\Varga\Desktop\t_screwattack_avgn_texaschainsaw_gt.wmv
[2010/07/11 13:45:20 | 104,369,695 | ---- | M] () -- C:\Users\Varga\Desktop\t_screwattack_avgn_dracula_gt.wmv
[2010/07/11 13:39:49 | 123,298,481 | ---- | M] () -- C:\Users\Varga\Desktop\t_screwattack_avgn_frankenstein_gt.wmv
[2010/07/11 13:25:23 | 006,747,858 | ---- | M] () -- C:\Users\Varga\Desktop\Smooth Criminal (RM 8-Master Mix).mp3
[2010/07/11 13:21:53 | 008,278,016 | ---- | M] () -- C:\Users\Varga\Desktop\12294596_09.Smooth_Criminal.mp3
[2010/07/11 13:17:44 | 004,276,995 | ---- | M] () -- C:\Users\Varga\Desktop\12-Smooth-criminal-cover.mp3
[2010/07/11 13:05:09 | 000,169,598 | ---- | M] () -- C:\Users\Varga\Documents\pinfect.zip
[2010/07/11 12:58:33 | 140,797,340 | ---- | M] () -- C:\Users\Varga\Desktop\AVGN Glitch.wmv
[2010/07/11 12:58:07 | 040,201,494 | ---- | M] () -- C:\Users\Varga\Desktop\t_screwattack_avgn_superpitfall_nerd_gt.wmv
[2010/07/11 10:35:30 | 000,000,053 | ---- | M] () -- C:\Windows\Lic.xxx
[2010/07/11 10:28:02 | 000,116,276 | ---- | M] () -- C:\Users\Varga\Documents\wtf.xml
[2010/07/11 09:56:50 | 017,500,374 | ---- | M] () -- C:\Windows\REGBK03.ZIP
[2010/07/11 09:50:25 | 004,991,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/10 23:20:56 | 000,000,002 | ---- | M] () -- C:\Windows\SysWow64\Dvbpws.dll
[2010/07/10 23:03:20 | 000,001,705 | ---- | M] () -- C:\Users\Public\Desktop\RCConfig.lnk
[2010/07/10 23:03:07 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\WinFast PVR2.lnk
[2010/07/10 18:45:24 | 000,025,306 | ---- | M] () -- C:\Users\Varga\Desktop\The IT Crowd 4x03 Something Happened WS PDTV XviD-RiVER.srt
[2010/07/10 15:14:23 | 000,132,046 | ---- | M] () -- C:\Users\Varga\Desktop\15_19_1---Tree--Sunrise--Northumberland_web.jpg
[2010/07/10 14:44:34 | 000,349,638 | ---- | M] () -- C:\Users\Varga\Desktop\f_350696195_b4894b63b43c749fd896e58864704152.jpg
[2010/07/10 14:38:12 | 000,302,238 | ---- | M] () -- C:\Users\Varga\Desktop\f_350681096_d4748e6477112a8c416b8d9a85e5c836.jpg
[2010/07/10 14:21:17 | 000,286,430 | ---- | M] () -- C:\Users\Varga\Desktop\f_350687354_70c8c86fc77ce03a9645f4080467433e.jpg
[2010/07/10 14:01:49 | 000,118,048 | ---- | M] () -- C:\Users\Varga\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/10 12:13:16 | 000,055,497 | ---- | M] () -- C:\Users\Varga\Desktop\plan.jpg
[2010/07/10 09:47:54 | 183,490,560 | ---- | M] () -- C:\Users\Varga\Desktop\The IT Crowd 4x03 Something Happened WS PDTV XviD-RiVER.avi
[2010/07/09 16:38:34 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink BD & 3D Advisor.lnk
[2010/07/09 16:38:21 | 003,301,352 | ---- | M] ( ) -- C:\Users\Varga\Desktop\CyberLink.3105_Generic_CDT100618-01.exe
[2010/07/08 18:24:47 | 000,002,222 | ---- | M] () -- C:\Users\Varga\Desktop\FAKEFACTORY CM10.lnk
[2010/07/08 16:35:46 | 000,000,064 | R--- | M] () -- C:\Users\Varga\Desktop\Radio YES.pls
[2010/07/07 14:57:37 | 005,663,232 | ---- | M] () -- C:\Users\Varga\Desktop\01-kaiser_chiefs-ruby.mp3
[2010/07/07 12:58:26 | 000,001,035 | ---- | M] () -- C:\Users\Varga\Desktop\Miranda IM.lnk
[2010/07/07 12:01:33 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2010/07/07 10:36:10 | 037,920,364 | ---- | M] () -- C:\Users\Varga\Desktop\3.3.3.11723-3.3.5.12340-enUS-patch.zip
[2010/07/05 19:08:14 | 000,001,047 | ---- | M] () -- C:\Users\Varga\Desktop\Game Maker.lnk
[2010/07/05 17:44:15 | 000,012,397 | ---- | M] () -- C:\Users\Varga\Documents\TEAST.docx
[2010/07/05 17:00:19 | 000,002,645 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2

