PC-HELP.CZ

Ahoj,

Můžete se mi na to kouknout? děkuji :-)
Problémy: na youtube mi bliká kurzor a na spodní liště mi vyskakují reklamy ad.

HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:58:49 PM, on 2/23/2013
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Documents and Settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

F2 - REG:system.ini: UserInit=userinit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VideoDownloadConverter] rundll32 C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbar.dll,S
O4 - HKLM\..\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [PowerDVD12DMREngine] "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
O4 - HKLM\..\Run: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: TrioBet - {F12E3D04-217B-4E11-AEDB-7EC45DC3091A} - C:\Microgaming\Poker\triobetMPP\MPPoker.exe (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) - COMPANYVERS_NAME - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 8868 bytes

Mbam

Malwarebytes Anti-Malware 1.70.0.1100
http://www.malwarebytes.org

Verze: v2013.02.23.04

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 6.0.3790.3959
Administrator :: DOMOV-93J41K2FD [administrátor]

2/23/2013 1:00:00 PM
mbam-log-2013-02-23 (13-00-00).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 192099
Uplynulý čas: 2 minut, 3 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

ATF hotov i ccleaner

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod



Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

AdwCleaner se mi nechce spusti (ani instalačka) - nevím proč
A ComboFix mi nepodporuje verzi systému Mám XP Prof 64bit
Tady aspoň ten tdss killer:

