Preventivka po nezvanem hostovi Babylon

Zpráva

jamesbond007.cz

Dobry den mel jsem nezvaneho hosta jmenem Babylon, coz je soucast balastu na jinem programu. Drze si prenastavil oba prohlizece na domovskou stranku, zapsal se jako vychozi vyhledavaci zasuvny modul pro mozzilu a pri otevreni noveho okna se presmerovava na jejich stranku. Vse co jsem nasel jsem odstranil, az na posledni. Chci zpatky prazdny list v mozzile po otevreni noveho okna a nemuzu to najit.

Divne je ze proti tomu vubec nezakrocil antivir, coz obvykle dela.

Logfile of random's system information tool 1.09 (written by random/random)
Run by JAMESBOND007 at 2012-06-30 13:05:52
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 7 GB (21%) free of 31 GB
Total RAM: 2037 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:06:15, on 30.6.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAMTFBE.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\JAMESBOND007\Desktop\RSIT.exe
C:\Program Files\trend micro\JAMESBOND007.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113480 ... 0cf61dc112
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [F5D8055v2] C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\Users\JAMESB~1\AppData\Local\Temp\E_S707.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8954 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Epson Printer Software Downloader.job

=========Mozilla firefox=========

ProfilePath - C:\Users\JAMESBOND007\AppData\Roaming\Mozilla\Firefox\Profiles\luaegdt7.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=113480 ... 61dc112&q="

"virtualKeyboard@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
"linkfilter@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.257 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
linkfilter@kaspersky.ru_bak2
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\JAMESBOND007\AppData\Roaming\Mozilla\Firefox\Profiles\luaegdt7.default\searchplugins\
amazon-united-kingdom-search-suggestions.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll [2011-04-24 86416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"NBAgent"=C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-02-22 1226024]
"F5D8055v2"=C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe [2009-08-25 200704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2009-04-07 673616]
"Driver Genius"= []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-04-24 202296]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Sony Ericsson PC Companion"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-07-28 399736]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2011-04-22 247728]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
"EPSON SX110 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [2008-09-27 199680]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-06-05 17344176]

C:\Users\JAMESBOND007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-06-30 13:05:52 ----D---- C:\rsit
2012-06-28 22:32:52 ----D---- C:\Program Files\JDownloader
2012-06-28 22:32:32 ----A---- C:\user.js
2012-06-28 22:32:29 ----D---- C:\Program Files\BabylonToolbar
2012-06-28 22:31:21 ----D---- C:\ProgramData\Babylon
2012-06-28 22:31:20 ----D---- C:\Users\JAMESBOND007\AppData\Roaming\Babylon
2012-06-21 04:09:08 ----A---- C:\Windows\system32\wups2.dll
2012-06-21 04:09:08 ----A---- C:\Windows\system32\wuauclt.exe
2012-06-21 04:09:07 ----A---- C:\Windows\system32\wucltux.dll
2012-06-21 04:09:07 ----A---- C:\Windows\system32\wuaueng.dll
2012-06-21 04:08:32 ----A---- C:\Windows\system32\wuwebv.dll
2012-06-21 04:08:32 ----A---- C:\Windows\system32\wuapp.exe
2012-06-17 21:17:21 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2012-06-17 20:43:08 ----D---- C:\Program Files\Adobe Media Player
2012-06-17 20:40:15 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-06-14 22:31:17 ----D---- C:\Program Files\WorldUnlock Codes Calculator
2012-06-12 23:41:31 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-06-12 23:41:27 ----A---- C:\Windows\system32\ieframe.dll
2012-06-12 23:41:25 ----A---- C:\Windows\system32\mshtml.dll
2012-06-12 23:41:24 ----A---- C:\Windows\system32\msfeeds.dll
2012-06-12 23:41:23 ----A---- C:\Windows\system32\wininet.dll
2012-06-12 23:41:23 ----A---- C:\Windows\system32\urlmon.dll
2012-06-12 23:41:23 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-12 23:41:23 ----A---- C:\Windows\system32\iertutil.dll
2012-06-12 23:41:22 ----A---- C:\Windows\system32\url.dll
2012-06-12 23:41:22 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-12 23:41:22 ----A---- C:\Windows\system32\ieui.dll
2012-06-12 23:41:08 ----A---- C:\Windows\system32\jscript.dll
2012-06-12 23:41:02 ----A---- C:\Windows\system32\rdpwsx.dll
2012-06-12 23:41:02 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-06-12 23:41:01 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-06-12 23:41:00 ----A---- C:\Windows\system32\win32k.sys
2012-06-12 23:40:57 ----A---- C:\Windows\system32\msi.dll
2012-06-12 23:40:55 ----A---- C:\Windows\system32\profsvc.dll
2012-06-12 23:40:48 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-12 23:40:48 ----A---- C:\Windows\system32\cryptnet.dll
2012-06-12 23:40:48 ----A---- C:\Windows\system32\crypt32.dll
2012-06-08 20:58:15 ----D---- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO
2012-06-08 20:58:14 ----D---- C:\Program Files\Webteh
2012-06-08 00:12:59 ----D---- C:\Users\JAMESBOND007\AppData\Roaming\vlc
2012-06-07 01:07:51 ----D---- C:\Users\JAMESBOND007\AppData\Roaming\Malwarebytes
2012-06-07 01:07:51 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2012-06-07 01:07:30 ----D---- C:\ProgramData\Malwarebytes
2012-06-06 20:45:53 ----D---- C:\Program Files\DVDFab 8

======List of files/folders modified in the last 1 month======

2012-06-30 13:06:17 ----D---- C:\Windows\Temp
2012-06-30 13:06:11 ----D---- C:\Windows\Prefetch
2012-06-30 13:06:03 ----D---- C:\Program Files\trend micro
2012-06-30 12:54:28 ----D---- C:\Users\JAMESBOND007\AppData\Roaming\Skype
2012-06-30 12:50:41 ----D---- C:\ProgramData\Kaspersky Lab
2012-06-30 10:47:03 ----D---- C:\Windows\system32\config
2012-06-30 10:35:06 ----SHD---- C:\System Volume Information
2012-06-30 09:11:43 ----D---- C:\Users\JAMESBOND007\AppData\Roaming\uTorrent
2012-06-29 22:44:56 ----D---- C:\Windows\debug
2012-06-29 22:44:56 ----D---- C:\Windows
2012-06-29 22:37:17 ----SHD---- C:\Windows\Installer
2012-06-28 22:32:52 ----RD---- C:\Program Files
2012-06-28 22:31:21 ----D---- C:\ProgramData
2012-06-28 18:52:35 ----D---- C:\ProgramData\Skype
2012-06-26 18:50:06 ----D---- C:\Users\JAMESBOND007\AppData\Roaming\dvdcss
2012-06-26 18:29:14 ----D---- C:\Windows\System32
2012-06-26 18:29:14 ----D---- C:\Windows\inf
2012-06-26 18:29:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-25 18:34:19 ----D---- C:\Windows\system32\wdi
2012-06-21 04:09:56 ----D---- C:\Windows\winsxs
2012-06-21 04:09:51 ----D---- C:\Windows\system32\cs-CZ
2012-06-21 04:09:28 ----D---- C:\Windows\system32\catroot
2012-06-20 18:05:55 ----D---- C:\Windows\system32\catroot2
2012-06-17 21:17:44 ----D---- C:\Users\JAMESBOND007\AppData\Roaming\Adobe
2012-06-17 21:11:17 ----D---- C:\ProgramData\Adobe
2012-06-17 21:11:03 ----D---- C:\Program Files\Common Files\Adobe
2012-06-17 20:47:01 ----D---- C:\Program Files\Adobe
2012-06-17 20:45:48 ----RSD---- C:\Windows\Fonts
2012-06-17 20:40:15 ----D---- C:\Program Files\Common Files
2012-06-17 20:02:05 ----D---- C:\Windows\Tasks
2012-06-17 20:02:05 ----D---- C:\Windows\system32\Tasks
2012-06-17 20:01:39 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-06-13 13:49:41 ----D---- C:\Windows\rescache
2012-06-13 07:16:21 ----D---- C:\Windows\Microsoft.NET
2012-06-13 07:15:27 ----RSD---- C:\Windows\assembly
2012-06-13 03:40:24 ----D---- C:\Windows\system32\migration
2012-06-13 03:40:24 ----D---- C:\Windows\system32\drivers
2012-06-13 03:40:24 ----D---- C:\Program Files\Internet Explorer
2012-06-13 03:23:08 ----D---- C:\ProgramData\Microsoft Help
2012-06-13 03:08:25 ----A---- C:\Windows\system32\MRT.exe
2012-06-11 16:58:25 ----D---- C:\Boot
2012-06-07 21:28:07 ----D---- C:\Program Files\VideoLAN
2012-06-07 12:45:15 ----D---- C:\Windows\en-US
2012-06-06 22:26:29 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2011-03-04 133208]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-03 691696]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2012-05-01 570160]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6232.sys [2011-10-14 231640]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
R3 netr28u;Belkin N+ Wireless USB Adapter Driver; C:\Windows\system32\DRIVERS\netr28u.sys [2011-11-04 807936]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 rt61x86;RT61 Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr61.sys [2010-04-07 376160]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 aip4mx96;aip4mx96; C:\Windows\system32\drivers\aip4mx96.sys []
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 catchme;catchme; \??\C:\Users\JAMESB~1\AppData\Local\Temp\catchme.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2011-11-04 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2011-11-04 25512]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2012-06-07 40776]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-04-24 202296]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2008-05-08 122880]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-17 143872]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2011-11-09 132768]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-02-18 462632]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-05 160944]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-01 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-29 1343400]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 30 čer 2012 13:19

