PC-HELP.CZ

Dobrý deň,
niekoľko dní som mal problém s vyhadzovaním modrej obrazovky po spustení počítača. Po reštarte sa však vždy normálne rozbehol. Dnes som urobil kontrolu cez Anti-Malware a zistil som prítomnosť Rootkit.Agent v súbore eahxx.sys. Po vymazaní cez Anti-Malware je po reštarte detekcia späť. Prosím Vás o kotrolu logov.

Tu je log z Anti-Malware:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verzia databázy: 4157

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

31. 5. 2010 19:05:55
mbam-log-2010-05-31 (19-05-55).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 335910
Uplynulý čas: 47 min, 37 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 1

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\Windows\System32\drivers\eahxx.sys (Rootkit.Agent) -> No action taken.


Tu je log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:04, on 31. 5. 2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Users\RADOSL~1\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Users\RADOSL~1\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - D:\Prog Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Prog Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://195.80.177.99/ConnectComputer/nshelp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\Windows\system32\UTSCSI.EXE

--
End of file - 10791 bytes

Veľmi pekne ďakujem za prípadnú pomoc.

Radoslav

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O8 - Extra context menu item: Download All by FlashGet - D:\Prog Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Prog Files\FlashGet\jc_link.htm
*****************************************************************************************************************************************
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Ďakujem za rýchlu reakciu. Tu je log z ComboFixu:

ComboFix 10-05-30.09 - Radoslav Šabík . 05. 2010 20:04:22.7.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.421.1033.18.3327.2563 [GMT 2:00]
Running from: c:\users\Radoslav Šabík\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DFRE8E1.tmp
c:\windows\system32\Dvbpws.dll
c:\windows\system32\ReadMe.txt
c:\windows\system32\vb6ko.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 18:12 . 2010-05-31 18:12 -------- d-----w- c:\users\RADOSL~2\AppData\Local\temp
2010-05-31 18:12 . 2010-05-31 18:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-31 18:12 . 2010-05-31 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-26 06:52 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-16 07:10 . 2010-05-16 07:10 -------- d-----w- c:\program files\EasyPHP-5.3.2i
2010-05-14 19:09 . 2010-05-14 19:09 -------- d-----w- c:\program files\MSECache
2010-05-12 08:08 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 14:45 . 2009-08-05 09:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 09:42 . 2009-11-30 19:13 -------- d-----w- c:\program files\JDownloader
2010-05-25 13:00 . 2007-06-05 17:50 -------- d-----w- c:\program files\uTorrent
2010-05-22 11:50 . 2010-02-21 10:06 -------- d-----w- c:\program files\CCleaner
2010-05-13 05:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2009-10-03 08:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 13:39 . 2009-08-05 09:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-05 09:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 15:01 . 2010-04-10 15:01 -------- d-----w- c:\program files\PC Inspector File Recovery
2010-04-10 15:01 . 2007-06-05 17:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 13:32 . 2008-10-03 22:31 -------- d-----w- c:\program files\DiskInternals
2010-03-05 14:01 . 2010-04-16 17:16 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-05-08 22:50 . 2009-05-08 22:50 1459 ----a-w- c:\program files\uninstal.log
2002-05-21 08:00 . 2002-05-21 08:00 1362 ----a-r- c:\program files\ReadMe.txt
2006-05-03 10:06 . 2009-01-24 18:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2009-08-08 16:53 . 2009-08-08 16:50 3140 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-02-21 11:47 . 2009-01-24 18:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-01-24 18:18 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-20 4608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-18 192000]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-01-12 2908160]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"CTHelper"="CTHELPER.EXE" [2007-02-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 19968]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-21 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-01-16 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Radoslav ćabˇk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-5-12 25214]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-3-26 267520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4136404604-2960614731-549300400-1000]
"EnableNotificationsRef"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-10-20 716272]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [x]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys [2006-04-20 9600]