21:09:13.0921 0604 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:09:13.0968 0604 ============================================================
21:09:13.0968 0604 Current date / time: 2013/02/23 21:09:13.0968
21:09:13.0968 0604 SystemInfo:
21:09:13.0968 0604
21:09:13.0968 0604 OS Version: 5.2.3790 ServicePack: 2.0
21:09:13.0968 0604 Product type: Workstation
21:09:13.0968 0604 ComputerName: DOMOV-93J41K2FD
21:09:13.0968 0604 UserName: Administrator
21:09:13.0968 0604 Windows directory: C:\WINDOWS
21:09:13.0968 0604 System windows directory: C:\WINDOWS
21:09:13.0968 0604 Running under WOW64
21:09:13.0968 0604 Processor architecture: Intel x64
21:09:13.0968 0604 Number of processors: 2
21:09:13.0968 0604 Page size: 0x1000
21:09:13.0968 0604 Boot type: Normal boot
21:09:13.0968 0604 ============================================================
21:09:15.0671 0604 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xB925A, SectorsPerTrack: 0x1C, TracksPerCylinder: 0x2E, Type 'K0', Flags 0x00000044
21:09:15.0671 0604 ============================================================
21:09:15.0671 0604 \Device\Harddisk0\DR0:
21:09:15.0671 0604 MBR partitions:
21:09:15.0671 0604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C, BlocksNum 0x3A384FAC
21:09:15.0671 0604 ============================================================
21:09:15.0703 0604 C: <-> \Device\Harddisk0\DR0\Partition1
21:09:15.0703 0604 ============================================================
21:09:15.0703 0604 Initialize success
21:09:15.0703 0604 ============================================================
21:09:19.0375 1220 ============================================================
21:09:19.0375 1220 Scan started
21:09:19.0375 1220 Mode: Manual;
21:09:19.0375 1220 ============================================================
21:09:19.0453 1220 ================ Scan system memory ========================
21:09:19.0453 1220 System memory - ok
21:09:19.0453 1220 ================ Scan services =============================
21:09:19.0593 1220 Abiosdsk - ok
21:09:19.0640 1220 [ 0CC42D1FB637112DE6F6196DDAF83DEC ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:09:19.0656 1220 ACPI - ok
21:09:19.0703 1220 [ A4D4F508BC6613442B0C32CDE443E382 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:09:19.0703 1220 ACPIEC - ok
21:09:19.0812 1220 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:09:19.0812 1220 AdobeFlashPlayerUpdateSvc - ok
21:09:19.0828 1220 adpu160m - ok
21:09:19.0843 1220 adpu320 - ok
21:09:19.0921 1220 [ 92500BC3A6E241BBC357F532DD500A75 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:09:19.0921 1220 aec - ok
21:09:20.0000 1220 [ AC7010DDE9111A1C65D7391ADA5C7257 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
21:09:20.0000 1220 AeLookupSvc - ok
21:09:20.0093 1220 [ F0E008AC59FAA5ECD22C8891B3300378 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:09:20.0109 1220 AFD - ok
21:09:20.0125 1220 aic78u2 - ok
21:09:20.0125 1220 aic78xx - ok
21:09:20.0156 1220 [ AFA2CF7CB731CA177CCCFFFFE5D88776 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:09:20.0156 1220 Alerter - ok
21:09:20.0187 1220 [ 2D21FF6D4CD30E679F1A294D5BA3D97B ] ALG C:\WINDOWS\System32\alg.exe
21:09:20.0203 1220 ALG - ok
21:09:20.0203 1220 AliIde - ok
21:09:20.0265 1220 ALSysIO - ok
21:09:20.0281 1220 AmdIde - ok
21:09:20.0312 1220 [ 4F6B2DE8BC199C542F174844BB64485A ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:09:20.0328 1220 AppMgmt - ok
21:09:20.0328 1220 arc - ok
21:09:20.0484 1220 [ F9F0F095586009E5DA0C32E648AA99FA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
21:09:20.0484 1220 aspnet_state - ok
21:09:20.0500 1220 [ 7380ACDD2D8E6621392E56D9A0467FE4 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:09:20.0515 1220 AsyncMac - ok
21:09:20.0546 1220 [ 7A1814D0D112F50F828E25557A1ED29F ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:09:20.0546 1220 atapi - ok
21:09:20.0562 1220 Atdisk - ok
21:09:20.0625 1220 [ B4AC1C64F656DE05F93D60298091B9DC ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:09:20.0656 1220 Ati HotKey Poller - ok
21:09:20.0953 1220 [ 659D1466E94BD3B36136C20547D7BDB9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:09:21.0171 1220 ati2mtag - ok
21:09:21.0234 1220 [ 62D65FCE5695B53A2DDF92E83111EA06 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:09:21.0234 1220 Atmarpc - ok
21:09:21.0312 1220 [ 0DA015AB1EE54988572CFC4B7644556A ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:09:21.0312 1220 AudioSrv - ok
21:09:21.0375 1220 [ 1437089F59DBA75FEE4ED959077A938E ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:09:21.0375 1220 audstub - ok
21:09:21.0406 1220 [ 8BA2E5CDFDE406DC4646AFB894804844 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:09:21.0406 1220 Beep - ok
21:09:21.0468 1220 [ 749C15323919984A6E08BAD427D89936 ] BITS C:\WINDOWS\system32\qmgr.dll
21:09:21.0515 1220 BITS - ok
21:09:21.0562 1220 [ 3A8E1DF1A159DF863AF4E5B84019A2BC ] Browser C:\WINDOWS\System32\browser.dll
21:09:21.0562 1220 Browser - ok
21:09:21.0609 1220 [ 982563CF02CD6D4E5D8E0F4B5CBB9B6A ] CdaC15BA C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
21:09:21.0609 1220 CdaC15BA - ok
21:09:21.0625 1220 [ 9067D96899D98CA4535A76E8C8B2E3A5 ] CdaD10BA C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
21:09:21.0625 1220 CdaD10BA - ok
21:09:21.0656 1220 [ 4D99E36322FB51A8D1B2B6D6B69D9889 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:09:21.0656 1220 Cdfs - ok
21:09:21.0671 1220 [ 11663FE50E499FFEE77979542B285F38 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:09:21.0687 1220 Cdrom - ok
21:09:21.0703 1220 Changer - ok
21:09:21.0734 1220 [ 46C54F209031AFA0F100D0703FC346DA ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:09:21.0734 1220 CiSvc - ok
21:09:21.0875 1220 [ 525A4F2E6ED045A51CDA4DCD3A24C69F ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
21:09:21.0875 1220 CLHNServiceForPowerDVD12 - ok
21:09:21.0906 1220 [ 74F11D0323666D9F615A2D3692590122 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:09:21.0921 1220 ClipSrv - ok
21:09:22.0015 1220 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:22.0046 1220 clr_optimization_v2.0.50727_32 - ok
21:09:22.0078 1220 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:09:22.0093 1220 clr_optimization_v2.0.50727_64 - ok
21:09:22.0109 1220 CmdIde - ok
21:09:22.0125 1220 COMSysApp - ok
21:09:22.0171 1220 [ 423F7A6E3AF4C2A73C8C8AD945F72CBA ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys
21:09:22.0171 1220 crcdisk - ok
21:09:22.0187 1220 [ 8B0B3744C60936ACAE31012799DB3982 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:09:22.0187 1220 CryptSvc - ok
21:09:22.0203 1220 [ 937337437A28D96DD107ABEEFEA4574F ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
21:09:22.0203 1220 CyberLink PowerDVD 12 Media Server Monitor Service - ok
21:09:22.0250 1220 [ 9DBAD535C952276D780FF20D66A5A1C9 ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
21:09:22.0250 1220 CyberLink PowerDVD 12 Media Server Service - ok
21:09:22.0328 1220 [ 8830EF3E7DDB479F00113A5B59B6F601 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:09:22.0343 1220 DcomLaunch - ok
21:09:22.0375 1220 [ DE4C841DDA8D5800515A5CA908580A36 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:09:22.0390 1220 Dhcp - ok
21:09:22.0406 1220 [ 417D7B9C6F36685A417E54690F8BD7B2 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:09:22.0406 1220 Disk - ok
21:09:22.0421 1220 dmadmin - ok
21:09:22.0515 1220 [ 19D704C92C2E2BD4DC99DB18A3523918 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:09:22.0531 1220 dmboot - ok
21:09:22.0546 1220 [ B293CE1C9243219F6B9E5DBCAA75B962 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:09:22.0562 1220 dmio - ok
21:09:22.0593 1220 [ C294E31D6CB7407A43C96EC1FEC1F8A4 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:09:22.0593 1220 dmload - ok
21:09:22.0625 1220 [ 76F7E7922F428BE040F800920BB8FF3B ] dmserver C:\WINDOWS\System32\dmserver.dll
21:09:22.0625 1220 dmserver - ok
21:09:22.0640 1220 [ 551D4D8CEB91D5B5066222A16C747609 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:09:22.0640 1220 Dnscache - ok
21:09:22.0671 1220 dpti2o - ok
21:09:22.0718 1220 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
21:09:22.0734 1220 dtsoftbus01 - ok
21:09:22.0781 1220 [ B063A36E4E027A9DBE2B019EBBBEAE86 ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:09:22.0781 1220 ERSvc - ok
21:09:22.0812 1220 [ D255E0DDB63A6223BFD8057266380017 ] Eventlog C:\WINDOWS\system32\services.exe
21:09:22.0828 1220 Eventlog - ok
21:09:22.0843 1220 [ 3CDFF4AB6CF70B9C687A7BD0517283DA ] EventSystem C:\WINDOWS\system32\es.dll
21:09:22.0859 1220 EventSystem - ok
21:09:22.0890 1220 [ 7C713B9F6F968F135D3D819492882CDD ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:09:22.0906 1220 Fastfat - ok
21:09:22.0937 1220 [ 7E35D423FF10AB5B8AF1D3DE86236690 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:09:22.0937 1220 Fdc - ok
21:09:22.0968 1220 [ 73EA9000F8FB2E060954EB7C3377A3C7 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:09:22.0968 1220 Fips - ok
21:09:22.0984 1220 [ 8AC77974378EAC3548330951A5DEEEBF ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:09:22.0984 1220 Flpydisk - ok
21:09:23.0015 1220 [ 087DB260F98056AC40261ACAE4240882 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:09:23.0031 1220 FltMgr - ok
21:09:23.0109 1220 [ 8A4DCD28D2BE12946F6D5D308B0942A6 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
21:09:23.0109 1220 FontCache3.0.0.0 - ok
21:09:23.0125 1220 [ 70DF80567A55A97894B4E8952EC5E7FC ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:09:23.0125 1220 Fs_Rec - ok
21:09:23.0156 1220 [ E90AA7C073519DD8571670818CB85CCB ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:09:23.0156 1220 Ftdisk - ok
21:09:23.0234 1220 GGSAFERDriver - ok
21:09:23.0265 1220 [ 865D4D0B4E3730EF8040000CFB846D9F ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:09:23.0265 1220 Gpc - ok
21:09:23.0328 1220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:23.0328 1220 gupdate - ok
21:09:23.0343 1220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:23.0343 1220 gupdatem - ok
21:09:23.0406 1220 [ D36E47728CDBC8D17A77D36A6CBC29BB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:09:23.0421 1220 HDAudBus - ok
21:09:23.0515 1220 [ 40E274B64843813A81C42687592339D7 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:09:23.0515 1220 helpsvc - ok
21:09:23.0562 1220 [ 9648AD494BE12B39ACC2DB638E2340A0 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:09:23.0578 1220 HidServ - ok
21:09:23.0625 1220 [ F32BEC5614A61BBB2BEDE070D279F88B ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:09:23.0625 1220 hidusb - ok
21:09:23.0656 1220 [ 2138F3FD8F0658ADEF14C6E5870FE1E9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:09:23.0671 1220 HTTP - ok
21:09:23.0718 1220 [ 1A782D5CA033F553F0BE54546EBF3B4F ] HTTPFilter C:\WINDOWS\System32\lsass.exe
21:09:23.0718 1220 HTTPFilter - ok
21:09:23.0734 1220 i2omgmt - ok
21:09:23.0750 1220 [ 50FD608643D9B56C4C75C0784513F77E ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