Zdravim a pekny den preji

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

jamesbond007.cz

OTL logfile created on: 30.6.2012 13:26:25 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\JAMESBOND007\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,65 Gb Available Physical Memory | 32,93% Memory free
4,36 Gb Paging File | 2,15 Gb Available in Paging File | 49,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30,33 Gb Total Space | 6,34 Gb Free Space | 20,90% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 13,62 Gb Free Space | 46,48% Space Free | Partition Type: NTFS
Drive F: | 1397,25 Gb Total Space | 512,02 Gb Free Space | 36,64% Space Free | Partition Type: NTFS
Drive G: | 670,18 Gb Total Space | 331,22 Gb Free Space | 49,42% Space Free | Partition Type: NTFS
Drive H: | 693,50 Gb Total Space | 9,08 Gb Free Space | 1,31% Space Free | Partition Type: NTFS

Computer Name: PETERPAN | User Name: JAMESBOND007 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.06.30 13:23:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\JAMESBOND007\Desktop\OTL.exe
PRC - [2012.06.17 20:01:39 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012.05.01 22:46:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2011.10.03 06:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011.04.24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
PRC - [2011.04.22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.02.22 16:17:50 | 001,226,024 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009.10.30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009.09.24 07:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2009.08.25 19:36:10 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe
PRC - [2009.04.07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2007.12.17 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.11.16 00:02:00 | 000,175,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FAMTFBE.EXE
PRC - [2007.01.11 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

========== Modules (No Company Name) ==========

MOD - [2012.06.17 20:01:39 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012.05.01 22:46:41 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2009.08.25 19:36:10 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe
MOD - [2009.06.17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009.06.17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009.06.17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009.03.12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008.09.03 14:28:24 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2008.08.29 09:55:00 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.01 22:46:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2011.07.29 02:01:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007.12.17 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.11 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JAMESB~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aip4mx96)
DRV - [2012.06.07 01:08:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.05.01 22:16:13 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.11.04 18:07:33 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.11.04 18:07:33 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.11.04 17:12:09 | 000,807,936 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2011.10.14 19:25:08 | 000,231,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R)
DRV - [2011.08.03 12:58:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.11.20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.04.07 13:16:16 | 000,376,160 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008.03.17 17:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113480 ... 0cf61dc112
IE - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTer ... 0cf61dc112
IE - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\..\SearchScopes\{2968208B-4B6D-4CAD-AEDB-10E82248CEBB}: "URL" = http://uk.search.yahoo.com/search?fr=ch ... earchTerms}
IE - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=113480 ... 61dc112&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.05.03 15:48:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.05.03 15:48:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.01 22:46:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.08.15 18:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAMESBOND007\AppData\Roaming\Mozilla\Extensions
[2011.08.15 18:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAMESBOND007\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012.06.29 22:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAMESBOND007\AppData\Roaming\Mozilla\Firefox\Profiles\luaegdt7.default\extensions
[2011.08.20 03:45:23 | 000,002,586 | ---- | M] () -- C:\Users\JAMESBOND007\AppData\Roaming\Mozilla\Firefox\Profiles\luaegdt7.default\searchplugins\amazon-united-kingdom-search-suggestions.xml
[2012.05.03 15:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.01 17:27:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.07.22 22:41:48 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.05.03 15:48:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\LINKFILTER@KASPERSKY.RU
[2012.05.03 15:48:17 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
[2012.01.05 18:21:38 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\JAMESBOND007\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LUAEGDT7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.01 22:46:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.22 20:02:31 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.03.22 20:02:31 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.03.22 20:02:31 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.03.22 20:02:31 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.03.22 20:02:31 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.10.01 21:32:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Driver Genius] File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [F5D8055v2] C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-639642466-3583416747-2226022664-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-639642466-3583416747-2226022664-1001..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-639642466-3583416747-2226022664-1001..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-639642466-3583416747-2226022664-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-639642466-3583416747-2226022664-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{019A1248-46C0-4362-A181-AA9F8C230B22}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FE70EF0-ED3C-4487-957A-C21D4AE38204}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.06.30 13:23:22 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\JAMESBOND007\Desktop\OTL.exe
[2012.06.30 13:05:52 | 000,000,000 | ---D | C] -- C:\rsit
[2012.06.28 22:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012.06.28 22:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.06.28 22:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.28 22:31:20 | 000,000,000 | ---D | C] -- C:\Users\JAMESBOND007\AppData\Roaming\Babylon
[2012.06.28 22:27:01 | 000,081,488 | ---- | C] (AppWork UG (haftungsbeschränkt)) -- C:\Users\JAMESBOND007\Desktop\WebInstaller.exe

========== Files - Modified Within 7 Days ==========

[2012.06.30 13:31:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.06.30 13:23:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\JAMESBOND007\Desktop\OTL.exe
[2012.06.30 13:05:31 | 000,781,383 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\RSIT.exe
[2012.06.30 12:18:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 22:34:37 | 000,001,993 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\JDownloader.lnk
[2012.06.28 22:32:35 | 000,000,250 | ---- | M] () -- C:\user.js
[2012.06.28 22:27:23 | 000,081,488 | ---- | M] (AppWork UG (haftungsbeschränkt)) -- C:\Users\JAMESBOND007\Desktop\WebInstaller.exe
[2012.06.28 15:10:05 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.06.27 21:26:37 | 000,002,717 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\jLQtRqxE0Nal5YJJ.jpg
[2012.06.26 18:29:14 | 000,631,054 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.06.26 18:29:14 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.26 18:29:14 | 000,121,708 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.06.26 18:29:14 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.24 23:23:52 | 152,288,296 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Avatar_The_Last_Airbender_01x01_-_Chlapec_v_ledovci_by_Zaine.avi
[2012.06.23 20:41:38 | 000,358,088 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu9.png
[2012.06.23 20:37:47 | 000,358,721 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu8.png
[2012.06.23 20:32:56 | 000,349,131 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu7.png
[2012.06.23 20:24:17 | 000,354,918 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu6.png
[2012.06.23 20:22:23 | 000,350,700 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu5.png
[2012.06.23 20:15:48 | 000,356,648 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu4.png
[2012.06.23 20:14:19 | 000,350,196 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu3.png
[2012.06.23 20:12:59 | 000,349,453 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu2.png
[2012.06.23 20:11:10 | 000,347,236 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu1.png