--- Other Services/Drivers In Memory ---

*Deregistered* - eahxx

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 09:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 20:14
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eahxx]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4136404604-2960614731-549300400-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3e,65,c5,e4,f7,b5,f0,a7,7b,47,d0,94,13,a1,46,fa,59,50,4f,88,b3,a3,4e,
c1,f3,5e,17,20,08,b2,4d,2f,9b,b0,8a,f3,8c,f0,16,74,3d,e5,dd,d2,d8,02,07,f2,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
.
Completion time: 2010-05-31 20:17:12
ComboFix-quarantined-files.txt 2010-05-31 18:16

Pre-Run: 1 084 633 088 bytes free
Post-Run: 922 984 448 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=17 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
- - End Of File - - EF6F23CEEFF0F45D81118FB99D87AD30

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\System32\KGyGaAvL.sys
C:\Windows\System32\drivers\eahxx.sys

Driver::
eahxx
KGyGaAvL

Rootkit::
c:\windows\System32\KGyGaAvL.sys
C:\Windows\System32\drivers\eahxx.sys

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eahxx]



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Hotovo. Tu je log z ComboFixu:

ComboFix 10-05-30.09 - Radoslav Šabík . 05. 2010 20:50:48.8.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.421.1033.18.3327.2102 [GMT 2:00]
Running from: c:\users\Radoslav Šabík\Desktop\ComboFix.exe
Command switches used :: c:\users\Radoslav Šabík\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\System32\drivers\eahxx.sys"
"c:\windows\System32\KGyGaAvL.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\drivers\eahxx.sys
c:\windows\System32\KGyGaAvL.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EAHXX
-------\Service_eahxx


((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 18:57 . 2010-05-31 18:57 -------- d-----w- c:\users\RADOSL~2\AppData\Local\temp
2010-05-31 18:57 . 2010-05-31 18:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-31 18:57 . 2010-05-31 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-26 06:52 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-16 07:10 . 2010-05-16 07:10 -------- d-----w- c:\program files\EasyPHP-5.3.2i
2010-05-14 19:09 . 2010-05-14 19:09 -------- d-----w- c:\program files\MSECache
2010-05-12 08:08 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 14:45 . 2009-08-05 09:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 09:42 . 2009-11-30 19:13 -------- d-----w- c:\program files\JDownloader
2010-05-25 13:00 . 2007-06-05 17:50 -------- d-----w- c:\program files\uTorrent
2010-05-22 11:50 . 2010-02-21 10:06 -------- d-----w- c:\program files\CCleaner
2010-05-13 05:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2009-10-03 08:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 13:39 . 2009-08-05 09:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-05 09:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 15:01 . 2010-04-10 15:01 -------- d-----w- c:\program files\PC Inspector File Recovery
2010-04-10 15:01 . 2007-06-05 17:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 13:32 . 2008-10-03 22:31 -------- d-----w- c:\program files\DiskInternals
2010-03-05 14:01 . 2010-04-16 17:16 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-05-08 22:50 . 2009-05-08 22:50 1459 ----a-w- c:\program files\uninstal.log
2002-05-21 08:00 . 2002-05-21 08:00 1362 ----a-r- c:\program files\ReadMe.txt
2006-05-03 10:06 . 2009-01-24 18:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-01-24 18:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-01-24 18:18 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-20 4608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-18 192000]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-01-12 2908160]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"CTHelper"="CTHELPER.EXE" [2007-02-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 19968]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-21 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-01-16 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Radoslav ćabˇk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-5-12 25214]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-3-26 267520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4136404604-2960614731-549300400-1000]
"EnableNotificationsRef"=dword:00000001

S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2006-04-20 59776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 09:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 21:01
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys >>UNKNOWN [0x874EC1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x84571322
\Driver\ACPI -> acpi.sys @ 0x807c2d4c
\Driver\atapi -> sfsync02.sys @ 0x845c08b4
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4136404604-2960614731-549300400-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3e,65,c5,e4,f7,b5,f0,a7,7b,47,d0,94,13,a1,46,fa,59,50,4f,88,b3,a3,4e,
c1,f3,5e,17,20,08,b2,4d,2f,9b,b0,8a,f3,8c,f0,16,74,3d,e5,dd,d2,d8,02,07,f2,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4760)
c:\windows\System32\ctagent.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\oodag.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Smith Micro\StuffIt11\ArcNameService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\UTSCSI.EXE
c:\windows\system32\conime.exe
c:\windows\System32\CTHELPER.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2010-05-31 21:08:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-31 19:08
ComboFix2.txt 2010-05-31 18:17