21:09:23.0765 1220 i8042prt - ok
21:09:23.0781 1220 IASJet - ok
21:09:23.0921 1220 [ 501CF65702D7F64C38DB360F7EB07ADC ] idsvc C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:09:23.0953 1220 idsvc - ok
21:09:23.0968 1220 iirsp - ok
21:09:24.0015 1220 [ D2E541613B72FF9FCEDF37B166930706 ] imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:09:24.0015 1220 imapi - ok
21:09:24.0062 1220 [ 9014C144CD95EEE1F5884664A4BFB4D8 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:09:24.0078 1220 ImapiService - ok
21:09:24.0265 1220 [ 507A82F4F0478A34AE0F14200A2D4BA1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKHDA64.SYS
21:09:24.0359 1220 IntcAzAudAddService - ok
21:09:24.0375 1220 IntelIde - ok
21:09:24.0421 1220 [ F8DEF5F83DEF3D1EE89BC851BFB6A886 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:09:24.0437 1220 intelppm - ok
21:09:24.0468 1220 [ 6601A43EE389D0ADB11AAEDE9A98036B ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:09:24.0484 1220 Ip6Fw - ok
21:09:24.0500 1220 [ 1B1B4654A5492A42D2E1BF5B2B22D32B ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:09:24.0500 1220 IpFilterDriver - ok
21:09:24.0515 1220 IpInIp - ok
21:09:24.0562 1220 [ 088ECB04137DF1F52EC10C29D57A8CCA ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:09:24.0562 1220 IpNat - ok
21:09:24.0578 1220 [ DB841EC6F027C780002EF47AABFDDF86 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:09:24.0593 1220 IPSec - ok
21:09:24.0609 1220 [ 8B7015EA0171242CCA03C2FB48CCC771 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:09:24.0625 1220 IRENUM - ok
21:09:24.0656 1220 [ D994162E4D8E931FC16A892A87852BBB ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:09:24.0656 1220 isapnp - ok
21:09:24.0687 1220 [ E85095372008A9194C7ED6206CB782DA ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:09:24.0687 1220 Kbdclass - ok
21:09:24.0703 1220 [ F96D8CEC38EFD64AAF41976D214FC54E ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:09:24.0703 1220 kbdhid - ok
21:09:24.0734 1220 [ 1B280B3B4C10CC2E3EC3AEC17EB6B658 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:09:24.0734 1220 kmixer - ok
21:09:24.0750 1220 [ 2649ACA0D7C01933C95073F4EBFAC42C ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:09:24.0765 1220 KSecDD - ok
21:09:24.0781 1220 [ 5CB302B6CAACE41AF70C34B56EB3DB23 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
21:09:24.0781 1220 ksthunk - ok
21:09:24.0812 1220 [ C84FDB60C9333A7BE2CE849635AC8700 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:09:24.0828 1220 lanmanserver - ok
21:09:24.0843 1220 [ 14A994FEA0C50E9AC1D186BB1A544A3A ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:09:24.0859 1220 lanmanworkstation - ok
21:09:24.0890 1220 [ 80DB42573F8EF6CBB6A7A0FF6966A352 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:09:24.0906 1220 LmHosts - ok
21:09:24.0953 1220 [ 34EF8CBEA95EF5108A1349FC22D87513 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:09:24.0953 1220 Messenger - ok
21:09:25.0046 1220 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:09:25.0046 1220 Microsoft Office Groove Audit Service - ok
21:09:25.0062 1220 [ AD6BC1EFA0C1B53409947F06DE87FC89 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:09:25.0062 1220 mnmdd - ok
21:09:25.0078 1220 mnmsrvc - ok
21:09:25.0109 1220 [ 9A67A96A0CBC2BC658ABF8C9B5EE065A ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:09:25.0109 1220 Modem - ok
21:09:25.0140 1220 [ 12ACF32EDF03E46805347817ACB9F64C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:09:25.0140 1220 Mouclass - ok
21:09:25.0171 1220 [ A0C4E4A79C5D6F418315C33177F2B5BC ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:09:25.0171 1220 mouhid - ok
21:09:25.0187 1220 [ 7E9CC7E4282A8E7A480560A6F817C177 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:09:25.0203 1220 MountMgr - ok
21:09:25.0250 1220 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:09:25.0250 1220 MozillaMaintenance - ok
21:09:25.0265 1220 mraid35x - ok
21:09:25.0296 1220 [ F588AB7DCFFEFB2891764CF380A80B63 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:09:25.0296 1220 MRxDAV - ok
21:09:25.0343 1220 [ 9899C0483AE641A9540731164FCA1AC5 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:09:25.0359 1220 MRxSmb - ok
21:09:25.0406 1220 [ 6F7ADB8185B2B5B50DBF5789DB962EDA ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:09:25.0406 1220 MSDTC - ok
21:09:25.0453 1220 [ 983F4AB7A50D56CD33E2061EE733BD55 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:09:25.0453 1220 Msfs - ok
21:09:25.0468 1220 MSIServer - ok
21:09:25.0500 1220 [ 308EC6FBEF38871CB2C4CACE9C8F4808 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:09:25.0500 1220 MSKSSRV - ok
21:09:25.0546 1220 [ 8D3226738479719AAB3B6D2617D7A55C ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:09:25.0562 1220 MSPCLOCK - ok
21:09:25.0562 1220 [ 058D63E8D000AE678D4549BFA8EB0DEB ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:09:25.0562 1220 MSPQM - ok
21:09:25.0593 1220 [ 5992D1F9ED64017A76AFEE2B79F5CFB9 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:09:25.0593 1220 mssmbios - ok
21:09:25.0609 1220 [ 4E3A0746542AA482117293234BFDE2C9 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:09:25.0625 1220 Mup - ok
21:09:25.0640 1220 [ 6FE83D05AEBEF7930D7CE91568DC99DF ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:09:25.0656 1220 NDIS - ok
21:09:25.0687 1220 [ 74612C7B722DF0DBCC972F301BD1BF1E ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:09:25.0687 1220 NdisTapi - ok
21:09:25.0703 1220 [ 49C1207C1AE8C6958F1C1747132814C2 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:09:25.0703 1220 Ndisuio - ok
21:09:25.0734 1220 [ 6157A7AEAE6D2B948FF2E872FFAC765B ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:09:25.0750 1220 NdisWan - ok
21:09:25.0781 1220 [ 24EA58A8257C3A4557C589EE0D4AB19B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:09:25.0796 1220 NDProxy - ok
21:09:25.0812 1220 [ B1CEE06471A069149B11FADA23FF00FD ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:09:25.0812 1220 NetBIOS - ok
21:09:25.0843 1220 [ FEDAAFB6CD700B9E0787C94D81C07DB5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:09:25.0859 1220 NetBT - ok
21:09:25.0890 1220 [ FB13279D8C89ADD5B0F7497C45BCF1C3 ] NetDDE C:\WINDOWS\system32\netdde.exe
21:09:25.0890 1220 NetDDE - ok
21:09:25.0906 1220 [ FB13279D8C89ADD5B0F7497C45BCF1C3 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:09:25.0921 1220 NetDDEdsdm - ok
21:09:25.0953 1220 [ 1A782D5CA033F553F0BE54546EBF3B4F ] Netlogon C:\WINDOWS\system32\lsass.exe
21:09:25.0953 1220 Netlogon - ok
21:09:26.0000 1220 [ F28FD9DBA68A85D6EE4225A83F127D2B ] Netman C:\WINDOWS\System32\netman.dll
21:09:26.0015 1220 Netman - ok
21:09:26.0093 1220 [ 8BC776595238AB62072AA6BEB17DDF59 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:09:26.0093 1220 NetTcpPortSharing - ok
21:09:26.0140 1220 [ 7F6F508DAE92E99B62287562F10343B1 ] Nla C:\WINDOWS\System32\mswsock.dll
21:09:26.0156 1220 Nla - ok
21:09:26.0171 1220 [ 81819038621A2C524781EC503D400287 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:09:26.0171 1220 Npfs - ok
21:09:26.0234 1220 [ C8904B5F90AB2236692E83D491C4D426 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:09:26.0265 1220 Ntfs - ok
21:09:26.0312 1220 [ A773AA47341A1FD16C6A9BA3C11D7DAA ] ntk_PowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
21:09:26.0312 1220 ntk_PowerDVD12 - ok
21:09:26.0328 1220 [ 1A782D5CA033F553F0BE54546EBF3B4F ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:09:26.0328 1220 NtLmSsp - ok
21:09:26.0390 1220 [ A398462077F68A41B4DFF9FB7E8FC7B8 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:09:26.0406 1220 NtmsSvc - ok
21:09:26.0437 1220 [ 501039187C444FA7AB9D97B6A6C667B3 ] Null C:\WINDOWS\system32\drivers\Null.sys
21:09:26.0453 1220 Null - ok
21:09:26.0562 1220 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:09:26.0578 1220 odserv - ok
21:09:26.0656 1220 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:09:26.0656 1220 ose - ok
21:09:26.0718 1220 [ 1011C779C9FCD01AFA96490C86A50421 ] PanService C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
21:09:26.0734 1220 PanService - ok
21:09:26.0765 1220 [ 7DDAA09186DA9F1D304E819B5A6BBC5A ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:09:26.0765 1220 Parport - ok
21:09:26.0796 1220 [ 5F9A703240468A0C35A629D17FFCA847 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:09:26.0812 1220 PartMgr - ok
21:09:26.0828 1220 [ 5B2C8D6971D8DF4937C2FA013CD4C00D ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:09:26.0828 1220 PCI - ok
21:09:26.0843 1220 [ F1978C7849A0047306DB3B8BB94F0764 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:09:26.0843 1220 PCIIde - ok
21:09:26.0890 1220 [ 037F3A19F49A4C6A320C4154EBD6EE9D ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:09:26.0906 1220 Pcmcia - ok
21:09:26.0906 1220 PDCOMP - ok
21:09:26.0937 1220 PDFRAME - ok
21:09:26.0953 1220 PDRELI - ok
21:09:26.0968 1220 PDRFRAME - ok
21:09:27.0046 1220 [ 421EE1F0A74BABDB22F6FCDDEB272514 ] PfFilter C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys
21:09:27.0046 1220 PfFilter - ok
21:09:27.0078 1220 [ D255E0DDB63A6223BFD8057266380017 ] PlugPlay C:\WINDOWS\system32\services.exe
21:09:27.0093 1220 PlugPlay - ok
21:09:27.0109 1220 [ 1A782D5CA033F553F0BE54546EBF3B4F ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:09:27.0109 1220 PolicyAgent - ok
21:09:27.0140 1220 [ E176F640EE6BF550F61FAA9CE9A683F4 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:09:27.0140 1220 PptpMiniport - ok
21:09:27.0156 1220 [ 1A782D5CA033F553F0BE54546EBF3B4F ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:09:27.0156 1220 ProtectedStorage - ok
21:09:27.0187 1220 [ 01AAE06E543C0956AC247546A8F2DAFE ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:09:27.0187 1220 PSched - ok
21:09:27.0234 1220 [ 35E39A969D227C2A56C1DC98361D8E35 ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:09:27.0234 1220 Ptilink - ok
21:09:27.0265 1220 [ D646A315E6386DAC1D96C8CE8A4BFEE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:09:27.0265 1220 RasAcd - ok
21:09:27.0312 1220 [ 3F573D0C001B982C3180860366783BC0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:09:27.0312 1220 RasAuto - ok
21:09:27.0328 1220 [ D81FDC53EE9C0F68D709E504342D1D74 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:09:27.0328 1220 Rasl2tp - ok
21:09:27.0390 1220 [ 47F7838F77A42F85C763899AB1B77D14 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:09:27.0406 1220 RasMan - ok
21:09:27.0421 1220 [ 31FA5AB662C58CC5CF92396224F6B29A ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:09:27.0421 1220 RasPppoe - ok
21:09:27.0453 1220 [ 701493F9A6EDE759AF8D3FA7C08BAB3B ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:09:27.0453 1220 Raspti - ok
21:09:27.0500 1220 [ 251A8B39645C5B3DC7DCBBD03A3140CB ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:09:27.0500 1220 Rdbss - ok
21:09:27.0531 1220 [ C013379D04060318C3B2E4967D82739A ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:09:27.0531 1220 RDPCDD - ok
21:09:27.0578 1220 [ 0482A9BE0BE2098A12A61464306BF24B ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:09:27.0578 1220 rdpdr - ok