========== Files Created - No Company Name ==========

[2012.06.30 13:31:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.06.30 13:05:04 | 000,781,383 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\RSIT.exe
[2012.06.28 22:34:37 | 000,001,993 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\JDownloader.lnk
[2012.06.28 22:34:13 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.06.28 22:34:12 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012.06.28 22:34:12 | 000,001,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.06.28 22:32:32 | 000,000,250 | ---- | C] () -- C:\user.js
[2012.06.27 21:26:09 | 000,002,717 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\jLQtRqxE0Nal5YJJ.jpg
[2012.06.24 21:59:18 | 152,288,296 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Avatar_The_Last_Airbender_01x01_-_Chlapec_v_ledovci_by_Zaine.avi
[2012.06.23 20:41:37 | 000,358,088 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu9.png
[2012.06.23 20:37:46 | 000,358,721 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu8.png
[2012.06.23 20:31:24 | 000,349,131 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu7.png
[2012.06.23 20:24:16 | 000,354,918 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu6.png
[2012.06.23 20:18:10 | 000,350,700 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu5.png
[2012.06.23 20:15:47 | 000,356,648 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu4.png
[2012.06.23 20:13:29 | 000,350,196 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu3.png
[2012.06.23 20:12:58 | 000,349,453 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu2.png
[2012.06.23 20:06:29 | 000,347,236 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Bez názvu1.png
[2012.05.01 22:18:49 | 000,017,408 | ---- | C] () -- C:\Users\JAMESBOND007\AppData\Local\WebpageIcons.db
[2012.05.01 22:17:49 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.05.01 22:17:49 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.04.21 11:00:56 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012.04.20 14:14:28 | 000,000,209 | ---- | C] () -- C:\Windows\spf.INI
[2012.04.20 13:09:02 | 000,000,067 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012.04.20 13:08:33 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012.04.20 13:08:33 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012.04.20 13:08:33 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012.04.20 13:08:32 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012.01.31 16:01:21 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.01.31 16:01:20 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.01.31 16:01:20 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.01.31 16:01:20 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.01.31 16:01:20 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.01.31 16:01:20 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.01.31 16:01:20 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.01.31 16:01:20 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.01.31 16:01:20 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.01.31 16:01:20 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.01.31 16:01:20 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.01.31 16:01:20 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.01.31 16:01:20 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.01.31 16:01:20 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.01.31 16:01:20 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.01.31 16:01:20 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.01.31 16:01:20 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.01.31 16:01:20 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.01.31 16:01:20 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.01.22 00:34:49 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.11.04 17:13:14 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011.11.04 17:12:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2011.11.04 17:12:58 | 000,005,116 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2011.11.04 17:12:57 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\RT2870.bin
[2011.10.01 21:17:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.10.01 21:17:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.10.01 21:17:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.10.01 21:17:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.10.01 21:17:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat

========== LOP Check ==========

[2012.06.28 22:31:20 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Babylon
[2012.06.08 23:23:57 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO
[2011.08.03 14:10:26 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\DAEMON Tools Lite
[2012.02.01 20:24:35 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Epson
[2011.07.22 19:50:02 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\GHISLER
[2012.04.28 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\MyPhoneExplorer
[2012.01.22 00:34:55 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\pdfforge
[2012.04.05 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Rovio
[2011.08.15 18:19:16 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\TomTom
[2012.06.30 09:11:43 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\uTorrent
[2011.07.22 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Zoner
[2012.06.28 15:10:05 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2009.07.14 05:53:46 | 000,028,350 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 03:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 03:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.19 23:38:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.19 23:38:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.19 23:38:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 03:29:54 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 03:29:54 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.06.21 06:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\ERDNT\cache\tcpip.sys
[2011.06.21 06:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.04.25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2010.11.20 03:30:14 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 17:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2011.09.29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011.04.25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012.03.30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys
[2012.03.30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2012.03.30 10:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011.06.21 07:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< >

< %systemroot%*.* /U /s >
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.06.17 21:17:44 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Adobe
[2012.06.28 22:31:20 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Babylon
[2012.06.08 23:23:57 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO
[2011.08.03 14:10:26 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\DAEMON Tools Lite
[2012.06.26 18:50:06 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\dvdcss
[2012.02.01 20:24:35 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Epson
[2011.07.22 19:50:02 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\GHISLER
[2011.07.22 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Identities
[2011.11.04 17:12:13 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\InstallShield
[2011.07.22 23:23:10 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Macromedia
[2012.06.07 01:07:51 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Malwarebytes
[2009.07.14 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Media Center Programs
[2012.02.12 02:16:50 | 000,000,000 | --SD | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Microsoft
[2011.07.22 20:00:27 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Mozilla
[2012.04.28 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\MyPhoneExplorer
[2011.09.18 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Nero
[2012.01.22 00:34:55 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\pdfforge
[2012.04.05 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Rovio
[2012.06.30 13:53:30 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Skype
[2011.08.15 18:19:16 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\TomTom
[2012.06.30 13:52:55 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\uTorrent
[2012.06.29 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\vlc
[2011.07.28 14:42:15 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\WinRAR
[2011.07.22 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO\AC3 Filter\unins000.exe
[2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO\FFDShow\unins000.exe
[2010.08.14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO\Haali media splitter\dsmux.exe
[2010.08.14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO\Haali media splitter\gdsmux.exe
[2010.08.14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO\Haali media splitter\mkv2vfr.exe
[2010.09.30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO\Haali media splitter\uninstall.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012.06.28 15:10:05 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.08.03 12:58:04 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010.11.20 03:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation)
"Sony Ericsson PC Companion" = "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background -- [2011.10.21 15:06:26 | 000,433,872 | ---- | M] (Sony Ericsson)
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" -- [2011.07.28 14:44:25 | 000,399,736 | ---- | M] (BitTorrent, Inc.)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2009.10.30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd)
"TomTomHOME.exe" = "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -- [2011.04.22 13:21:10 | 000,247,728 | ---- | M] (TomTom)
"LightScribe Control Panel" = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -- [2009.06.17 12:13:36 | 002,363,392 | ---- | M] (Hewlett-Packard Company)
"EPSON SX110 Series" = C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\Users\JAMESB~1\AppData\Local\Temp\E_S707.tmp" /EF "HKCU" -- [2008.09.27 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2012.06.05 15:23:04 | 017,344,176 | R--- | M] (Skype Technologies S.A.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.05.01 22:46:42 | 000,924,600 | ---- | M] (Mozilla Corporation) MD5=4F69AABB5D82AA4EF6DFF7871212ADF6 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2010.11.20 03:22:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.06.30 13:31:58 | 000,000,512 | ---- | M] () MD5=6B57835368819C5D0DDCD7B6B781D9C8 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012.05.22 09:43:16 | 000,004,328 | ---- | M] () -- \Program Files\JDownloader\jd\plugins\hoster\CrackedCom.class
[2012.04.20 11:36:55 | 000,012,673 | ---- | M] () -- \Users\JAMESBOND007\AppData\Roaming\uTorrent\Stellar.Phoenix.FAT.Data.Recovery.11.1 with crack.torrent

< *keygen* /s >
[2012.06.17 20:16:33 | 000,037,064 | ---- | M] () -- \Users\JAMESBOND007\AppData\Roaming\uTorrent\Adobe_Photoshop_CS3_Extended_10_+_CZ_+_keygen.torrent
[2012.05.16 00:00:53 | 000,003,310 | ---- | M] () -- \Users\JAMESBOND007\AppData\Roaming\uTorrent\HDD Regenerator 1.71+Keygen [h33t][MurtajiZ].torrent