Pre-Run: 989 986 816 bytes free
Post-Run: 760 197 120 bytes free

- - End Of File - - 19D5A40F98AAE006D57725613F1A11CC

Vypni antivir a pokud máš i Antispyware a odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start -> Spustit (nebo klávesy Win+R) a zadej do řádku: Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup.Pod Běžné registry změň na Vše, Specifické registry na Vše. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 14 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

Hotovo. Tu je obsah OTL.txt:

OTL logfile created on: 31. 5. 2010 21:37:07 - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Radoslav Šabík\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): c:\pagefile.sys 64 64d:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 36,33 Gb Total Space | 1,50 Gb Free Space | 4,14% Space Free | Partition Type: NTFS
Drive D: | 122,02 Gb Total Space | 0,42 Gb Free Space | 0,34% Space Free | Partition Type: NTFS
Drive E: | 139,74 Gb Total Space | 1,43 Gb Free Space | 1,02% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 0,76 Gb Free Space | 0,16% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 4,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 465,76 Gb Total Space | 0,17 Gb Free Space | 0,04% Space Free | Partition Type: NTFS

Computer Name: EAGLERACER
Current User Name: Radoslav Šabík
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Radoslav Šabík\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\System32\UTSCSI.EXE (USBest)
PRC - C:\Windows\System32\oodtray.exe (O&O Software GmbH)
PRC - C:\Program Files\WinFast\WFDTV\DTVSchdl.exe (Leadtek Research Inc.)
PRC - C:\Program Files\WinFast\WFDTV\WFWIZ.exe (Leadtek Research Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\p2phost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Radoslav Šabík\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\CTAGENT.DLL (Creative Technology Ltd)