21:09:27.0640 1220 [ CECA4F10B0118E3883628AFA294B31D6 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:09:27.0656 1220 RDPWD - ok
21:09:27.0687 1220 [ A72BE0B07655141AB4EABECF0D66528A ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:09:27.0687 1220 RDSessMgr - ok
21:09:27.0718 1220 [ 1D793394201000D2D56E848C18FE9A62 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:09:27.0734 1220 redbook - ok
21:09:27.0781 1220 [ 60C8A5D4954CCE7D280369DFF5068019 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:09:27.0796 1220 RemoteAccess - ok
21:09:27.0828 1220 [ B2D55CE8C7C946C625B687F75040AD3F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:09:27.0828 1220 RemoteRegistry - ok
21:09:27.0890 1220 [ 809785CF7BE1B857F3B52D9B1AF10817 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:09:27.0890 1220 RpcLocator - ok
21:09:27.0953 1220 [ 8830EF3E7DDB479F00113A5B59B6F601 ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:09:27.0968 1220 RpcSs - ok
21:09:27.0984 1220 [ 1A782D5CA033F553F0BE54546EBF3B4F ] SamSs C:\WINDOWS\system32\lsass.exe
21:09:28.0000 1220 SamSs - ok
21:09:28.0031 1220 [ A2069FFA2A6FEBB3818F180373C84A89 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:09:28.0031 1220 SCardSvr - ok
21:09:28.0078 1220 [ 71CD398385835C08613C65E5BF91E7FA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:09:28.0093 1220 Schedule - ok
21:09:28.0140 1220 [ 6D4CCD356DA407194C2574A68D9C727A ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:09:28.0140 1220 Secdrv - ok
21:09:28.0156 1220 [ B4E054549321372D995E4DB9A5304E77 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:09:28.0171 1220 seclogon - ok
21:09:28.0187 1220 [ 222C0A6C354D6A90700956C60574A09A ] SENS C:\WINDOWS\system32\sens.dll
21:09:28.0203 1220 SENS - ok
21:09:28.0218 1220 [ 111B29F3FCF9FB61C903A01E3706F7DC ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:09:28.0218 1220 serenum - ok
21:09:28.0250 1220 [ C0DC97399576FCCFF5FE877EC2D8DACC ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:09:28.0250 1220 Serial - ok
21:09:28.0296 1220 [ C6EACC8920A31B8D5842D1F7A28E2113 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:09:28.0296 1220 Sfloppy - ok
21:09:28.0359 1220 [ D71A8153D3CF0ED527F6BA1F087FAA22 ] SharedAccess C:\WINDOWS\system32\ipnathlp.dll
21:09:28.0375 1220 SharedAccess - ok
21:09:28.0406 1220 [ C87F7B646931CEB8525F2D9B7E26F9FB ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:09:28.0421 1220 ShellHWDetection - ok
21:09:28.0437 1220 Simbad - ok
21:09:28.0500 1220 [ 17EC29105989101DB536C49E1279A0EB ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:09:28.0500 1220 splitter - ok
21:09:28.0515 1220 [ 5918677301E62A935A837EC22BA7088C ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:09:28.0515 1220 Spooler - ok
21:09:28.0578 1220 [ DAE1D5553D42A06034001D6EF4F5CB36 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:09:28.0578 1220 sr - ok
21:09:28.0640 1220 [ 7B6DA719973755BD091131E53AD6EC23 ] srservice C:\WINDOWS\system32\srsvc.dll
21:09:28.0656 1220 srservice - ok
21:09:28.0718 1220 [ DA399DC57B869CF11B7CF98F0A8494D7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:09:28.0734 1220 Srv - ok
21:09:28.0750 1220 [ 94AD81C8EE2385EDDB08C7E34FEDB7A8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:09:28.0765 1220 SSDPSRV - ok
21:09:28.0796 1220 Steam Client Service - ok
21:09:28.0843 1220 [ F6D4F452DB507820F726525A1425F0CC ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:09:28.0859 1220 stisvc - ok
21:09:28.0875 1220 [ B6536185FEEB8F0C86AD3BF2FBAB4F2F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:09:28.0890 1220 swenum - ok
21:09:28.0906 1220 [ 8E9E35B36A27AD154A5F92397CDE343C ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:09:28.0906 1220 swmidi - ok
21:09:28.0953 1220 [ 2E54746998139CB708B83974F1AC09F3 ] swprv C:\WINDOWS\System32\swprv.dll
21:09:28.0968 1220 swprv - ok
21:09:28.0984 1220 symc8xx - ok
21:09:29.0000 1220 symmpi - ok
21:09:29.0031 1220 sym_hi - ok
21:09:29.0046 1220 sym_u3 - ok
21:09:29.0093 1220 [ 2E843F129DAF4C789DF7ACD40E26208F ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:09:29.0093 1220 sysaudio - ok
21:09:29.0109 1220 [ D3FFFEA8C94BA3C1CEAC9694AC390472 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:09:29.0125 1220 SysmonLog - ok
21:09:29.0187 1220 [ FAFEFC85FC929B81571BFF315C93E299 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:09:29.0203 1220 TapiSrv - ok
21:09:29.0250 1220 [ C013E7F14FD378A16F5B7A4B5A7050E9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:09:29.0281 1220 Tcpip - ok
21:09:29.0296 1220 [ DA1E9CD22238FA4DB565EF41C7312E1B ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:09:29.0296 1220 TDPIPE - ok
21:09:29.0328 1220 [ 47D24EBB1C442DCC18D89B8B89BAFB49 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:09:29.0328 1220 TDTCP - ok
21:09:29.0343 1220 [ 8AB9AD44907D4C57AD10E175C8720ECF ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:09:29.0343 1220 TermDD - ok
21:09:29.0406 1220 [ F4849A4962779132B02CA4BBF696F434 ] TermService C:\WINDOWS\System32\termsrv.dll
21:09:29.0421 1220 TermService - ok
21:09:29.0453 1220 [ C87F7B646931CEB8525F2D9B7E26F9FB ] Themes C:\WINDOWS\System32\shsvcs.dll
21:09:29.0453 1220 Themes - ok
21:09:29.0484 1220 [ 0FDF294D30CA53391485132854151B26 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:09:29.0500 1220 TlntSvr - ok
21:09:29.0500 1220 TosIde - ok
21:09:29.0546 1220 [ 483FFCD8E5080198D87EEED44246E6A9 ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:09:29.0562 1220 TrkWks - ok
21:09:29.0625 1220 [ A6DD2DFCC44EC61D18AA645620CD8F63 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:09:29.0625 1220 Udfs - ok
21:09:29.0640 1220 ultra - ok
21:09:29.0671 1220 [ C306CEA0F1477240A5D9A7E61DB2F3E1 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
21:09:29.0671 1220 UMWdf - ok
21:09:29.0687 1220 [ 70CA9DB8119FFF67D9938F2AB2B8D50C ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:09:29.0703 1220 Update - ok
21:09:29.0734 1220 [ FC584D63C6B12434D12BBC9CB278C560 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:09:29.0750 1220 upnphost - ok
21:09:29.0781 1220 [ 3EC1501AA03CECD66ED093428FBC8B0E ] UPS C:\WINDOWS\System32\ups.exe
21:09:29.0781 1220 UPS - ok
21:09:29.0828 1220 [ 3421B0691A0E365A020836369A296F0C ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:09:29.0828 1220 usbccgp - ok
21:09:29.0875 1220 [ D63CB1B59D54F9C2BB8A4107584A664F ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:09:29.0875 1220 usbhub - ok
21:09:29.0906 1220 [ EDCE8A162E8023FD1751E08E23E41948 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:09:29.0906 1220 USBSTOR - ok
21:09:29.0921 1220 [ 4B7B4A2CC997C482A0AA7CA663AF62A0 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:09:29.0937 1220 usbuhci - ok
21:09:29.0984 1220 [ B1E327AEA4ECF42DDF7C579B0FB0DE4C ] vds C:\WINDOWS\System32\vds.exe
21:09:30.0000 1220 vds - ok
21:09:30.0046 1220 [ B40CFD2FFDD838B0CE0C35EE449407BD ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys
21:09:30.0046 1220 vga - ok
21:09:30.0062 1220 [ 78EBFE6F11F10DB8237B910E9158CA91 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:09:30.0062 1220 VgaSave - ok
21:09:30.0078 1220 ViaIde - ok
21:09:30.0156 1220 [ 622FCF264119F7DF127BE353F796B319 ] VideoDownloadConverter_4zService C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
21:09:30.0156 1220 VideoDownloadConverter_4zService - ok
21:09:30.0187 1220 [ FD6D28D1BBF31C719D9C5EC2D20FB5C2 ] VolSnap C:\WINDOWS\system32\DRIVERS\volsnap.sys
21:09:30.0203 1220 VolSnap - ok
21:09:30.0281 1220 [ 0A05DE966B412D6289632AC05FC6ADA2 ] VSS C:\WINDOWS\System32\vssvc.exe
21:09:30.0328 1220 VSS - ok
21:09:30.0390 1220 [ 6FE371026674BAF189F7A81746A67C87 ] W32Time C:\WINDOWS\system32\w32time.dll
21:09:30.0406 1220 W32Time - ok
21:09:30.0437 1220 [ D2A01D73FE4A455C1D741B48C56763B2 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:09:30.0437 1220 Wanarp - ok
21:09:30.0453 1220 WDICA - ok
21:09:30.0484 1220 [ DAFF7E89C84079022B9606F83E1BD29A ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:09:30.0484 1220 wdmaud - ok
21:09:30.0515 1220 [ FE8590FA0367A29BC7ED7BFC4962AD1C ] WebClient C:\WINDOWS\System32\webclnt.dll
21:09:30.0515 1220 WebClient - ok
21:09:30.0546 1220 WinHttpAutoProxySvc - ok
21:09:30.0609 1220 [ 881271D649E778690A365D73B8958509 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:09:30.0625 1220 winmgmt - ok
21:09:30.0703 1220 [ 81E883CE0157B97E9D762E449E50D69F ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
21:09:30.0703 1220 WmdmPmSN - ok
21:09:30.0765 1220 [ 628FC75FF1CB7CF5D4C4A6F9A5092C94 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:09:30.0796 1220 Wmi - ok
21:09:30.0843 1220 [ 56980BE8B5A6861B5D9175EABA8AC7DC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:09:30.0843 1220 WmiApSrv - ok
21:09:30.0890 1220 [ 4A59D22B86EDF8306810FA10C58368C7 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
21:09:30.0890 1220 WpdUsb - ok
21:09:30.0937 1220 [ 82960CE97C1898C28D7AE62BA6721D27 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:09:30.0953 1220 wscsvc - ok
21:09:31.0000 1220 [ EF7576AF44B484F7A3E6072D633BAB34 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:09:31.0046 1220 wuauserv - ok
21:09:31.0093 1220 [ F4EC5C736BBA9A27F9C36412C930B386 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:09:31.0125 1220 WZCSVC - ok
21:09:31.0171 1220 [ A1ABA5A0B4F1FF9B83C50F92F8C080A2 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:09:31.0203 1220 xmlprov - ok
21:09:31.0234 1220 [ 29616B8B6DCBB8020CF9C621A2BCD4E3 ] yukonx64 C:\WINDOWS\system32\DRIVERS\yk51x64.sys
21:09:31.0234 1220 yukonx64 - ok
21:09:31.0328 1220 [ 6F58BD07113A38412A6AE6566A3B36A0 ] {73526619-C24F-470B-9BED-53D455FBB5C6} C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
21:09:31.0328 1220 {73526619-C24F-470B-9BED-53D455FBB5C6} - ok
21:09:31.0343 1220 ================ Scan global ===============================
21:09:31.0390 1220 [ 2AE60E46216266CDC9E20886E4CE3281 ] C:\WINDOWS\system32\basesrv.dll
21:09:31.0421 1220 [ 4D930992DF38ED4F0B39EFF1EA204DDA ] C:\WINDOWS\system32\winsrv.dll
21:09:31.0453 1220 [ 4D930992DF38ED4F0B39EFF1EA204DDA ] C:\WINDOWS\system32\winsrv.dll
21:09:31.0484 1220 [ D255E0DDB63A6223BFD8057266380017 ] C:\WINDOWS\system32\services.exe
21:09:31.0484 1220 [Global] - ok
21:09:31.0484 1220 ================ Scan MBR ==================================
21:09:31.0515 1220 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:09:31.0781 1220 \Device\Harddisk0\DR0 - ok
21:09:31.0781 1220 ================ Scan VBR ==================================
21:09:31.0781 1220 [ 25A2B5F4060BAE9FC3A26D8B0B215562 ] \Device\Harddisk0\DR0\Partition1
21:09:31.0796 1220 \Device\Harddisk0\DR0\Partition1 - ok
21:09:31.0796 1220 ============================================================
21:09:31.0796 1220 Scan finished
21:09:31.0796 1220 ============================================================
21:09:31.0828 1440 Detected object count: 0
21:09:31.0828 1440 Actual detected object count: 0
21:09:43.0484 1308 Deinitialize success