========== Files Created - No Company Name ==========

[2010/07/12 14:20:03 | 003,741,696 | ---- | C] () -- C:\Users\Varga\Desktop\right_said_fred_stand_up_for_the_champions.mp3
[2010/07/12 13:00:06 | 013,863,002 | ---- | C] () -- C:\Users\Varga\Desktop\Firefox 3.6.6 (sk) - 2010-07-12.pcv
[2010/07/12 12:59:48 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2010/07/12 12:30:27 | 000,000,159 | ---- | C] () -- C:\Users\Varga\Desktop\fix.bat
[2010/07/12 11:54:49 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/11 23:00:18 | 000,074,098 | ---- | C] () -- C:\Users\Varga\Desktop\Hazard_T.jpg
[2010/07/11 21:03:28 | 000,049,034 | ---- | C] () -- C:\Users\Varga\Desktop\200px-Skull_and_crossbones5.jpg
[2010/07/11 20:50:09 | 000,065,971 | ---- | C] () -- C:\Users\Varga\Desktop\200px-Skull_and_crossbones3.jpg
[2010/07/11 20:42:08 | 000,000,132 | ---- | C] () -- C:\Users\Varga\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2010/07/11 20:42:05 | 000,041,156 | ---- | C] () -- C:\Users\Varga\Desktop\200px-Skull_and_crossbones2.png
[2010/07/11 20:34:35 | 000,010,996 | ---- | C] () -- C:\Users\Varga\Desktop\200px-Skull_and_crossbones.svg.png
[2010/07/11 20:21:09 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2010/07/11 20:21:09 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/07/11 20:16:47 | 000,020,990 | ---- | C] () -- C:\Users\Varga\Desktop\Hazard_T.svg
[2010/07/11 20:08:54 | 000,188,653 | ---- | C] () -- C:\Users\Varga\Desktop\000.jpg
[2010/07/11 18:28:24 | 000,000,952 | ---- | C] () -- C:\Users\Varga\Desktop\Audacity.lnk
[2010/07/11 10:00:57 | 000,000,126 | R--- | C] () -- C:\Windows\SysWow64\validation.list
[2010/07/11 09:55:24 | 017,500,374 | ---- | C] () -- C:\Windows\REGBK03.ZIP
[2010/07/10 23:03:20 | 000,001,705 | ---- | C] () -- C:\Users\Public\Desktop\RCConfig.lnk
[2010/07/10 23:03:07 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\WinFast PVR2.lnk
[2010/07/10 23:02:33 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\Dvbpws.dll
[2010/07/10 18:45:22 | 000,025,306 | ---- | C] () -- C:\Users\Varga\Desktop\The IT Crowd 4x03 Something Happened WS PDTV XviD-RiVER.srt
[2010/07/10 15:14:23 | 000,132,046 | ---- | C] () -- C:\Users\Varga\Desktop\15_19_1---Tree--Sunrise--Northumberland_web.jpg
[2010/07/10 14:44:34 | 000,349,638 | ---- | C] () -- C:\Users\Varga\Desktop\f_350696195_b4894b63b43c749fd896e58864704152.jpg
[2010/07/10 14:38:12 | 000,302,238 | ---- | C] () -- C:\Users\Varga\Desktop\f_350681096_d4748e6477112a8c416b8d9a85e5c836.jpg