< *loader* /s >
[2010.03.09 04:28:40 | 005,297,608 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\Photodownloader.exe
[2010.03.09 01:38:58 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2010.03.09 01:38:58 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\de_de\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\en_us\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\es_es\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\it_it\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\no_no\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,308 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2010.03.09 01:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2006.10.26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2007.10.23 18:52:22 | 000,114,688 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\APFLoaderV13.dll
[2007.10.23 18:52:22 | 000,069,632 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader.dll
[2007.10.23 18:52:22 | 000,102,400 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader2006.dll
[2012.05.22 09:43:16 | 000,214,528 | ---- | M] () -- \Program Files\JDownloader\JDownloader.exe
[2012.05.22 09:43:16 | 000,593,293 | ---- | M] () -- \Program Files\JDownloader\JDownloader.jar
[2012.05.22 09:43:16 | 000,218,816 | ---- | M] () -- \Program Files\JDownloader\JDownloaderBETA.exe
[2012.05.22 09:43:16 | 000,218,816 | ---- | M] () -- \Program Files\JDownloader\JDownloaderD3D.exe
[2012.05.22 09:43:16 | 000,219,264 | ---- | M] () -- \Program Files\JDownloader\JDownloaderPortable.exe
[2012.06.28 22:38:53 | 000,000,105 | ---- | M] () -- \Program Files\JDownloader\jd\img\hosterlogos\uploader.pl.png
[2012.05.22 09:43:16 | 000,007,073 | ---- | M] () -- \Program Files\JDownloader\jd\plugins\hoster\UploaderPl.class
[2012.05.22 09:43:16 | 000,032,222 | ---- | M] () -- \Program Files\JDownloader\licenses\jdownloader.license
[2011.04.24 23:13:08 | 000,242,064 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\kas_loader.dll
[2011.04.24 23:13:22 | 000,270,736 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\prloader.dll
[2011.04.24 22:14:04 | 000,001,557 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\skin\resources\neutral\decl\common\images\loader_16.gif
[2011.04.24 22:14:04 | 000,000,419 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\skin\resources\neutral\decl\common\images\loader_16.png
[2011.04.24 22:14:04 | 000,006,377 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\skin\resources\neutral\decl\common\images\loader_32.gif
[2011.04.24 22:14:04 | 000,001,276 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\skin\resources\neutral\decl\common\images\loader_32.png
[2011.04.24 22:14:04 | 000,009,568 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\skin\resources\neutral\decl\common\images\loader_48.gif
[2011.04.24 22:14:04 | 000,001,805 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\skin\resources\neutral\decl\common\images\loader_48.png
[2011.04.24 22:14:04 | 000,020,462 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\skin\resources\neutral\decl\common\images\loader_96.gif
[2011.04.24 22:14:04 | 000,004,076 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\skin\resources\neutral\decl\common\images\loader_96.png
[2011.04.24 22:14:06 | 000,000,745 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\skin\resources\neutral\decl\main_window\CustomLoader.qml
[2011.09.19 13:16:48 | 000,001,702 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\licenses\loaderbinarylegal.txt
[2008.06.20 18:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2012.06.28 22:34:12 | 000,001,901 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012.06.28 22:34:12 | 000,001,880 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.06.28 22:34:12 | 000,001,957 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2010.02.05 14:22:02 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.02.29 08:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.02.29 08:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.06.28 22:34:12 | 000,001,901 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012.06.28 22:34:12 | 000,001,880 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.06.28 22:34:12 | 000,001,957 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2010.02.05 14:22:02 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.02.29 08:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.02.29 08:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.06.28 18:54:26 | 000,000,652 | ---- | M] () -- \Users\JAMESBOND007\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJBUFTTL\AdLoader[1].htm
[2012.06.28 22:34:37 | 000,001,957 | ---- | M] () -- \Users\JAMESBOND007\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012.06.28 22:34:37 | 000,001,993 | ---- | M] () -- \Users\JAMESBOND007\Desktop\JDownloader.lnk
[2011.08.03 13:55:48 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2012.06.28 22:34:55 | 000,017,826 | ---- | M] () -- \Windows\Prefetch\JDOWNLOADERPORTABLE.EXE-45EFB050.pf
[2012.06.28 22:30:20 | 000,095,242 | ---- | M] () -- \Windows\Prefetch\JDOWNLOADERSETUP.EXE-8998895B.pf
[2012.06.28 22:32:19 | 000,098,254 | ---- | M] () -- \Windows\Prefetch\JDOWNLOADERSETUP_IC.EXE-1938E95E.pf
[2009.07.14 13:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2011.07.16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2012.01.31 16:10:50 | 000,002,802 | ---- | M] () -- \Windows\System32\Tasks\Epson Printer Software Downloader
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2012.06.28 15:10:05 | 000,000,254 | ---- | M] () -- \Windows\Tasks\Epson Printer Software Downloader.job
[2009.07.14 09:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 09:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 09:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2011.07.22 23:33:29 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2011.07.22 23:33:29 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2011.07.22 23:33:29 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 09:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2010.11.20 04:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 07:13:36 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:47:28 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

jamesbond007.cz

OTL Extras logfile created on: 30.6.2012 13:26:40 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\JAMESBOND007\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,65 Gb Available Physical Memory | 32,93% Memory free
4,36 Gb Paging File | 2,15 Gb Available in Paging File | 49,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30,33 Gb Total Space | 6,34 Gb Free Space | 20,90% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 13,62 Gb Free Space | 46,48% Space Free | Partition Type: NTFS
Drive F: | 1397,25 Gb Total Space | 512,02 Gb Free Space | 36,64% Space Free | Partition Type: NTFS
Drive G: | 670,18 Gb Total Space | 331,22 Gb Free Space | 49,42% Space Free | Partition Type: NTFS
Drive H: | 693,50 Gb Total Space | 9,08 Gb Free Space | 1,31% Space Free | Partition Type: NTFS

Computer Name: PETERPAN | User Name: JAMESBOND007 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-639642466-3583416747-2226022664-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0962CFCF-BAD9-4463-A082-75EAAC5A77AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14AD3903-9EBC-4B3B-81F6-DD50506C4E6D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CDF6591-8CB2-47F3-8C8A-FDDE3880B0AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EFFD486-0972-404F-8B1E-D052BB52C788}" = lport=445 | protocol=6 | dir=in | app=system |
"{2323FA73-5D78-4C5F-BA4F-483E5ADAD3F3}" = rport=445 | protocol=6 | dir=out | app=system |
"{24C0CE6B-26CC-4EF1-BC6A-70F3F8858143}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{25E4B3AA-7EEB-4004-88E4-269CF486FD7B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B8E5840-418F-4D77-8913-9D2AD76D4385}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38AF73D3-9A92-4C52-9B76-1638274C6006}" = lport=138 | protocol=17 | dir=in | app=system |
"{4A383DD7-6F54-498E-9F71-CCC56018A3FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{6722058E-57B0-4100-A688-FBFE92BE5C33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CD7CE00-4850-4127-9142-49ADD7EA6BA3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7FFE7111-5AB5-4222-A8ED-0802B5744EF5}" = rport=138 | protocol=17 | dir=out | app=system |
"{8EB0C466-2C98-451B-B809-80314B93EEC3}" = lport=137 | protocol=17 | dir=in | app=system |
"{AEFCA9DC-7829-4524-80BE-9774AC833917}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B752147B-47F6-4FA0-9465-700E5B702FCF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B933CF7F-8A18-483A-B7BD-426F07F153F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C01146DB-6142-4B08-A5D0-08495148F711}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D32050E1-F968-4EBB-8C8F-085C19A6B7B3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D878000E-6517-474F-A478-34AFD6DE5BFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5B6FF3B-D20A-4779-B0E6-0BD89FD6B459}" = rport=137 | protocol=17 | dir=out | app=system |
"{E9835D7A-F8DA-4EE7-BE67-61CDB2E0C22A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EA4A5C5D-D1C8-4FDC-AF09-AF7CD5C26560}" = lport=139 | protocol=6 | dir=in | app=system |
"{ED3DA370-9E43-4B48-B525-34C7B088E2FC}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021F0243-4439-4007-910A-BF34D9D91B15}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{09BE083F-49DB-4FF9-846B-6EFB1597BA55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0F167ADE-1769-4C87-BC20-8073B9A656B2}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{1C390F75-9383-4DC6-A0AD-F13FDC597CB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{238A0747-EC9E-4111-937D-08F8D916AF41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2723EE3B-FE24-4D90-BAFC-588F8B660969}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2DEF7611-5DA8-4CBD-AB1B-FEDB13B5D691}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{32398CB9-F8DD-4AE2-A0DB-260B7BA8F834}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3570228A-04AA-43E8-83A1-9AB36E399B3B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{466AB2E5-9C9B-4955-B557-D906F0603228}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{555A6906-87ED-40B5-9577-FAD4359A0F88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{579EFBE8-BDE1-4E52-AC8D-D406CF45AC7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5C7F8491-F98D-4D30-B0D4-16A2012257E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66223956-BB39-4D74-B545-68CF9FD50E75}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{751B2D85-FB14-4898-8C27-44B41BCA4673}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EFF1EC1-64C0-49F4-AB72-DFF05C2BDE4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A2E3D41-26C3-4E6C-A0D7-E9D2C10849C1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A304C148-C04E-424B-89D2-0302F5572FA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE55C7DD-C906-4EF9-8BDA-A99DBE155FD2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B7E92CF8-C154-4408-942A-50FD1DCDA560}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{BC7B659E-2D84-4A58-8143-B11911B23905}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C01C3B67-F6B7-4B58-8BCF-255BAE652F65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C2839718-BFBB-4E57-80BF-AA43C2ED9266}" = protocol=6 | dir=out | app=system |
"{CB4A1F4F-7A06-4B27-AA29-3875731BFBFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4BD04C6-71A9-44CB-89EA-3CB1EDA91BCA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E813D671-8C64-46EF-A166-B76A31AA9285}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7F86994-F047-4E5C-9570-1363206D2148}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{007C4A3E-F4E0-44C4-9B44-773ED079544F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{0FFC261F-728E-4143-BE53-A2DFD2305A96}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C7A99E21-EF7C-403B-AE58-47006DF3DCD6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{D84C07DF-3A38-466D-A481-7A89E4F21AE6}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{EAAE29E3-0797-455E-86C8-0689C2CA24D4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0672B776-BAEB-4443-9338-B62147A3C9E1}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{1E38771F-BF9C-49C0-8203-DD1F16751C43}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4308C3F3-AEF3-4242-A2B3-3144B4E15ECD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{56641558-8E60-4D43-8E26-BB1CCA263AC2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{D767A355-F498-40F2-87D6-8049055CA36A}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5032D684-B2EB-46CC-9416-C9C955A53A85}" = Belkin N+ Wireless USB Adapter
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel(R) Network Connections 16.8.46.0
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Czech
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = AusLogics Registry Defrag
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Angry Birds Space HD v1.0.0.2 Full" = Angry Birds Space HD v1.0.0.2 Full
"BSPlayerp" = BS.Player PRO
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Duplicate Photo Finder" = FirmTools Duplicate Photo Finder 1
"DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"Epson Stylus SX110_TX110 User’s Guide" = Epson Stylus SX110_TX110 Manual
"EPSON SX110 Series" = Odinstalace tiskárny EPSON SX110 Series
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 cs)" = Mozilla Firefox 12.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"PROSetDX" = Intel(R) Network Connections 16.8.46.0
"Stellar Phoenix FAT Data Recovery_is1" = Stellar Phoenix FAT Data Recovery V11.1
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Totalcmd" = Total Commander (Remove or Repair)
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WinRAR archiver" = WinRAR
"WorldUnlock Codes Calculator" = WorldUnlock Codes Calculator
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9.6.2012 21:07:51 | Computer Name = PeterPan | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\sony ericsson\sony
ericsson pc companion\Drivers\DPInst64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 13.6.2012 8:44:47 | Computer Name = PeterPan | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\sony ericsson\sony
ericsson pc companion\Drivers\DPInst64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 18.6.2012 18:10:22 | Computer Name = PeterPan | Source = Application Error | ID = 1000
Description = Název chybující aplikace: FlashPlayerPlugin_11_3_300_257.exe, verze:
11.3.300.257, časové razítko: 0x4fc82063 Název chybujícího modulu: NPSWF32_11_3_300_257.dll,
verze: 11.3.300.257, časové razítko: 0x4fc821fc Kód výjimky: 0xc0000005 Posun chyby:
0x0010a7e7 ID chybujícího procesu: 0x1684 Čas spuštění chybující aplikace: 0x01cd4cceb42a31a5
Cesta
k chybující aplikaci: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Cesta
k chybujícímu modulu: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
ID
zprávy: 658ffec8-b992-11e1-93e9-111111111111