XP Prof 64bit--dost rarita..

AdwCleaner--ten by měl jít , zkus v nouz. režimu.

Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“, celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Teď jdu do toho nouzaku
EDIT: tak nouzák nepomohl, hlavně že se ten dobroděj ukazuje ve správce úloh, ani re-download nepomohl...

RogueKiller
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Administrator [Práva správce]
Mód : Kontrola -- Datum : 02/24/2013 20:53:23
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Microsoft][HJNAME] ctfmon.exe -- C:\WINDOWS\SysWOW64\ctfmon.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[Services][HJNAME] HKLM\[...]\ControlSet001\Services\IASJet (C:\WINDOWS\SysWOW64\svchost.exe -k iasjet) [7] -> NALEZENO
[Services][HJNAME] HKLM\[...]\ControlSet003\Services\IASJet (C:\WINDOWS\SysWOW64\svchost.exe -k iasjet) [7] -> NALEZENO
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> NALEZENO
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> NALEZENO
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD501LJ +++++
--- User ---
[MBR] d2a1788496a6f6d60247b31e8bdfd146
[BSP] 3a4fe676dce00371a284d6e983b5d853 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_02242013_02d2053.txt >>
RKreport[1]_S_02242013_02d2053.txt

Ukončete všechny programy, které mohou být zahájeny.
Prosím, odpojte všechny USB nebo externí disky z počítače před spuštěním tohoto prověřování!
Pro Windows Vista nebo Windows 7, klepněte pravým tlačítkem myši a vyberte "Spustit jako správce", kdo
V systému Windows XP poklepejte spustit.
Počkejte, až Prescan dokončí ...
Pak klikněte na "Scan" tlačítko
Počkejte, dokud Status okno zobrazuje "Scan Finální"
klikněte na "Delete"
Počkejte, dokud Status box zobrazuje "Smazání Finished"
Klikněte na "zprávy" a kopírovat / vložit obsah Poznámkový blok do další odpovědi.Log je možno nalézt v RKreport [1]. Txt na ploše Konec / Zavřít RogueKiller +


Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

Roguekiller

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Administrator [Práva správce]
Mód : Odebrat -- Datum : 02/25/2013 05:39:35
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Microsoft][HJNAME] ctfmon.exe -- C:\WINDOWS\SysWOW64\ctfmon.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[Services][HJNAME] HKLM\[...]\ControlSet001\Services\IASJet (C:\WINDOWS\SysWOW64\svchost.exe -k iasjet) [7] -> VYMAZÁNO
[Services][HJNAME] HKLM\[...]\ControlSet003\Services\IASJet (C:\WINDOWS\SysWOW64\svchost.exe -k iasjet) [7] -> VYMAZÁNO
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> NAHRAZENO (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> NAHRAZENO (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD501LJ +++++
--- User ---
[MBR] d2a1788496a6f6d60247b31e8bdfd146
[BSP] 3a4fe676dce00371a284d6e983b5d853 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3]_D_02252013_02d0539.txt >>
RKreport[1]_S_02242013_02d2053.txt ; RKreport[2]_S_02252013_02d0539.txt ; RKreport[3]_D_02252013_02d0539.txt

OTL 1/2
to je zásah do soukromí

OTL logfile created on: 2/25/2013 5:43:10 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 75.83% Memory free
4.34 Gb Paging File | 3.83 Gb Available in Paging File | 88.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 390.19 Gb Free Space | 83.78% Space Free | Partition Type: NTFS

Computer Name: DOMOV-93J41K2FD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (http://www.express-files.com/)
PRC - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
PRC - C:\Documents and Settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe (PandoraTV)
PRC - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Garena Plus\lib\XLL.dll ()
MOD - C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll ()
MOD - C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll ()
MOD - C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll ()
MOD - C:\Program Files (x86)\Garena Plus\Plugins\DailyTaskPlugin.dll ()
MOD - C:\Program Files (x86)\Garena Plus\VersionModule.dll ()
MOD - C:\Program Files (x86)\Garena Plus\PluginModule.dll ()
MOD - C:\Program Files (x86)\Garena Plus\PluginKernel.dll ()
MOD - C:\Program Files (x86)\Garena Plus\ImageModule.dll ()
MOD - C:\Program Files (x86)\Garena Plus\ggspawn.dll ()
MOD - C:\Program Files (x86)\Garena Plus\FileLoader.dll ()
MOD - C:\Program Files (x86)\Garena Plus\CxImage.dll ()
MOD - C:\Program Files (x86)\Garena Plus\DibModule.dll ()
MOD - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
MOD - C:\Program Files (x86)\Garena Plus\libzmq.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\UILayout.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\Http.dll ()
MOD - C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll ()
MOD - C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll ()
MOD - C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll ()
MOD - C:\Program Files (x86)\Garena Plus\ggdownloader.dll ()
MOD - C:\Program Files (x86)\Garena Plus\ggcode.dll ()
MOD - C:\Program Files (x86)\Garena Plus\CommonLib.dll ()
MOD - C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll ()
MOD - C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll ()
MOD - C:\Program Files (x86)\PANDORA.TV\PanService\libupnp.dll ()
MOD - C:\Program Files (x86)\Garena Plus\lame_enc.dll ()
MOD - C:\Program Files (x86)\Garena Plus\sqlite3.dll ()
MOD - C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll ()
MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd ()
MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ctypes.pyd ()
MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (VideoDownloadConverter_4zService) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe (COMPANYVERS_NAME)
SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PanService) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\SysWOW64\wdfmgr.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - ({73526619-C24F-470B-9BED-53D455FBB5C6}) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (PfFilter) -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys (IObit Information Technology)
DRV - (ntk_PowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.)
DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)
DRV - (Winsock) -- C:\WINDOWS\SysWow64\winsock.dll (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dl ... date&O1=b1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "iSearch"
FF - prefs.js..browser.startup.homepage: "http://google.cz/"
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin [2013/01/07 19:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013/02/01 21:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2013/02/07 09:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/19 13:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/09 14:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2013/02/22 05:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\hxajer2w.default\extensions
[2013/02/22 05:05:44 | 000,021,487 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\hxajer2w.default\extensions\plugin@yontoo.com.xpi
[2013/01/09 14:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/19 13:27:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/19 13:27:59 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/16 19:28:39 | 000,002,298 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/01/27 10:11:57 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/11/29 12:32:34 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2012/11/29 12:32:34 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2012/11/29 12:32:34 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2012/11/29 12:32:34 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012/11/29 12:32:35 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - Extension: Disk Google = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoDownloadConverter] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (MindSpark)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SysWOW64\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe (Smart PC Cleaner)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF180EE4-099B-401E-BD6B-8EE3AD9AB1B7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysWOW64\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\SysWow64\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\SysWow64\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\SysWow64\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - C:\WINDOWS\SysWow64\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\EFS: DllName - (sclgntfy.dll) - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1