[2010/07/10 14:21:17 | 000,286,430 | ---- | C] () -- C:\Users\Varga\Desktop\f_350687354_70c8c86fc77ce03a9645f4080467433e.jpg
[2010/07/10 12:13:16 | 000,055,497 | ---- | C] () -- C:\Users\Varga\Desktop\plan.jpg
[2010/07/10 09:42:10 | 183,490,560 | ---- | C] () -- C:\Users\Varga\Desktop\The IT Crowd 4x03 Something Happened WS PDTV XviD-RiVER.avi
[2010/07/09 16:38:34 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink BD & 3D Advisor.lnk
[2010/07/08 18:24:47 | 000,002,222 | ---- | C] () -- C:\Users\Varga\Desktop\FAKEFACTORY CM10.lnk
[2010/07/08 16:35:48 | 000,000,064 | R--- | C] () -- C:\Users\Varga\Desktop\Radio YES.pls
[2010/07/07 14:57:37 | 005,663,232 | ---- | C] () -- C:\Users\Varga\Desktop\01-kaiser_chiefs-ruby.mp3
[2010/07/07 12:58:26 | 000,001,035 | ---- | C] () -- C:\Users\Varga\Desktop\Miranda IM.lnk
[2010/07/07 10:33:58 | 037,920,364 | ---- | C] () -- C:\Users\Varga\Desktop\3.3.3.11723-3.3.5.12340-enUS-patch.zip
[2010/07/06 09:49:03 | 000,398,354 | ---- | C] () -- C:\Users\Varga\Desktop\Slovak_4.2.0.166.lang
[2010/07/05 19:08:14 | 000,001,047 | ---- | C] () -- C:\Users\Varga\Desktop\Game Maker.lnk
[2010/07/05 17:44:15 | 000,012,397 | ---- | C] () -- C:\Users\Varga\Documents\TEAST.docx
[2010/07/01 09:08:27 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/01 09:08:20 | 000,000,093 | ---- | C] () -- C:\Windows\winin.ini
[2010/06/26 12:52:51 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2010/06/11 18:15:58 | 000,002,455 | ---- | C] () -- C:\Windows\TRNCOM.INI
[2010/06/06 12:38:50 | 001,582,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/25 18:18:24 | 000,378,368 | -HS- | C] () -- C:\Windows\SysWow64\SCX.dll.mwt
[2010/05/25 18:18:23 | 000,157,184 | -HS- | C] () -- C:\Windows\SysWow64\SC.dll
[2010/05/24 15:43:14 | 000,008,654 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2010/05/24 15:43:09 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2010/05/14 12:49:12 | 000,000,000 | ---- | C] () -- C:\Windows\WFD_InstKind.ini
[2010/05/09 10:01:12 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/05/09 10:01:09 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/11 13:45:30 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/10/20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI
[2006/07/19 19:51:12 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\VideoServerCom733.dll
[2002/02/01 14:00:00 | 000,375,296 | ---- | C] () -- C:\Windows\SysWow64\wsihk32.dll
[2002/02/01 14:00:00 | 000,131,584 | ---- | C] () -- C:\Windows\SysWow64\wsiwin32.dll