Error - 18.6.2012 19:41:50 | Computer Name = PeterPan | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 18.6.2012 19:49:47 | Computer Name = PeterPan | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\sony ericsson\sony
ericsson pc companion\Drivers\DPInst64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 20.6.2012 13:00:57 | Computer Name = PeterPan | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 20.6.2012 13:03:48 | Computer Name = PeterPan | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\sony ericsson\sony
ericsson pc companion\Drivers\DPInst64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 30.6.2012 4:39:32 | Computer Name = PeterPan | Source = Application Error | ID = 1000
Description = Název chybující aplikace: firefox.exe, verze: 12.0.0.4493, časové
razítko: 0x4f9207d9 Název chybujícího modulu: mozglue.dll, verze: 12.0.0.4493, časové
razítko: 0x4f91f34c Kód výjimky: 0xc0000005 Posun chyby: 0x0000374b ID chybujícího
procesu: 0x1e0c Čas spuštění chybující aplikace: 0x01cd5640917be5fb Cesta k chybující
aplikaci: C:\Program Files\Mozilla Firefox\firefox.exe Cesta k chybujícímu modulu:
C:\Program Files\Mozilla Firefox\mozglue.dll ID zprávy: 1cc0d8e2-c28f-11e1-93e9-111111111111

Error - 30.6.2012 5:29:51 | Computer Name = PeterPan | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 30.6.2012 5:32:23 | Computer Name = PeterPan | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\sony ericsson\sony
ericsson pc companion\Drivers\DPInst64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

[ System Events ]
Error - 30.6.2012 8:26:28 | Computer Name = PeterPan | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 30.6.2012 8:26:28 | Computer Name = PeterPan | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 30.6.2012 8:26:29 | Computer Name = PeterPan | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 30.6.2012 8:26:29 | Computer Name = PeterPan | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 30.6.2012 8:26:29 | Computer Name = PeterPan | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 30.6.2012 8:26:29 | Computer Name = PeterPan | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 30.6.2012 8:26:29 | Computer Name = PeterPan | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 30.6.2012 8:26:29 | Computer Name = PeterPan | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 30.6.2012 8:26:29 | Computer Name = PeterPan | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 30.6.2012 8:27:55 | Computer Name = PeterPan | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

< End of report >

#5 Příspěvek od **vyosek** » 30 čer 2012 14:33

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JAMESB~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aip4mx96)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113480 ... 0cf61dc112
IE - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=280612_6_&babsrc=SP_ss&mntrId=06d44b52000000000000000cf61dc112
IE - HKU\S-1-5-21-639642466-3583416747-2226022664-1001\..\SearchScopes\{2968208B-4B6D-4CAD-AEDB-10E82248CEBB}: "URL" = http://uk.search.yahoo.com/search?fr=ch ... =827316&p={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=113480&tt=280612_6_&babsrc=KW_ss&mntrId=06d44b52000000000000000cf61dc112&q="
[2011.08.20 03:45:23 | 000,002,586 | ---- | M] () -- C:\Users\JAMESBOND007\AppData\Roaming\Mozilla\Firefox\Profiles\luaegdt7.default\searchplugins\amazon-united-kingdom-search-suggestions.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2012.06.28 22:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.06.28 22:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.28 22:31:20 | 000,000,000 | ---D | C] -- C:\Users\JAMESBOND007\AppData\Roaming\Babylon
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2012.06.28 15:10:05 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"NBAgent"=-
"SunJavaUpdateSched"=-
"Driver Genius"=-
"AdobeAAMUpdater-1.0"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"=-
"uTorrent"=-
"DAEMON Tools Lite"=-
"Skype"=-

:files
c:\Users\JAMESBOND007\AppData\Roaming\uTorrent\Stellar.Phoenix.FAT.Data.Recovery.11.1 with crack.torrent
c:\Users\JAMESBOND007\AppData\Roaming\uTorrent\HDD Regenerator 1.71+Keygen [h33t][MurtajiZ].torrent
c:\Users\JAMESBOND007\AppData\Roaming\uTorrent\Adobe_Photoshop_CS3_Extended_10_+_CZ_+_keygen.torrent
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

jamesbond007.cz

Po restartu mi bohuzel zadny log nevyskocil. Co mam delat nyni?

search.babylon.com/?affID=113480&tt=280612_6_&babsrc=NT_ss&mntrId=06d44b52000000000000000cf61dc112

toto mi stale vyskakuje z kazdeho noveho panelu. Jak se toho zbavim?

#7 Příspěvek od **vyosek** » 30 čer 2012 18:00

Opakujte postup s opravou v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

jamesbond007.cz

mam pocit ze Babylon sleduje vse co na netu delam, jakekoli i odkazem otevrene okno/panel je pres vyse uvedeny link.