OTL 2/2

O32 - AutoRun File - [2012/12/24 08:38:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/25 05:37:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/02/24 20:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2013/02/23 21:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups
[2013/02/23 20:57:53 | 005,034,320 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2013/02/23 12:58:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\hijackthis.exe
[2013/02/23 12:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2013/02/23 12:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/23 12:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/23 12:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/23 12:57:00 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2013/02/23 12:56:32 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/23 10:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FullTiltPoker
[2013/02/23 10:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
[2013/02/23 10:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker
[2013/02/22 05:34:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/02/19 15:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Praha vylet
[2013/02/16 19:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013/02/16 19:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/02/16 19:33:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressFiles
[2013/02/16 19:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ExpressFiles
[2013/02/16 19:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/02/16 19:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2013/02/16 19:28:06 | 004,850,096 | ---- | C] (http://yourfiledownloader.com) -- C:\Documents and Settings\Administrator\Desktop\Blue_Scholars-Bayani_full_album_zip_downloader_98975(1).exe
[2013/02/16 19:27:55 | 004,850,096 | ---- | C] (http://yourfiledownloader.com) -- C:\Documents and Settings\Administrator\Desktop\Blue_Scholars-Opening_Salvo_mp3_downloader_98975.exe
[2013/02/16 18:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaShow
[2013/02/16 18:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2013/02/16 18:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CyberLink
[2013/02/16 18:33:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2013/02/16 18:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CyberLink
[2013/02/16 18:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaServer
[2013/02/16 18:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PDVD
[2013/02/16 18:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2013/02/16 18:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CyberLink
[2013/02/16 18:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\CyberLink
[2013/02/16 18:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDVD 12
[2013/02/16 18:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2013/02/16 18:30:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2013/02/16 18:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
[2013/02/16 18:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2013/02/16 18:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Nová složka (2)
[2013/02/16 16:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\YourFileDownloader
[2013/02/16 16:45:14 | 004,850,096 | ---- | C] (http://yourfiledownloader.com) -- C:\Documents and Settings\Administrator\Desktop\Blue_Scholars-Bayani_full_album_zip_downloader_98975.exe
[2013/02/12 06:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\J. Little - Jak vyhravat pokerove turnaje 1. díl
[2013/02/09 17:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TA
[2013/02/09 11:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PANDORATV
[2013/02/09 11:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PANDORA.TV
[2013/02/09 11:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\The KMPlayer
[2013/02/09 11:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2013/02/07 15:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2013/02/07 09:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CPN
[2013/02/07 09:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CardCasino
[2013/02/07 09:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CardCasino
[2013/02/07 09:39:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer
[2013/02/07 09:39:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en-US
[2013/02/07 09:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/02/07 09:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/02/07 09:38:20 | 000,000,000 | ---D | C] -- C:\b4529d93a01417568d7b9e8203
[2013/02/07 09:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013/02/07 09:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 6.0
[2013/02/07 09:22:57 | 000,000,000 | RH-D | C] -- C:\AHCache
[2013/02/03 16:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIMP3
[2013/02/03 16:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AIMP3
[2013/02/03 16:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIMP3
[2013/02/03 13:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GarenaPlus
[2013/02/03 13:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garena
[2013/02/03 13:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2013/02/03 13:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2013/02/03 13:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Warcraft III
[2013/02/03 13:29:31 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2013/02/03 13:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III
[2013/02/03 13:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2013/02/03 13:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/02/03 13:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/02/01 21:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2013/01/30 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CENZURA HD
[2013/01/30 15:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CENZURA HD
[2013/01/30 15:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CENZURA HD
[2013/01/30 15:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TrafficSpaceLLC
[2013/01/30 15:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Video Download Converter
[2013/01/30 15:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2013/01/30 15:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/01/30 15:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/01/30 15:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
[2013/01/30 14:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MP3
[2013/01/27 14:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Protected Folder
[2013/01/27 14:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/01/27 14:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/01/27 12:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prime95
[2013/01/27 12:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Prime95
[2013/01/27 12:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
[2013/01/27 12:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalWire
[2013/01/27 10:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SLEEP TIGHT (2011, cz tit.)
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/25 05:37:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/02/25 05:34:46 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/25 05:34:46 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\YourFile DownloaderUpdate.job
[2013/02/25 05:34:46 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\Express FilesUpdate.job
[2013/02/25 05:34:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/24 21:26:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/24 21:08:37 | 000,594,019 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2013/02/24 20:51:58 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2013/02/24 20:51:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/24 17:06:11 | 007,666,250 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\50_cent_feat._eminem_adam_levine_-_my_life_(www.freshmp3music.ru).mp3
[2013/02/24 14:09:26 | 000,262,109 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\counter_strike_2_3d.jar
[2013/02/23 21:15:06 | 000,036,063 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_121.jpg
[2013/02/23 20:58:03 | 005,034,320 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2013/02/23 20:57:48 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2013/02/23 20:57:38 | 000,341,511 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_120.jpg
[2013/02/23 13:48:08 | 001,999,527 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\nokia-6300-hry.zip
[2013/02/23 12:58:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\hijackthis.exe
[2013/02/23 12:57:18 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 12:57:00 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2013/02/23 12:56:51 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/23 10:22:01 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2013/02/21 21:56:08 | 000,509,789 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sacharidové vlny by petr.jpg
[2013/02/21 21:54:01 | 000,137,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_119.jpg
[2013/02/21 21:53:53 | 000,127,126 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_118.jpg
[2013/02/21 21:53:46 | 000,137,627 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_117.jpg
[2013/02/21 21:53:40 | 000,133,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_116.jpg
[2013/02/21 21:08:11 | 240,404,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\[CNT]_Naruto_Shippuuden_301_[CB0F38B4].mkv
[2013/02/21 15:25:25 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars - No Rest For The Weary.m3u
[2013/02/21 14:08:35 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/21 14:01:24 | 012,787,050 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars - Back Home Music Video_(360p).mp3
[2013/02/21 13:51:34 | 009,699,994 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars - Ordinary Guys_(360p).mp3
[2013/02/21 13:48:57 | 015,352,706 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars - Still Got Love_(480p).mp3
[2013/02/21 13:39:06 | 012,214,859 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars_ 50 Thousand Deep_(360p).mp3
[2013/02/19 14:34:59 | 000,030,170 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\metro-mapa-praha3.gif
[2013/02/19 12:59:23 | 1017,118,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mothers.And.Daughters-720p.part4.rar
[2013/02/19 05:45:44 | 000,198,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_108.jpg
[2013/02/18 16:09:48 | 000,224,612 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_107.jpg
[2013/02/17 19:56:47 | 000,029,737 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sata_vs_ide.jpg
[2013/02/17 17:08:12 | 051,799,604 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RTD10.zip
[2013/02/16 19:35:24 | 000,123,663 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_100.jpg
[2013/02/16 19:33:08 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Express Files.lnk
[2013/02/16 19:32:41 | 000,000,000 | ---- | M] () -- C:\END
[2013/02/16 19:28:11 | 004,850,096 | ---- | M] (http://yourfiledownloader.com) -- C:\Documents and Settings\Administrator\Desktop\Blue_Scholars-Bayani_full_album_zip_downloader_98975(1).exe
[2013/02/16 19:27:58 | 004,850,096 | ---- | M] (http://yourfiledownloader.com) -- C:\Documents and Settings\Administrator\Desktop\Blue_Scholars-Opening_Salvo_mp3_downloader_98975.exe
[2013/02/16 18:33:00 | 000,001,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD 12.lnk
[2013/02/16 18:28:45 | 162,440,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PowerDVD12.Trial.DVD120927-06.exe
[2013/02/16 16:45:14 | 004,850,096 | ---- | M] (http://yourfiledownloader.com) -- C:\Documents and Settings\Administrator\Desktop\Blue_Scholars-Bayani_full_album_zip_downloader_98975.exe
[2013/02/16 10:51:32 | 000,271,511 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_097.jpg
[2013/02/13 16:48:14 | 000,055,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_096.jpg
[2013/02/12 12:52:09 | 000,086,619 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_094.jpg
[2013/02/12 12:50:40 | 000,045,373 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_093.jpg
[2013/02/12 06:13:38 | 016,477,229 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\J.-Little---Jak-vyhravat-pokerove-turnaje-1.-díl.rar
[2013/02/11 20:41:51 | 000,304,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\call ship fold.jpg
[2013/02/11 14:43:46 | 000,036,086 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The-Walking-Dead-S03E09(0000212996).srt
[2013/02/11 14:37:01 | 000,214,899 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_091.jpg
[2013/02/10 12:36:49 | 177,142,461 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Two.and.a.Half.Men.S10E15.HDTV.XviD-AFG.avi
[2013/02/10 12:36:32 | 000,032,498 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Two-and-a-Half-Men-S10E15(0000212746).srt
[2013/02/09 11:49:46 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\KMPlayer.lnk
[2013/02/09 11:48:55 | 026,039,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\KMPlayer_3.5.0.77.exe
[2013/02/08 11:26:14 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013/02/08 11:26:14 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/08 11:26:04 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
[2013/02/07 15:46:18 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2013/02/07 15:46:18 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/02/07 12:39:30 | 183,533,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Two.and.a.Half.Men.S09E02.HDTV.XviD-ASAP.avi
[2013/02/07 09:44:22 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CardCasino.lnk
[2013/02/07 09:44:22 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CardCasino.lnk
[2013/02/07 09:40:22 | 001,128,464 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/02/04 21:43:11 | 000,045,194 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\room_v3.dat
[2013/02/03 16:33:30 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIMP3.lnk
[2013/02/03 13:39:52 | 000,084,662 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2013/02/03 13:33:53 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Garena Plus.lnk
[2013/02/03 13:33:29 | 055,044,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GarenaPlus_Install.exe
[2013/02/03 13:32:14 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2013/02/03 13:32:14 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif
[2013/02/03 13:20:46 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2013/02/03 11:52:21 | 005,193,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DMX-give.mp3
[2013/02/03 11:31:14 | 007,401,919 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Adrian Lux - Burning.mp3
[2013/02/01 22:51:10 | 005,390,935 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cold play lalavila.mp3
[2013/02/01 22:45:38 | 006,612,102 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars - Lumiere.mp3
[2013/02/01 22:42:06 | 003,481,728 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Paul van Dyk - For an angel.mp3
[2013/02/01 22:32:31 | 010,714,628 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\darude-sandstorm.mp3
[2013/02/01 22:21:00 | 002,828,993 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ATB 9 PM Till I Come.mp3
[2013/02/01 22:04:29 | 015,657,302 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\preview(1).mp3
[2013/02/01 21:36:06 | 003,782,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Chase-&-Status---Time-Feat.-Delilah.mp3
[2013/02/01 21:31:11 | 002,448,303 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Blue - Gemini.mp3
[2013/02/01 21:28:03 | 008,153,308 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Avicii - Fade Into Darkness.mp3
[2013/02/01 21:23:23 | 005,664,826 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\01-Rolling-in-the-Deep.mp3
[2013/02/01 21:21:49 | 003,753,060 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\32 - Lux Aeterna.mp3
[2013/02/01 21:16:36 | 003,888,273 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Põhja-Tallinn - Lähen Ja Tulen.mp3
[2013/02/01 20:55:24 | 006,908,959 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\06-sub_focus-rock_it.mp3
[2013/02/01 20:45:27 | 004,735,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\erasus.mp3
[2013/02/01 19:36:37 | 785,856,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Expendables Postradatelní 2 Expendables 2 (2012).avi
[2013/02/01 13:11:48 | 000,098,443 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AH220_Utility_LFormat.zip
[2013/02/01 10:23:16 | 000,192,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Capture_083.jpg
[2013/01/30 21:28:25 | 000,204,426 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2zjcp6q.jpg.png
[2013/01/30 15:50:56 | 011,837,713 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ronnie Coleman - Bodybuilding Motivation HD_(720p).mp3
[2013/01/30 15:47:44 | 093,394,309 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Ronnie Coleman - Bodybuilding Motivation HD_(720p).mp4
[2013/01/30 15:47:00 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CENZURA HD.lnk
[2013/01/30 15:41:06 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Free Video to MP3 Converter.lnk
[2013/01/27 14:22:57 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Protected Folder.lnk
[2013/01/27 12:40:03 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AIDA64 Extreme Edition.lnk
[2013/01/27 10:58:41 | 954,307,722 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Candyman 1992 DVDRip czdub.avi
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/24 21:08:36 | 000,594,019 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2013/02/24 20:51:57 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2013/02/24 17:01:22 | 007,666,250 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\50_cent_feat._eminem_adam_levine_-_my_life_(www.freshmp3music.ru).mp3
[2013/02/24 14:09:26 | 000,262,109 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\counter_strike_2_3d.jar
[2013/02/23 21:15:06 | 000,036,063 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_121.jpg
[2013/02/23 20:57:47 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2013/02/23 20:57:38 | 000,341,511 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_120.jpg
[2013/02/23 13:48:07 | 001,999,527 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\nokia-6300-hry.zip
[2013/02/23 12:57:18 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 10:22:01 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2013/02/21 21:56:06 | 000,509,789 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sacharidové vlny by petr.jpg
[2013/02/21 21:54:01 | 000,137,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_119.jpg
[2013/02/21 21:53:53 | 000,127,126 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_118.jpg
[2013/02/21 21:53:46 | 000,137,627 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_117.jpg
[2013/02/21 21:53:40 | 000,133,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_116.jpg
[2013/02/21 21:07:33 | 240,404,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\[CNT]_Naruto_Shippuuden_301_[CB0F38B4].mkv
[2013/02/21 15:25:25 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars - No Rest For The Weary.m3u
[2013/02/21 13:58:49 | 012,787,050 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars - Back Home Music Video_(360p).mp3
[2013/02/21 13:49:14 | 009,699,994 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars - Ordinary Guys_(360p).mp3
[2013/02/21 13:44:51 | 015,352,706 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars - Still Got Love_(480p).mp3
[2013/02/21 13:37:01 | 012,214,859 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars_ 50 Thousand Deep_(360p).mp3
[2013/02/19 14:34:59 | 000,030,170 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\metro-mapa-praha3.gif
[2013/02/19 12:54:48 | 1017,118,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mothers.And.Daughters-720p.part4.rar
[2013/02/19 05:45:44 | 000,198,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_108.jpg
[2013/02/18 16:09:48 | 000,224,612 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_107.jpg
[2013/02/17 19:56:47 | 000,029,737 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sata_vs_ide.jpg
[2013/02/17 17:08:00 | 051,799,604 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RTD10.zip
[2013/02/16 19:35:24 | 000,123,663 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_100.jpg
[2013/02/16 19:33:08 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Express Files.lnk
[2013/02/16 19:33:08 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\Express FilesUpdate.job
[2013/02/16 19:32:41 | 000,000,000 | ---- | C] () -- C:\END
[2013/02/16 18:33:00 | 000,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD 12.lnk
[2013/02/16 18:28:21 | 162,440,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PowerDVD12.Trial.DVD120927-06.exe
[2013/02/16 16:46:31 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\YourFile DownloaderUpdate.job
[2013/02/16 10:51:32 | 000,271,511 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_097.jpg
[2013/02/13 16:48:14 | 000,055,224 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_096.jpg
[2013/02/12 12:52:09 | 000,086,619 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_094.jpg
[2013/02/12 12:50:40 | 000,045,373 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_093.jpg
[2013/02/12 06:13:36 | 016,477,229 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\J.-Little---Jak-vyhravat-pokerove-turnaje-1.-díl.rar
[2013/02/11 20:41:50 | 000,304,362 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\call ship fold.jpg
[2013/02/11 14:43:46 | 000,036,086 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The-Walking-Dead-S03E09(0000212996).srt
[2013/02/10 12:36:32 | 000,032,498 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Two-and-a-Half-Men-S10E15(0000212746).srt
[2013/02/10 12:07:17 | 177,142,461 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Two.and.a.Half.Men.S10E15.HDTV.XviD-AFG.avi
[2013/02/09 11:49:46 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\KMPlayer.lnk
[2013/02/09 11:48:51 | 026,039,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\KMPlayer_3.5.0.77.exe
[2013/02/09 11:23:05 | 000,214,899 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_091.jpg
[2013/02/07 22:48:55 | 000,258,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/02/07 15:46:18 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2013/02/07 15:46:18 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/02/07 12:38:53 | 183,533,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Two.and.a.Half.Men.S09E02.HDTV.XviD-ASAP.avi
[2013/02/07 09:44:22 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\CardCasino.lnk
[2013/02/07 09:44:22 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CardCasino.lnk
[2013/02/04 21:43:11 | 000,045,194 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\room_v3.dat
[2013/02/03 16:33:30 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIMP3.lnk
[2013/02/03 13:33:53 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Garena Plus.lnk
[2013/02/03 13:33:22 | 055,044,848 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GarenaPlus_Install.exe
[2013/02/03 13:29:32 | 000,084,662 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2013/02/03 13:29:32 | 000,002,829 | ---- | C] () -- C:\WINDOWS\War3Unin.pif
[2013/02/03 13:20:46 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2013/02/03 11:52:21 | 005,193,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DMX-give.mp3
[2013/02/01 22:49:08 | 007,401,919 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Adrian Lux - Burning.mp3
[2013/02/01 22:47:20 | 005,390,935 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cold play lalavila.mp3
[2013/02/01 22:45:24 | 006,612,102 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Blue Scholars - Lumiere.mp3
[2013/02/01 22:42:04 | 003,481,728 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Paul van Dyk - For an angel.mp3
[2013/02/01 22:32:04 | 010,714,628 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\darude-sandstorm.mp3
[2013/02/01 22:20:16 | 002,828,993 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ATB 9 PM Till I Come.mp3
[2013/02/01 22:03:54 | 015,657,302 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\preview(1).mp3
[2013/02/01 21:36:06 | 003,782,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Chase-&-Status---Time-Feat.-Delilah.mp3
[2013/02/01 21:31:06 | 002,448,303 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Blue - Gemini.mp3
[2013/02/01 21:27:46 | 008,153,308 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Avicii - Fade Into Darkness.mp3
[2013/02/01 21:23:05 | 005,664,826 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\01-Rolling-in-the-Deep.mp3
[2013/02/01 21:21:14 | 003,753,060 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\32 - Lux Aeterna.mp3
[2013/02/01 21:16:35 | 003,888,273 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Põhja-Tallinn - Lähen Ja Tulen.mp3
[2013/02/01 20:55:19 | 006,908,959 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\06-sub_focus-rock_it.mp3
[2013/02/01 20:45:17 | 004,735,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\erasus.mp3
[2013/02/01 19:34:19 | 785,856,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Expendables Postradatelní 2 Expendables 2 (2012).avi
[2013/02/01 13:11:48 | 000,098,443 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AH220_Utility_LFormat.zip
[2013/02/01 10:23:16 | 000,192,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_083.jpg
[2013/01/30 21:28:24 | 000,204,426 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2zjcp6q.jpg.png
[2013/01/30 15:50:13 | 011,837,713 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ronnie Coleman - Bodybuilding Motivation HD_(720p).mp3
[2013/01/30 15:47:35 | 093,394,309 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Ronnie Coleman - Bodybuilding Motivation HD_(720p).mp4
[2013/01/30 15:47:00 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CENZURA HD.lnk
[2013/01/30 15:41:06 | 000,001,997 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Free Video to MP3 Converter.lnk
[2013/01/27 14:22:57 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Protected Folder.lnk
[2013/01/27 12:40:03 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AIDA64 Extreme Edition.lnk
[2013/01/27 10:56:14 | 954,307,722 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Candyman 1992 DVDRip czdub.avi
[2013/01/06 15:53:23 | 000,034,308 | ---- | C] () -- C:\WINDOWS\SysWow64\BASSMOD.dll
[2013/01/01 18:57:24 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/24 16:03:07 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/12/24 13:13:25 | 000,049,152 | R--- | C] () -- C:\WINDOWS\SysWow64\ChCfg.exe
[2012/12/24 13:12:48 | 000,037,376 | R--- | C] () -- C:\WINDOWS\CPLUtl64.exe
[2012/12/24 09:23:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/12/24 09:16:13 | 001,128,464 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012/12/24 08:42:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