========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (UTSCSI) -- C:\Windows\System32\UTSCSI.EXE (USBest)
SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ServiceLayer) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (ATIAVAIW) -- C:\Windows\System32\drivers\atinavt2.sys (ATI Technologies Inc.)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\System32\drivers\hidbatt.sys (Microsoft Corporation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (nvrd32) -- C:\Windows\system32\DRIVERS\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation)
DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation)
DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI)
DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation)
DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation)
DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation)
DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation)
DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation)
DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation)
DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation)
DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation)
DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation)
DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation)
DRV - (s616obex) -- C:\Windows\System32\drivers\s616obex.sys (MCCI Corporation)
DRV - (s616mdm) -- C:\Windows\System32\drivers\s616mdm.sys (MCCI Corporation)
DRV - (s616mdfl) -- C:\Windows\System32\drivers\s616mdfl.sys (MCCI Corporation)
DRV - (s616bus) Sony Ericsson Device 616 driver (WDM) -- C:\Windows\System32\drivers\s616bus.sys (MCCI Corporation)
DRV - (hap17v2k) -- C:\Windows\System32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\Windows\System32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\Windows\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTHWIUT.DLL) -- C:\Windows\System32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CT20XUT.DLL) -- C:\Windows\System32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\Windows\System32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL) -- C:\Windows\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\Windows\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\Windows\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\Windows\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (COMMONFX.DLL) -- C:\Windows\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (Nokia USB Phone Parent) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (Nokia USB Modem) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Generic) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (tv2ktunr) -- C:\Windows\System32\drivers\wf2ktunr.sys (Leadtek Research Inc.)
DRV - (BT848) -- C:\Windows\System32\drivers\wf2kvcap.sys (Leadtek Research Inc.)
DRV - (Tv2kXbar) -- C:\Windows\System32\drivers\wf2kXbar.sys (Leadtek Research Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/21 16:19:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 09:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: ([2010/05/31 21:01:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [OODefragTray] C:\Windows\System32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe (Leadtek Research Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe (Leadtek Research Inc.)
O4 - Startup: C:\Users\Radoslav Šabík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm ()
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://195.80.177.99/ConnectComputer/nshelp.dll (NSHelp Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: E:\Wallpapers\Convert\Porsche 935 for GT-Legends.jpg
O24 - Desktop BackupWallPaper: E:\Wallpapers\Convert\Porsche 935 for GT-Legends.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/14 19:40:36 | 000,005,601 | ---- | M] () - D:\autocar.txt -- [ NTFS ]
O32 - AutoRun File - [2009/10/01 23:30:50 | 000,001,751 | ---- | M] () - D:\autocarfun.txt -- [ NTFS ]
O32 - AutoRun File - [2009/05/14 01:03:40 | 000,000,000 | ---D | M] - D:\Autopanorama -- [ NTFS ]
O32 - AutoRun File - [2009/09/30 14:03:36 | 000,000,000 | ---D | M] - E:\AutoClips -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/05/31 21:31:52 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Radoslav Šabík\Desktop\OTL.exe
[2010/05/31 21:08:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/31 21:01:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/05/31 20:57:52 | 000,000,000 | ---D | C] -- C:\Users\Radoslav Šabík\AppData\Local\temp
[2010/05/26 08:52:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2007/02/12 19:48:18 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[7 C:\Users\Radoslav Šabík\Documents\*.tmp files -> C:\Users\Radoslav Šabík\Documents\*.tmp -> ]
[20 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/05/31 21:36:55 | 009,175,040 | -HS- | M] () -- C:\Users\Radoslav Šabík\NTUSER.DAT
[2010/05/31 21:34:49 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/31 21:34:49 | 000,589,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/31 21:34:49 | 000,101,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/31 21:32:00 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Radoslav Šabík\Desktop\OTL.exe
[2010/05/31 21:29:49 | 000,002,471 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/05/31 21:28:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/31 21:28:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/31 21:28:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/31 21:28:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/31 21:28:08 | 3487,010,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/31 21:28:06 | 000,716,397 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010/05/31 21:26:59 | 000,031,104 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000006-00000000-00000007-00001102-00000004-20071102}.rfx
[2010/05/31 21:26:59 | 000,031,104 | ---- | M] () -- C:\Windows\System32\BMXState-{00000006-00000000-00000007-00001102-00000004-20071102}.rfx
[2010/05/31 21:26:59 | 000,030,168 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000006-00000000-00000007-00001102-00000004-20071102}.rfx
[2010/05/31 21:26:59 | 000,030,168 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000006-00000000-00000007-00001102-00000004-20071102}.rfx
[2010/05/31 21:26:59 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000006-00000000-00000007-00001102-00000004-20071102}.rfx
[2010/05/31 21:26:52 | 000,524,288 | -HS- | M] () -- C:\Users\Radoslav Šabík\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/05/31 21:26:52 | 000,065,536 | -HS- | M] () -- C:\Users\Radoslav Šabík\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/05/31 21:26:51 | 002,116,958 | -H-- | M] () -- C:\Users\Radoslav Šabík\AppData\Local\IconCache.db
[2010/05/31 21:26:30 | 004,958,588 | ---- | M] () -- C:\Windows\{00000006-00000000-00000007-00001102-00000004-20071102}.CDF
[2010/05/31 21:26:30 | 004,958,588 | ---- | M] () -- C:\Windows\{00000006-00000000-00000007-00001102-00000004-20071102}.BAK