========== LOP Check ==========

[2010/07/06 08:46:20 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\SeriousBit
[2010/05/02 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Sony
[2010/04/21 15:59:10 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\SoundSpectrum
[2010/04/22 07:57:57 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\SPORE
[2010/05/28 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/09 13:19:09 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Subversion
[2010/07/04 12:35:22 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\System32
[2010/04/11 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Thunderbird
[2010/04/29 15:28:16 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Uniblue
[2010/07/03 09:30:08 | 000,000,000 | RHSD | M] -- C:\Users\Varga\AppData\Roaming\WindowsUpdate
[2010/06/15 15:30:20 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/29 15:26:32 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\Uniblue DiskRescue 2009.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"WinFast Schedule" = C:\Program Files\WinFast\WFDTV\WFWIZ.exe -- [2010/06/09 16:25:32 | 002,920,448 | ---- | M] (Leadtek Research Inc.)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -- [2010/06/29 19:49:26 | 002,957,040 | ---- | M] (SUPERAntiSpyware.com)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >
[2010/04/11 11:38:08 | 002,959,376 | ---- | M] (Microsoft Corporation) -- C:\dotnetfx35setup.exe
[2010/04/11 11:51:42 | 002,869,264 | ---- | M] (Microsoft Corporation) -- C:\dotNetFx35setup1.exe
[2004/07/09 04:08:36 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\dxsetup.exe
[2010/04/11 10:35:36 | 029,131,552 | ---- | M] (Microsoft® Corporation) -- C:\gfwlivesetupmin.exe
[2010/04/03 11:40:01 | 013,951,957 | ---- | M] () -- C:\GTASA_manager2.exe
[2010/04/03 14:01:53 | 004,178,803 | ---- | M] () -- C:\MyPhoneExplorer_Setup_v1.7.5.exe
[2009/12/14 15:14:02 | 066,374,881 | ---- | M] (e-merge GmbH) -- C:\poke646.exe
[2010/04/02 12:44:32 | 004,346,475 | ---- | M] ( ) -- C:\SannyBuilder-v3.04.exe
[2010/04/09 19:38:27 | 001,587,537 | ---- | M] () -- C:\wr393sk.exe
[2010/04/10 19:48:05 | 006,204,713 | ---- | M] (Yamicsoft) -- C:\xpmanager.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/06/26 18:27:43 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Adobe
[2010/05/28 18:48:38 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Adobe Mini Bridge CS5
[2010/05/03 15:40:42 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Ahead
[2010/04/13 19:11:01 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\ArcSoft
[2010/05/29 17:39:37 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Autodesk
[2010/04/15 19:42:19 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\COWON
[2010/06/01 15:46:56 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Download Manager
[2010/04/11 16:07:07 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\ESET
[2010/04/25 08:47:18 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Folding@home-gpu
[2010/06/04 18:26:37 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\GHISLER
[2010/04/11 13:44:34 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Identities
[2010/07/03 16:40:04 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\install
[2010/04/11 13:46:04 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\InstallShield

P.Varga · #13 Příspěvek od **P.Varga** » 12 črc 2010 14:07

[2010/04/25 11:37:00 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\IObit
[2010/06/10 16:31:21 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\IrfanView
[2010/06/11 18:16:08 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\LangSoft
[2010/05/24 19:12:58 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Leadertech
[2010/05/09 14:05:18 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\LockHunter
[2010/04/11 13:50:57 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Macromedia
[2010/07/11 09:48:49 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\MAXON
[2009/07/14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Media Center Programs
[2010/07/02 14:32:41 | 000,000,000 | --SD | M] -- C:\Users\Varga\AppData\Roaming\Microsoft
[2010/07/07 13:08:35 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Miranda
[2010/07/07 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\mIRC
[2010/04/11 14:03:59 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Mozilla
[2010/04/20 07:13:48 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\NVIDIA
[2010/07/07 13:02:03 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Passware
[2010/05/02 15:23:50 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Publish Providers
[2010/07/01 09:11:12 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Radmin
[2010/05/05 19:38:50 | 000,000,000 | RH-D | M] -- C:\Users\Varga\AppData\Roaming\SecuROM
[2010/07/06 08:46:20 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\SeriousBit
[2010/07/12 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Skype
[2010/07/12 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\skypePM
[2010/05/02 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Sony
[2010/04/21 15:59:10 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\SoundSpectrum
[2010/04/22 07:57:57 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\SPORE
[2010/05/28 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/09 13:19:09 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Subversion
[2010/07/12 11:54:52 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/04 12:35:22 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\System32
[2010/04/11 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Thunderbird
[2010/06/09 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\TortoiseSVN
[2010/04/29 15:28:16 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\Uniblue
[2010/05/16 14:49:25 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\uTorrent
[2010/07/03 09:30:08 | 000,000,000 | RHSD | M] -- C:\Users\Varga\AppData\Roaming\WindowsUpdate
[2010/04/11 14:27:26 | 000,000,000 | ---D | M] -- C:\Users\Varga\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2010/04/25 08:45:34 | 001,908,736 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Folding@home-gpu\FahCore_11.exe
[2010/04/25 08:44:16 | 000,098,477 | R--- | M] () -- C:\Users\Varga\AppData\Roaming\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_41346D1BD9E98636678C85.exe
[2010/04/25 08:44:16 | 000,010,134 | R--- | M] () -- C:\Users\Varga\AppData\Roaming\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_5429DBF727E2384037BDE1.exe
[2010/04/25 08:44:16 | 000,098,477 | R--- | M] () -- C:\Users\Varga\AppData\Roaming\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_6FEFF9B68218417F98F549.exe
[2010/07/09 15:01:31 | 000,010,134 | R--- | M] () -- C:\Users\Varga\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2010/07/07 13:01:26 | 000,367,686 | R--- | M] () -- C:\Users\Varga\AppData\Roaming\Microsoft\Installer\{B32261CD-F1C8-42C3-B507-CB6B87CEC1A8}\icon.exe
[2005/10/17 11:12:46 | 000,258,048 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\uTorrent\wget.exe

< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009/07/14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=647374E46A175387ADF935C72B7F4362 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=8E7831F854084175C6D497AA3827E818 -- C:\Windows\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009/07/14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010/07/10 23:20:56 | 000,000,002 | ---- | M] () -- C:\Windows\SysWOW64\Dvbpws.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:EEFF768F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CF54F1CA
< End of report >

P.Varga · #14 Příspěvek od **P.Varga** » 12 črc 2010 16:34

a tu je extras (akosi som naňho zabudol

)
OTL Extras logfile created on: 12. 7. 2010 14:41:51 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Varga\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free
4,00 Gb Paging File | 1,00 Gb Available in Paging File | 29,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,65 Gb Total Space | 10,36 Gb Free Space | 10,61% Space Free | Partition Type: NTFS
Drive D: | 31,48 Gb Total Space | 4,35 Gb Free Space | 13,82% Space Free | Partition Type: NTFS
Drive E: | 266,60 Gb Total Space | 4,65 Gb Free Space | 1,74% Space Free | Partition Type: NTFS
Drive F: | 249,25 Gb Total Space | 7,54 Gb Free Space | 3,03% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 249,25 Gb Total Space | 12,98 Gb Free Space | 5,21% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: VARGA-PC
Current User Name: Varga
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3529117251-1704060926-2748439740-1001\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.scr [@ = scrfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- F:\Photoshop\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- F:\Photoshop\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\PCNetSoftware\RAC Server\RACs.exe" = C:\Program Files (x86)\PCNetSoftware\RAC Server\RACs.exe:*:Enabled:Remote Administrator Control Server -- (Miloslav Novotny N+P)
"C:\Program Files (x86)\PCNetSoftware\RAC Server\RACs.exe" = C:\Program Files (x86)\PCNetSoftware\RAC Server\RACs.exe:*:Enabled:Remote Administrator Control Server -- (Miloslav Novotny N+P)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{135F3858-7213-4C72-9D1E-508C48952060}" = Windows 7 Manager
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D3CFE3F-E465-4D5E-A78A-723C6FB69ABB}" = ESET Smart Security
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{49D5BCB5-31E0-4B32-816D-E953C372E650}" = TortoiseSVN 1.6.8.19260 (64 bit)
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-041B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Slovak) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archivátor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0116F921-3F28-447E-B33F-248D8E65D4CD}" = 001 File Joiner and Splitter
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0
"{0C35EAE4-A535-46B7-B4BF-68952BD94E68}" = Uniblue DiskRescue 2009
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}" = Codec-TS SDK
"{297D51FC-9AE2-4778-AB62-D202E7EE7D53}" = Robot Arena 2
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD & 3D Advisor 2.0
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}" = WinFast Multimedia Driver Installation
"{43FFE159-3199-4188-A1CD-629166AD1051}" = Nero 7 Ultra Edition
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}" = Folding@home-gpu
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{584267B8-0BB0-4D18-9FFA-726576619E9A}" = Doom 3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{93758524-FE76-4D70-9F4D-7F727A83097C}" = Figuare9's Mod V1.0
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A0E0340-C3D7-42D1-96D4-64179FD456AE}" = De-interlace SDK
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1051-7B44-A93000000001}" = Adobe Reader 9.3.2 - Slovak