========== ZeroAccess Check ==========

[2012/12/24 09:15:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 11:05:50 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2007/02/18 11:05:28 | 000,482,816 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/22 05:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AIMP3
[2013/02/16 19:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2012/12/29 15:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer
[2012/12/29 13:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
[2013/02/22 05:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2013/02/01 21:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
[2013/02/01 21:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2013/02/16 19:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ExpressFiles
[2013/02/25 05:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GarenaPlus
[2013/02/14 06:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Microgaming
[2013/01/01 10:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PacificPoker
[2012/12/26 17:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Party
[2012/12/24 20:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoFiltre 7
[2013/01/24 21:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spotify
[2013/02/22 05:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2013/01/07 19:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VideoDownloadConverter_4z
[2013/02/16 16:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YourFileDownloader
[2013/01/30 15:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CENZURA HD
[2013/02/16 19:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/02/03 13:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/02/25 05:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2013/02/16 18:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2013/01/27 14:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/12/25 20:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2013/02/16 18:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDVD
[2013/02/16 19:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/02/16 18:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

========== Purity Check ==========



< End of report >

Extras

OTL Extras logfile created on: 2/25/2013 5:43:10 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 75.83% Memory free
4.34 Gb Paging File | 3.83 Gb Available in Paging File | 88.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 390.19 Gb Free Space | 83.78% Space Free | Partition Type: NTFS