All processes killed
========== OTL ==========
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\Users\JAMESB~1\AppData\Local\Temp\catchme.sys not found.
Error: No service named aip4mx96 was found to stop!
Service\Driver key aip4mx96 not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-639642466-3583416747-2226022664-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-639642466-3583416747-2226022664-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-639642466-3583416747-2226022664-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-639642466-3583416747-2226022664-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-639642466-3583416747-2226022664-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2968208B-4B6D-4CAD-AEDB-10E82248CEBB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2968208B-4B6D-4CAD-AEDB-10E82248CEBB}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "http://search.babylon.com/?affID=113480 ... 61dc112&q=" removed from keyword.URL
File C:\Users\JAMESBOND007\AppData\Roaming\Mozilla\Firefox\Profiles\luaegdt7.default\searchplugins\amazon-united-kingdom-search-suggestions.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Folder C:\Program Files\BabylonToolbar\ not found.
Folder C:\ProgramData\Babylon\ not found.
Folder C:\Users\JAMESBOND007\AppData\Roaming\Babylon\ not found.
File/Folder C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp not found.
File C:\Windows\Tasks\Epson Printer Software Downloader.job not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NBAgent not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Genius not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Sony Ericsson PC Companion not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype not found.
========== FILES ==========
File\Folder c:\Users\JAMESBOND007\AppData\Roaming\uTorrent\Stellar.Phoenix.FAT.Data.Recovery.11.1 with crack.torrent not found.
File\Folder c:\Users\JAMESBOND007\AppData\Roaming\uTorrent\HDD Regenerator 1.71+Keygen [h33t][MurtajiZ].torrent not found.
File\Folder c:\Users\JAMESBOND007\AppData\Roaming\uTorrent\Adobe_Photoshop_CS3_Extended_10_+_CZ_+_keygen.torrent not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JAMESBOND007
->Temp folder emptied: 1258 bytes
->Temporary Internet Files folder emptied: 2409945 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 69385890 bytes
->Flash cache emptied: 2214 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 574528 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 69,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: JAMESBOND007
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.53.0 log created on 06302012_231105

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#9 Příspěvek od **vyosek** » 01 črc 2012 09:55

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

jamesbond007.cz

Log posilam z jineho pc. Mozzila,kaspersky a ani poznamkovy blok nelze spustit. registry jsou urcene k vymazani. nedelam s pc nic. Znam combofix jako obcasny uzivatel na radu z mistniho fora a vim co dokaze

ComboFix 12-06-30.01 - JAMESBOND007 01.07.2012 10:54:37.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2037.1315 [GMT 1:00]
Spuštìný z: c:\users\JAMESBOND007\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvoøené od 2012-06-01 do 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 10:05 . 2012-07-01 10:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 13:37 . 2012-06-30 13:37 -------- d-----w- C:\_OTL
2012-06-30 12:31 . 2012-06-30 12:31 512 ----a-w- C:\PhysicalMBR.bin
2012-06-30 12:05 . 2012-06-30 12:06 -------- d-----w- C:\rsit
2012-06-29 07:02 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CB1B8E2-9784-4351-AC51-14441EF08A45}\mpengine.dll
2012-06-28 21:32 . 2012-06-28 21:42 -------- d-----w- c:\program files\JDownloader
2012-06-28 21:32 . 2012-06-28 21:32 250 ----a-w- C:\user.js
2012-06-21 03:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 03:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 03:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 03:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 03:08 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 03:08 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 03:08 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 03:08 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 03:08 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-17 19:43 . 2012-06-17 19:43 -------- d-----w- c:\program files\Adobe Media Player
2012-06-17 19:40 . 2012-06-17 19:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-06-17 19:07 . 2012-06-17 19:07 -------- d-----w- c:\users\JAMESBOND007\AppData\Local\Macromedia
2012-06-14 21:31 . 2012-06-14 21:31 -------- d-----w- c:\program files\WorldUnlock Codes Calculator
2012-06-12 22:40 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-12 22:40 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 22:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 22:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 22:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-08 19:58 . 2012-06-08 22:23 -------- d-----w- c:\users\JAMESBOND007\AppData\Roaming\BSplayer PRO
2012-06-08 19:58 . 2012-06-08 19:58 -------- d-----w- c:\program files\Webteh
2012-06-07 23:12 . 2012-06-29 19:35 -------- d-----w- c:\users\JAMESBOND007\AppData\Roaming\vlc
2012-06-07 21:18 . 2012-06-07 21:18 -------- d--h--r- c:\users\Public\Libraries
2012-06-07 00:07 . 2012-06-07 00:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-07 00:07 . 2012-06-07 00:07 -------- d-----w- c:\users\JAMESBOND007\AppData\Roaming\Malwarebytes
2012-06-07 00:07 . 2012-06-07 00:07 -------- d-----w- c:\programdata\Malwarebytes
2012-06-06 19:45 . 2012-06-06 19:46 -------- d-----w- c:\program files\DVDFab 8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 19:01 . 2012-04-01 21:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 19:01 . 2011-07-22 22:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 21:46 . 2011-07-22 19:00 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-07-28 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"F5D8055v2"="c:\program files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe" [2009-08-25 200704]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\JAMESBOND007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výøezy obrazovky a spuštìní aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 NAUpdate;Aktualizace Nero;c:\program files\Nero\Update\NASvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 netr28u;Belkin N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Ostatní služby/ovladaèe v pamìti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplòkový sken -------
.
uStart Page =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\JAMESBOND007\AppData\Roaming\Mozilla\Firefox\Profiles\luaegdt7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=280612_6_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 06d44b52000000000000000cf61dc112
FF - user.js: extensions.BabylonToolbar_i.hardId - 06d44b52000000000000000cf61dc112
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15519
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:32
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- ZAMKNUTÉ KLÍÈE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový èas: 2012-07-01 11:11:11
ComboFix-quarantined-files.txt 2012-07-01 10:11
.
Pøed spuštìním: 7 208 669 184
Po spuštìní: 7 159 447 552
.
- - End Of File - - D69438A17AD474853D9F95A952A54C61

#11 Příspěvek od **vyosek** » 01 črc 2012 17:22

Restartujte PC, to pomuze

Jedna se o chybu kterou obcas bohuzel CF zpusobi. Zatim ale sUBs (autor CF) nenasel jeji pricinu - objevuje se nepravidelne a jen na nekterych strojich...

Pak napiste ci pomohlo, ale melo by...I to je jeden z dalsich mnoha duvodu, proc se ma CF pouzivat jen na doporuceni zkusene osoby, ktera s CF umi zachazet a vi\zna jeji chyby a co muze zpusobit a jak to opravit...

#12 Příspěvek od **vyosek** » 01 črc 2012 17:24

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Firefox::
FF - ProfilePath - c:\users\JAMESBOND007\AppData\Roaming\Mozilla\Firefox\Profiles\luaegdt7.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=280612_6_
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 06d44b52000000000000000cf61dc112
FF - user.js: extensions.BabylonToolbar_i.hardId - 06d44b52000000000000000cf61dc112
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15519
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:32
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

jamesbond007.cz

Delal jsem to 2x protoze jsem si zapomel vypnout antivir. po docisteni stale zustava odkaz v mozzile:

search.babylon.com/?affID=113480&tt=280612_6_&babsrc=NT_ss&mntrId=06d44b52000000000000000cf61dc112