"{AF9848E2-5F19-4E49-9E6E-044FBDC28404}" = TT-SB SDK
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32261CD-F1C8-42C3-B507-CB6B87CEC1A8}" = Passware Kit Enterprise 9.3
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2
"{CAF666FC-B63F-4BD8-8308-652D1E728F04}" = Quake 4(TM) 1.3 Patch
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Zem
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced IP Address Calculator v1.1" = Advanced IP Address Calculator v1.1
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"asterisk key" = Asterisk Key 10.0
"Audacity_is1" = Audacity 1.2.6
"Cain & Abel v4.9.35" = Cain & Abel v4.9.35
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Coolendář 3.5" = Coolendář 3.5
"Doom Builder 2_is1" = Doom Builder 2.0
"DreamWorks Interactive: Neverhood" = The Neverhood
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Game Maker 8.0" = Game Maker 8.0
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Grand Theft Auto IV Episodes From Liberty City_is1" = Grand Theft Auto IV Episodes From Liberty City
"Half-Life 2 Awakening 1.1" = Half-Life 2 Awakening 1.1
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Install Creator" = Install Creator
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{297D51FC-9AE2-4778-AB62-D202E7EE7D53}" = Robot Arena 2
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IrfanView" = IrfanView (remove only)
"jetAudio 8.0.x Czech Language Pack" = jetAudio 8.0.x Czech Language Pack
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"Messenger Key" = Messenger Key 10.0
"Miranda IM" = Miranda IM 0.8.27
"mIRC" = mIRC
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"Muti ID3 Tag Editor" = Alex Buturuga - Muti ID3 Tag Editor 1.3b1
"Nmap" = Nmap 5.21
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PFPortChecker" = PFPortChecker 1.0.32
"PowerISO" = PowerISO
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 9.0
"PROPLUS" = Microsoft Office Professional Plus 2007
"Quick Batch File Compiler_is1" = Quick Batch File Compiler 3.2.8.0
"RAR Password Cracker" = RAR Password Cracker 4.12
"Sound Master 10_is1" = Sound Master 10 Release 10.1
"SpeedFan" = SpeedFan (remove only)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"Totalcmd" = Total Commander (Remove or Repair)
"Tunatic" = Tunatic
"Uniblue DiskRescue 2009" = Uniblue DiskRescue 2009
"WhiteCap" = WhiteCap
"WinPcapInst" = WinPcap 4.1.1
"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZDaemon" = ZDaemon (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3529117251-1704060926-2748439740-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinImage" = WinImage

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#15 Příspěvek od **vyosek** » 13 črc 2010 01:27

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ASNDIS4.SYS -- (ASNDIS4)
IE - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 36 B1 53 72 10 CB 01 [binary data]
IE - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3529117251-1704060926-2748439740-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
[2009/10/22 06:40:14 | 000,002,257 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Mozilla\FireFox\Profiles\m9666mo0.default\searchplugins\askcom.xml
[2010/05/12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Varga\AppData\Roaming\Mozilla\FireFox\Profiles\m9666mo0.default\searchplugins\icqplugin.xml
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:EEFF768F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CF54F1CA

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =-

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\wr393sk.exe
C:\Windows\SysWOW64\Dvbpws.dll

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

VIRY.CZ

Preventívna Kontrola

Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola

Re: Preventívna Kontrola