Computer Name: DOMOV-93J41K2FD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe:*:Enabled:CyberLink PowerDVD12 -- (CyberLink Corp.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe:*:Enabled:CyberLink PowerDVD 12 DMREngine -- (CyberLink)
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe:*:Enabled:CyberLink PowerDVD 12 Media Server Service -- (CyberLink)
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe:*:Enabled:CyberLink PowerDVD12 Agent -- (CyberLink Corp.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe:*:Enabled:CyberLink PowerDVD12 Moovie Live -- (CyberLink Corp.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe:*:Enabled:CyberLink PowerDVD12 -- (CyberLink Corp.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe:*:Enabled:CyberLink PowerDVD 12 DMREngine -- (CyberLink)
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe:*:Enabled:CyberLink PowerDVD 12 Media Server Service -- (CyberLink)
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe:*:Enabled:CyberLink PowerDVD12 Agent -- (CyberLink Corp.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe:*:Enabled:CyberLink PowerDVD12 Moovie Live -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Heroes of Newerth\hon.exe" = C:\Program Files (x86)\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth -- (S2 Games)
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe" = C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2 -- ()
"C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files (x86)\CardCasino\PokerClient.exe" = C:\Program Files (x86)\CardCasino\PokerClient.exe:*:Enabled:CardCasino -- (CardCasino)
"C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe:*:Enabled:CyberLink PowerDVD12 -- (CyberLink Corp.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe:*:Enabled:CyberLink PowerDVD 12 DMREngine -- (CyberLink)
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe:*:Enabled:CyberLink PowerDVD 12 Media Server Service -- (CyberLink)
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe:*:Enabled:CyberLink PowerDVD12 Agent -- (CyberLink Corp.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe:*:Enabled:CyberLink PowerDVD12 Moovie Live -- (CyberLink Corp.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe:*:Enabled:CyberLink PowerDVD 12.0 -- (CyberLink Corp.)
"C:\Program Files (x86)\YourFileDownloader\Downloader.exe" = C:\Program Files (x86)\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader
"C:\Program Files (x86)\YourFileDownloader\YourFile.exe" = C:\Program Files (x86)\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader
"C:\Program Files (x86)\ExpressFiles\expressdl.exe" = C:\Program Files (x86)\ExpressFiles\expressdl.exe:*:Enabled:Express Files -- (http://www.express-files.com/)
"C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" = C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe:*:Enabled:Express Files -- (http://www.express-files.com/)
"C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe" = C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess -- (PandoraTV)
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe" = C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService -- (Pandora.TV)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Heroes of Newerth\hon.exe" = C:\Program Files (x86)\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth -- (S2 Games)
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe" = C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2 -- ()
"C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files (x86)\CardCasino\PokerClient.exe" = C:\Program Files (x86)\CardCasino\PokerClient.exe:*:Enabled:CardCasino -- (CardCasino)
"C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe:*:Enabled:CyberLink PowerDVD12 -- (CyberLink Corp.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe:*:Enabled:CyberLink PowerDVD 12 DMREngine -- (CyberLink)
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe:*:Enabled:CyberLink PowerDVD 12 Media Server Service -- (CyberLink)
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe:*:Enabled:CyberLink PowerDVD12 Agent -- (CyberLink Corp.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe:*:Enabled:CyberLink PowerDVD12 Moovie Live -- (CyberLink Corp.)
"C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe" = C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe:*:Enabled:CyberLink PowerDVD 12.0 -- (CyberLink Corp.)
"C:\Program Files (x86)\YourFileDownloader\Downloader.exe" = C:\Program Files (x86)\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader
"C:\Program Files (x86)\YourFileDownloader\YourFile.exe" = C:\Program Files (x86)\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader
"C:\Program Files (x86)\ExpressFiles\expressdl.exe" = C:\Program Files (x86)\ExpressFiles\expressdl.exe:*:Enabled:Express Files -- (http://www.express-files.com/)
"C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" = C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe:*:Enabled:Express Files -- (http://www.express-files.com/)
"C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe" = C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess -- (PandoraTV)
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe" = C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService -- (Pandora.TV)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{272B28DC-7F63-3F8F-48AD-5651F3F00A8F}" = ccc-utility64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B24B387E-57D8-A1D9-B688-6C144EFC9107}" = AMD Catalyst Install Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"WIC" = Windows Imaging Component
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR 4.20 (64-bit)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{0807E67B-DACB-1739-A87E-3046FF40BA23}" = CCC Help Chinese Traditional
"{0DF310E3-6C01-99DC-296F-1D021BA36C2D}" = CCC Help English
"{1E8E87B5-4531-CEE3-4791-6AD9E72076EC}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{27596347-C945-B113-EF47-169D471CEB05}" = CCC Help Turkish
"{3666DE18-A4CC-4E1E-8165-0D78758C2209}" = CCC Help Russian
"{532669C6-3139-E755-B3B8-95F184EB27EB}" = CCC Help German
"{577F4DD2-ED68-690F-6328-8A8CAC8FCA75}" = CCC Help Polish
"{5DE1B7CF-7429-40CA-987F-6BEE09B63787}" = Prime95
"{637A3EC2-4299-67B2-E0D2-C25572F4D37A}" = CCC Help Thai
"{702F39B4-05FB-22F4-8426-E5FFFA330FF3}" = CCC Help Chinese Standard
"{73FB391E-E800-CC82-D9BA-EF9CB8A939F3}" = CCC Help French
"{747E2E56-A68B-15C6-BB77-31BFE0C031EF}" = CCC Help Spanish
"{7A37A44B-968E-6CA3-278C-878D4D08B226}" = CCC Help Czech
"{7C0FB04E-5A40-C63D-CC1B-B6C1B60FDDA3}" = CCC Help Japanese
"{7D94796D-007E-45DE-CEAD-8E616D78E95B}" = CCC Help Dutch
"{7E7C98D1-4F44-21D4-C351-25E2367027F3}" = Catalyst Control Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87A91A66-1566-714D-E1BE-1F3B040E65D5}" = CCC Help Swedish
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{92F63D17-2A32-7184-B8D7-905E0E1BC2A9}" = CCC Help Hungarian
"{95CEF602-B837-0C37-F5E6-49C8F3196998}" = CCC Help Greek
"{97E1A4DE-82AB-0448-0AEA-77DC1DD9A492}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DFD861E-2692-873F-BA2C-E4788648D966}" = CCC Help Italian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Czech
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B50676DC-AAE9-20DF-01A5-DABCDECD6DFC}" = Catalyst Control Center Graphics Previews Common
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D9C7FB0D-B233-1B2E-E9DC-543911F6D94A}" = Catalyst Control Center InstallProxy
"{DD9F821E-7B8D-210F-A4AE-47C60870DEBE}" = CCC Help Norwegian
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5D7626A-6EDE-49EC-82CD-417E122FF677}" = Microsoft Windows Czech User Interface Pack
"{E6F42010-AA5A-B862-9620-8CBD23ACDED4}" = CCC Help Portuguese
"{EAAE7669-947C-26DD-563D-863B63FFC1EA}" = CCC Help Finnish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F296A4CD-54A2-1EEE-CE14-8F88A1D97083}" = CCC Help Korean
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.50
"AIMP3" = AIMP3
"BSPlayerf" = BS.Player FREE
"CardCasino" = CardCasino
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.2.0 Shizuku Edition
"CS Poker 0" = CS Poker
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.22.128
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Google Chrome" = Google Chrome
"hon" = Heroes of Newerth
"im" = Garena Plus
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 cs)" = Mozilla Firefox 18.0.2 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PacIn: Nermessova pomsta" = PacIn: Nermessova pomsta 1.0
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"Protected Folder_is1" = Protected Folder
"Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
"Smart PC Cleaner_is1" = Smart PC Cleaner v3.0
"Steam App 570" = Dota 2
"The KMPlayer" = The KMPlayer (remove only)
"triobet (Poker)" = TrioBet
"uTorrent" = µTorrent
"VDC_is1" = Video Download Converter version 1.0.0.0
"VideoDownloadConverter_4zbar Uninstall" = VideoDownloadConverter Toolbar
"CENZURA HD_is1" = CENZURA HD v. 2.9.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ExpressFiles" = ExpressFiles
"PhotoFiltre 7" = PhotoFiltre 7
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2013 4:03:54 PM | Computer Name = DOMOV-93J41K2FD | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2013 4:03:54 PM | Computer Name = DOMOV-93J41K2FD | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2013 4:06:21 PM | Computer Name = DOMOV-93J41K2FD | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2013 4:06:21 PM | Computer Name = DOMOV-93J41K2FD | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2013 4:06:21 PM | Computer Name = DOMOV-93J41K2FD | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2013 4:06:21 PM | Computer Name = DOMOV-93J41K2FD | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2013 12:34:58 AM | Computer Name = DOMOV-93J41K2FD | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2013 12:34:58 AM | Computer Name = DOMOV-93J41K2FD | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2013 12:34:58 AM | Computer Name = DOMOV-93J41K2FD | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2013 12:34:58 AM | Computer Name = DOMOV-93J41K2FD | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/24/2013 4:05:52 PM | Computer Name = DOMOV-93J41K2FD | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
se nezdarila. Referencní chybová zpráva: Sestavení urcené odkazem není v systému
nainstalováno. .

Error - 2/24/2013 4:06:02 PM | Computer Name = DOMOV-93J41K2FD | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.Windows.Common-Controls nebyla
nalezena a poslední chyba byla Sestavení urcené odkazem není v systému nainstalováno.
.

Error - 2/24/2013 4:06:02 PM | Computer Name = DOMOV-93J41K2FD | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.Windows.Common-Controls se
nezdarila. Referencní chybová zpráva: Sestavení urcené odkazem není v systému nainstalováno.
.

Error - 2/24/2013 4:06:02 PM | Computer Name = DOMOV-93J41K2FD | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
se nezdarila. Referencní chybová zpráva: Sestavení urcené odkazem není v systému
nainstalováno. .

Error - 2/25/2013 12:34:46 AM | Computer Name = DOMOV-93J41K2FD | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.Windows.Common-Controls nebyla
nalezena a poslední chyba byla Sestavení urcené odkazem není v systému nainstalováno.
.

Error - 2/25/2013 12:34:46 AM | Computer Name = DOMOV-93J41K2FD | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.Windows.Common-Controls se
nezdarila. Referencní chybová zpráva: Sestavení urcené odkazem není v systému nainstalováno.
.

Error - 2/25/2013 12:34:46 AM | Computer Name = DOMOV-93J41K2FD | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
se nezdarila. Referencní chybová zpráva: Sestavení urcené odkazem není v systému
nainstalováno. .

Error - 2/25/2013 12:34:52 AM | Computer Name = DOMOV-93J41K2FD | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.Windows.Common-Controls nebyla
nalezena a poslední chyba byla Sestavení urcené odkazem není v systému nainstalováno.
.

Error - 2/25/2013 12:34:52 AM | Computer Name = DOMOV-93J41K2FD | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.Windows.Common-Controls se
nezdarila. Referencní chybová zpráva: Sestavení urcené odkazem není v systému nainstalováno.
.

Error - 2/25/2013 12:34:52 AM | Computer Name = DOMOV-93J41K2FD | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
se nezdarila. Referencní chybová zpráva: Sestavení urcené odkazem není v systému
nainstalováno. .


< End of report >

Používáš Garenu Plus ? Pokud ne , tak jí odinstaluj.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

OTL

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Prefs.js: "iSearch" removed from browser.search.selectedEngine
Prefs.js: plugin%40yontoo.com:1.20.02 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 removed from extensions.enabledAddons
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\hxajer2w.default\extensions folder moved successfully.
File C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\hxajer2w.default\extensions\plugin@yontoo.com.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll moved successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ .
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
C:\WINDOWS\Alcmtr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\ deleted successfully.
File {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cdl\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3dd53d40-7b8b-11D0-b013-00aa0059ce02}\ deleted successfully.
File {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dvd\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12D51199-0DB5-46FE-A120-47A3D7D937CC}\ deleted successfully.
File {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\file\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e7-baf9-11ce-8c82-00aa004ba90b}\ deleted successfully.
File {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ftp\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e3-baf9-11ce-8c82-00aa004ba90b}\ deleted successfully.
File {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b}\ deleted successfully.
File {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e2-baf9-11ce-8c82-00aa004ba90b}\ deleted successfully.
File {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ not found.
File Protocol\Handler\http\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ not found.
File Protocol\Handler\http\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e5-baf9-11ce-8c82-00aa004ba90b}\ deleted successfully.
File {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ not found.
File Protocol\Handler\https\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ not found.
File Protocol\Handler\https\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\its\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\ deleted successfully.
File {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\javascript\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\ deleted successfully.
File {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\local\ deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e7-baf9-11ce-8c82-00aa004ba90b}\ .
File {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mailto\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}\ deleted successfully.
File {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05300401-BCBC-11d0-85E3-00C04FD85AB4}\ deleted successfully.
File {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mk\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e6-baf9-11ce-8c82-00aa004ba90b}\ deleted successfully.
File {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-its\ deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\ .
File {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\res\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\ deleted successfully.
File {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sysimage\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76E67A63-06E9-11D2-A840-006008059382}\ deleted successfully.
File {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tv\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}\ deleted successfully.
File {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vbscript\ deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\ .
File {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wia\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}\ deleted successfully.
File {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ not found.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus\ deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ .
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload\ deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ .
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}\ deleted successfully.
File {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\deflate\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\gzip\ deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311}\ .
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\lzdhtml\ deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311}\ .
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/webviewhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{733AC4CB-F1A4-11d0-B951-00A0C90312E1}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\userinit.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:%SystemRoot%\system32\logonui.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:Control_RunDLL "sysdm.cpl" deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System:lsass.exe deleted successfully.
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent\ scheduled to be deleted on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\ deleted successfully.
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv\ scheduled to be deleted on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ deleted successfully.
C:\WINDOWS\SysWow64\Security.dll moved successfully.
File sethosts] not found.
File rity] not found.
File ptytemp] not found.
File PTYFLASH] not found.
File art explorer] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 02252013_153512

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent\ scheduled to be deleted on reboot.
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv\ scheduled to be deleted on reboot.