ComboFix 12-06-30.01 - JAMESBOND007 01.07.2012 19:52:02.3.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2037.1277 [GMT 1:00]
Spuštěný z: c:\users\JAMESBOND007\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\JAMESBOND007\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-01 do 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 19:02 . 2012-07-01 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 13:37 . 2012-06-30 13:37 -------- d-----w- C:\_OTL
2012-06-30 12:31 . 2012-06-30 12:31 512 ----a-w- C:\PhysicalMBR.bin
2012-06-30 12:05 . 2012-06-30 12:06 -------- d-----w- C:\rsit
2012-06-29 07:02 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CB1B8E2-9784-4351-AC51-14441EF08A45}\mpengine.dll
2012-06-28 21:32 . 2012-06-28 21:42 -------- d-----w- c:\program files\JDownloader
2012-06-28 21:32 . 2012-06-28 21:32 250 ----a-w- C:\user.js
2012-06-21 03:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 03:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 03:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 03:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 03:08 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 03:08 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 03:08 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 03:08 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 03:08 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-17 19:43 . 2012-06-17 19:43 -------- d-----w- c:\program files\Adobe Media Player
2012-06-17 19:40 . 2012-06-17 19:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-06-17 19:07 . 2012-06-17 19:07 -------- d-----w- c:\users\JAMESBOND007\AppData\Local\Macromedia
2012-06-14 21:31 . 2012-06-14 21:31 -------- d-----w- c:\program files\WorldUnlock Codes Calculator
2012-06-12 22:40 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-12 22:40 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 22:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 22:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 22:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-08 19:58 . 2012-06-08 22:23 -------- d-----w- c:\users\JAMESBOND007\AppData\Roaming\BSplayer PRO
2012-06-08 19:58 . 2012-06-08 19:58 -------- d-----w- c:\program files\Webteh
2012-06-07 23:12 . 2012-06-29 19:35 -------- d-----w- c:\users\JAMESBOND007\AppData\Roaming\vlc
2012-06-07 21:18 . 2012-06-07 21:18 -------- d--h--r- c:\users\Public\Libraries
2012-06-07 00:07 . 2012-06-07 00:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-07 00:07 . 2012-06-07 00:07 -------- d-----w- c:\users\JAMESBOND007\AppData\Roaming\Malwarebytes
2012-06-07 00:07 . 2012-06-07 00:07 -------- d-----w- c:\programdata\Malwarebytes
2012-06-06 19:45 . 2012-06-06 19:46 -------- d-----w- c:\program files\DVDFab 8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 19:01 . 2012-04-01 21:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 19:01 . 2011-07-22 22:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 21:46 . 2011-07-22 19:00 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-07-28 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"F5D8055v2"="c:\program files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe" [2009-08-25 200704]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\JAMESBOND007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 NAUpdate;Aktualizace Nero;c:\program files\Nero\Update\NASvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 netr28u;Belkin N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\JAMESBOND007\AppData\Roaming\Mozilla\Firefox\Profiles\luaegdt7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\crypserv.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\conhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2012-07-01 20:53:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-01 19:53
ComboFix2.txt 2012-07-01 10:11
.
Před spuštěním: 7 208 255 488
Po spuštění: 7 155 527 680
.
- - End Of File - - A7DFEC028E959890AD226680691880A8

#14 Příspěvek od **vyosek** » 02 črc 2012 20:05

Projdete spravce doplnku a spravce vyhledavacich modulu ve FF

Udelejte znovu Sken pomoci OTL

jamesbond007.cz

Novy log bez scriptu s lop a purity

OTL logfile created on: 3.7.2012 21:38:16 - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\JAMESBOND007\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,64 Gb Available Physical Memory | 32,37% Memory free
3,98 Gb Paging File | 1,72 Gb Available in Paging File | 43,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30,33 Gb Total Space | 6,65 Gb Free Space | 21,94% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 13,62 Gb Free Space | 46,48% Space Free | Partition Type: NTFS
Drive F: | 1397,25 Gb Total Space | 512,02 Gb Free Space | 36,64% Space Free | Partition Type: NTFS
Drive G: | 670,18 Gb Total Space | 334,45 Gb Free Space | 49,90% Space Free | Partition Type: NTFS
Drive H: | 693,50 Gb Total Space | 4,73 Gb Free Space | 0,68% Space Free | Partition Type: NTFS
Drive I: | 29,91 Gb Total Space | 29,21 Gb Free Space | 97,67% Space Free | Partition Type: FAT32

Computer Name: PETERPAN | User Name: JAMESBOND007 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.30 13:23:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\JAMESBOND007\Desktop\OTL.exe
PRC - [2012.06.17 20:01:39 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012.05.01 22:46:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2011.06.06 01:26:40 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011.04.24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
PRC - [2011.04.22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009.08.25 19:36:10 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe
PRC - [2009.04.07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2007.12.17 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.01.11 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

========== Modules (No Company Name) ==========

MOD - [2012.06.17 20:01:39 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012.05.01 22:46:41 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.06.07 00:30:08 | 002,263,552 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlccore.dll
MOD - [2011.06.07 00:30:08 | 000,101,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2011.06.07 00:29:56 | 001,451,520 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libzvbi_plugin.dll
MOD - [2011.06.07 00:29:54 | 011,496,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libqt4_plugin.dll
MOD - [2011.06.07 00:29:54 | 002,157,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2011.06.07 00:29:54 | 001,763,328 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblibass_plugin.dll
MOD - [2011.06.07 00:29:54 | 001,712,128 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2011.06.07 00:29:54 | 001,290,752 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MOD - [2011.06.07 00:29:54 | 001,137,664 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libxml_plugin.dll
MOD - [2011.06.07 00:29:54 | 001,104,896 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtaglib_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,640,512 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfreetype_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,368,640 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,338,944 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblua_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,325,632 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libswscale_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,302,080 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsdl_image_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,258,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,237,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,194,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmp4_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,152,576 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,135,680 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,130,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,128,000 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,078,848 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libzip_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,073,728 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,052,224 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsubtitle_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,052,224 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,048,640 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,047,104 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsubsdec_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,046,080 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,044,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvobsub_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,040,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,039,936 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libspudec_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmono_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,033,280 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libinvmem_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\librawvideo_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libscale_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuvp_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2011.06.07 00:29:54 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfolder_plugin.dll
MOD - [2011.06.07 00:29:52 | 008,135,680 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavcodec_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,309,760 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,265,216 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libflac_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,231,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,210,944 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,178,176 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,150,528 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdvbsub_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,090,112 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,088,064 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavi_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,088,064 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_http_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,067,072 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdirectx_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,065,536 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,061,440 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,057,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libblend_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,045,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libcc_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libadpcm_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libcvdsub_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libcdg_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,033,280 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaes3_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdemux_cdg_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdrawable_plugin.dll
MOD - [2011.06.07 00:29:52 | 000,030,720 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2011.06.06 01:26:40 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2009.08.25 19:36:10 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe
MOD - [2009.06.17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009.06.17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009.06.17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009.03.12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008.09.03 14:28:24 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2008.08.29 09:55:00 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.01 22:46:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2011.07.29 02:01:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007.12.17 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.11 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JAMESB~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (au4vg70r)
DRV - [2012.06.07 01:08:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.05.01 22:16:13 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.11.04 18:07:33 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.11.04 18:07:33 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.11.04 17:12:09 | 000,807,936 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2011.10.14 19:25:08 | 000,231,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R)
DRV - [2011.08.03 12:58:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.11.20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.04.07 13:16:16 | 000,376,160 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008.03.17 17:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.05.03 15:48:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.05.03 15:48:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.01 22:46:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.08.15 18:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAMESBOND007\AppData\Roaming\Mozilla\Extensions
[2011.08.15 18:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAMESBOND007\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012.07.01 18:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAMESBOND007\AppData\Roaming\Mozilla\Firefox\Profiles\luaegdt7.default\extensions
[2012.05.03 15:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.01 17:27:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.07.22 22:41:48 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.05.03 15:48:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\LINKFILTER@KASPERSKY.RU
[2012.05.03 15:48:17 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
[2012.07.01 18:20:42 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\JAMESBOND007\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LUAEGDT7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.01 22:46:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.22 20:02:31 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.03.22 20:02:31 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.03.22 20:02:31 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.03.22 20:02:31 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.03.22 20:02:31 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2012.07.01 20:42:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [F5D8055v2] C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{019A1248-46C0-4362-A181-AA9F8C230B22}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FE70EF0-ED3C-4487-957A-C21D4AE38204}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.01 20:52:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.01 19:50:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.07.01 17:06:42 | 000,000,000 | ---D | C] -- C:\Users\JAMESBOND007\Desktop\TBS satelit
[2012.07.01 10:14:53 | 004,567,958 | R--- | C] (Swearware) -- C:\Users\JAMESBOND007\Desktop\ComboFix.exe
[2012.06.30 14:37:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.30 13:23:22 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\JAMESBOND007\Desktop\OTL.exe
[2012.06.30 13:05:52 | 000,000,000 | ---D | C] -- C:\rsit
[2012.06.28 22:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012.06.21 04:09:08 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 04:09:07 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 04:08:50 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 04:08:50 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 04:08:50 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 04:08:32 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 04:08:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.17 21:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.06.17 20:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012.06.17 20:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2012.06.17 20:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.06.17 20:07:53 | 000,000,000 | ---D | C] -- C:\Users\JAMESBOND007\AppData\Local\Macromedia
[2012.06.14 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\JAMESBOND007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator
[2012.06.14 22:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator
[2012.06.14 22:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\WorldUnlock Codes Calculator
[2012.06.12 23:41:24 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.12 23:41:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.12 23:41:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.12 23:41:22 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.12 23:41:22 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.12 23:41:02 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.12 23:41:02 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.12 23:41:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.12 23:41:00 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.08 21:00:37 | 000,000,000 | ---D | C] -- C:\Users\JAMESBOND007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webteh
[2012.06.08 20:58:15 | 000,000,000 | ---D | C] -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO
[2012.06.08 20:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2012.06.08 00:12:59 | 000,000,000 | ---D | C] -- C:\Users\JAMESBOND007\AppData\Roaming\vlc
[2012.06.08 00:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.06.07 22:00:11 | 000,000,000 | ---D | C] -- C:\Users\JAMESBOND007\Documents\NeroVision
[2012.06.07 01:07:51 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.06.07 01:07:51 | 000,000,000 | ---D | C] -- C:\Users\JAMESBOND007\AppData\Roaming\Malwarebytes
[2012.06.07 01:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.06 20:46:18 | 000,000,000 | ---D | C] -- C:\Users\JAMESBOND007\Documents\DVDFab
[2012.06.06 20:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8
[2012.06.06 20:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8

========== Files - Modified Within 30 Days ==========

[2012.07.01 21:05:41 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 21:05:41 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 21:03:01 | 000,631,054 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.07.01 21:03:01 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.01 21:03:01 | 000,121,708 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.07.01 21:03:01 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.01 20:58:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.01 20:57:45 | 1601,806,336 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.01 20:42:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.07.01 10:16:21 | 004,567,958 | R--- | M] (Swearware) -- C:\Users\JAMESBOND007\Desktop\ComboFix.exe
[2012.06.30 14:45:53 | 003,766,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.30 13:31:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.06.30 13:23:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\JAMESBOND007\Desktop\OTL.exe
[2012.06.30 13:05:31 | 000,781,383 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\RSIT.exe
[2012.06.28 22:34:37 | 000,001,993 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\JDownloader.lnk
[2012.06.28 22:32:35 | 000,000,250 | ---- | M] () -- C:\user.js
[2012.06.27 21:26:37 | 000,002,717 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\jLQtRqxE0Nal5YJJ.jpg
[2012.06.24 23:23:52 | 152,288,296 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Avatar_The_Last_Airbender_01x01_-_Chlapec_v_ledovci_by_Zaine.avi
[2012.06.21 22:24:00 | 000,084,965 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\metalfest.jpg
[2012.06.19 23:44:34 | 000,057,159 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\pic43939.jpg
[2012.06.17 20:01:39 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.17 20:01:39 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.17 18:26:30 | 004,536,329 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\INVOICE template PRESTIGE2.psd
[2012.06.14 21:51:26 | 000,726,064 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\data_short.zip
[2012.06.11 14:32:30 | 000,161,278 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\418017_402862136407104_572822702_n.jpg
[2012.06.10 12:03:59 | 000,046,397 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\535764_10150930945059099_1632630920_n.jpg
[2012.06.10 01:14:29 | 000,058,735 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\409410_299055650142577_569821337_n.jpg
[2012.06.08 11:39:06 | 000,020,478 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\582656_373560679352155_183461798_n.jpg
[2012.06.08 00:08:34 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.07 15:03:25 | 000,064,097 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\Stages-of-a-Photographer.png
[2012.06.07 13:41:27 | 000,269,416 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\K0_L-xYsVOQOgzKQ.png
[2012.06.07 01:08:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.06.06 20:45:59 | 000,000,963 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\DVDFab 8.lnk
[2012.06.05 17:22:08 | 000,102,455 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\The-Notebook(000002mjuhbftvftyrevbughn6256).srt
[2012.06.05 17:17:47 | 000,106,497 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\The-Notebook(0000127289).srt
[2012.06.05 17:13:44 | 000,106,290 | ---- | M] () -- C:\Users\JAMESBOND007\Desktop\The-Notebook(0000178501).srt

========== Files Created - No Company Name ==========

[2012.06.30 13:31:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.06.30 13:05:04 | 000,781,383 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\RSIT.exe
[2012.06.28 22:34:37 | 000,001,993 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\JDownloader.lnk
[2012.06.28 22:34:13 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.06.28 22:34:12 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012.06.28 22:34:12 | 000,001,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.06.28 22:32:32 | 000,000,250 | ---- | C] () -- C:\user.js
[2012.06.27 21:26:09 | 000,002,717 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\jLQtRqxE0Nal5YJJ.jpg
[2012.06.24 21:59:18 | 152,288,296 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Avatar_The_Last_Airbender_01x01_-_Chlapec_v_ledovci_by_Zaine.avi
[2012.06.21 22:23:59 | 000,084,965 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\metalfest.jpg
[2012.06.19 23:44:18 | 000,057,159 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\pic43939.jpg
[2012.06.17 20:48:34 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012.06.17 20:46:57 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012.06.17 20:46:21 | 000,001,230 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012.06.17 20:42:06 | 000,001,321 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012.06.17 20:41:55 | 000,001,487 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012.06.17 20:40:23 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.06.17 18:26:21 | 004,536,329 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\INVOICE template PRESTIGE2.psd
[2012.06.14 22:30:56 | 000,170,393 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\WorldUnlock_v44_Setup.exe
[2012.06.14 21:51:07 | 000,726,064 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\data_short.zip
[2012.06.10 16:29:02 | 000,161,278 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\418017_402862136407104_572822702_n.jpg
[2012.06.10 12:03:39 | 000,046,397 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\535764_10150930945059099_1632630920_n.jpg
[2012.06.10 01:14:02 | 000,058,735 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\409410_299055650142577_569821337_n.jpg
[2012.06.08 11:38:43 | 000,020,478 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\582656_373560679352155_183461798_n.jpg
[2012.06.08 00:08:34 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.07 15:03:14 | 000,064,097 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\Stages-of-a-Photographer.png
[2012.06.07 13:41:17 | 000,269,416 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\K0_L-xYsVOQOgzKQ.png
[2012.06.06 20:45:59 | 000,000,963 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\DVDFab 8.lnk
[2012.06.05 17:22:02 | 000,102,455 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\The-Notebook(000002mjuhbftvftyrevbughn6256).srt
[2012.06.05 17:17:38 | 000,106,497 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\The-Notebook(0000127289).srt
[2012.06.05 17:09:18 | 000,106,290 | ---- | C] () -- C:\Users\JAMESBOND007\Desktop\The-Notebook(0000178501).srt
[2012.05.01 22:18:49 | 000,017,408 | ---- | C] () -- C:\Users\JAMESBOND007\AppData\Local\WebpageIcons.db
[2012.05.01 22:17:49 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.05.01 22:17:49 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.04.21 11:00:56 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012.04.20 14:14:28 | 000,000,209 | ---- | C] () -- C:\Windows\spf.INI
[2012.04.20 13:09:02 | 000,000,067 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012.04.20 13:08:33 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012.04.20 13:08:33 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012.04.20 13:08:33 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012.04.20 13:08:32 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012.01.31 16:01:21 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.01.31 16:01:20 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.01.31 16:01:20 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.01.31 16:01:20 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.01.31 16:01:20 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.01.31 16:01:20 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.01.31 16:01:20 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.01.31 16:01:20 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.01.31 16:01:20 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.01.31 16:01:20 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.01.31 16:01:20 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.01.31 16:01:20 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.01.31 16:01:20 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.01.31 16:01:20 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.01.31 16:01:20 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.01.31 16:01:20 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.01.31 16:01:20 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.01.31 16:01:20 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.01.31 16:01:20 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.01.22 00:34:49 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.11.04 17:13:14 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011.11.04 17:12:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2011.11.04 17:12:58 | 000,005,116 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2011.11.04 17:12:57 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\RT2870.bin
[2011.10.01 21:17:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.10.01 21:17:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.10.01 21:17:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.10.01 21:17:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.10.01 21:17:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat

========== LOP Check ==========

[2012.06.08 23:23:57 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\BSplayer PRO
[2011.08.03 14:10:26 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\DAEMON Tools Lite
[2012.02.01 20:24:35 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Epson
[2011.07.22 19:50:02 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\GHISLER
[2012.04.28 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\MyPhoneExplorer
[2012.01.22 00:34:55 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\pdfforge
[2012.04.05 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Rovio
[2011.08.15 18:19:16 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\TomTom
[2012.07.03 11:16:15 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\uTorrent
[2011.07.22 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\JAMESBOND007\AppData\Roaming\Zoner
[2009.07.14 05:53:46 | 000,029,950 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

VIRY.CZ

Preventivka po nezvanem hostovi Babylon

Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon

Re: Preventivka po nezvanem hostovi Babylon