[2010/05/31 21:04:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/05/31 21:04:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/05/31 21:01:47 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/31 21:01:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/31 19:55:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/05/31 19:55:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/05/31 19:06:41 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/05/31 14:46:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/05/31 14:46:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/05/31 01:43:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/05/31 01:43:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/05/31 01:39:26 | 017,458,911 | ---- | M] () -- C:\Users\Radoslav Šabík\Documents\dd.wdq
[2010/05/31 01:39:25 | 000,655,376 | ---- | M] () -- C:\Users\Radoslav Šabík\Documents\dd.wdqh
[2010/05/31 01:33:10 | 000,074,240 | ---- | M] () -- C:\Users\Radoslav Šabík\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/29 23:14:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/05/29 23:14:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/05/28 21:57:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/05/28 21:57:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/05/27 22:41:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/05/27 22:41:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/05/26 23:13:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/05/26 23:13:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/05/26 01:49:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/26 01:49:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/24 23:26:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/05/24 23:26:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/05/24 09:36:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/05/24 09:36:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/05/24 01:21:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/05/24 01:21:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/05/23 02:48:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/05/23 02:48:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/05/22 03:48:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/05/22 03:48:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/05/21 17:23:30 | 000,023,040 | ---- | M] () -- C:\Users\Radoslav Šabík\Documents\Skuškové.doc
[2010/05/20 23:36:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/05/20 23:36:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/05/20 20:44:09 | 000,816,961 | ---- | M] () -- C:\Users\Radoslav Šabík\Documents\Bakalarska praca.pdf
[2010/05/20 20:42:26 | 000,881,664 | ---- | M] () -- C:\Users\Radoslav Šabík\Documents\Bakalarska praca.doc
[2010/05/19 23:20:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/05/19 23:20:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/05/19 17:26:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/05/19 17:26:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/05/19 08:54:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/05/19 08:54:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/05/18 23:01:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/05/18 23:01:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/05/18 00:44:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/05/18 00:44:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[7 C:\Users\Radoslav Šabík\Documents\*.tmp files -> C:\Users\Radoslav Šabík\Documents\*.tmp -> ]
[20 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/31 14:46:34 | 004,958,588 | ---- | C] () -- C:\Windows\{00000006-00000000-00000007-00001102-00000004-20071102}.BAK
[2010/05/29 23:14:23 | 017,458,911 | ---- | C] () -- C:\Users\Radoslav Šabík\Documents\dd.wdq
[2010/05/29 23:14:23 | 000,655,376 | ---- | C] () -- C:\Users\Radoslav Šabík\Documents\dd.wdqh
[2010/05/29 10:22:01 | 3487,010,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/20 20:43:09 | 000,816,961 | ---- | C] () -- C:\Users\Radoslav Šabík\Documents\Bakalarska praca.pdf
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/05/16 14:54:14 | 000,150,528 | ---- | C] () -- C:\Windows\FAVPID.DLL
[2009/05/05 22:46:42 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2009/05/05 19:39:23 | 001,205,248 | ---- | C] () -- C:\Windows\System32\libvorbis.dll
[2009/05/05 19:39:23 | 000,077,824 | ---- | C] () -- C:\Windows\System32\libvorbisfile.dll
[2009/05/05 19:39:23 | 000,043,520 | ---- | C] () -- C:\Windows\System32\libogg.dll
[2009/01/23 23:43:54 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/01/21 11:55:36 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/11/06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/24 20:51:47 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008/09/04 11:48:26 | 000,000,156 | ---- | C] () -- C:\Windows\CS_MD_T.ini
[2008/07/11 22:17:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\APmpg4v1.dll
[2008/05/26 22:33:08 | 003,607,040 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/05/26 22:33:08 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2008/05/26 22:33:08 | 000,711,168 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/05/26 22:33:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/05/26 22:33:08 | 000,455,680 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/05/26 22:33:08 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2008/05/26 22:33:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/05/26 22:33:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2008/05/26 22:33:08 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2008/05/26 22:33:08 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/05/26 22:33:08 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2008/05/26 22:33:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2008/05/26 22:33:08 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/05/26 22:33:08 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2008/05/26 22:33:08 | 000,081,408 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2008/05/26 22:33:08 | 000,041,984 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2008/05/26 22:33:08 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008/05/26 22:33:08 | 000,023,552 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/05/26 22:33:08 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/03/29 17:42:22 | 000,245,248 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2008/03/29 17:42:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/03/29 17:42:14 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2008/03/29 17:42:08 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2008/03/29 17:42:04 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2008/03/29 17:42:04 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2008/03/29 17:42:02 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2008/03/29 17:42:00 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2008/03/29 17:41:54 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2008/03/29 17:41:52 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2008/03/29 17:41:52 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2007/11/12 18:47:31 | 000,000,032 | ---- | C] () -- C:\Windows\GRAPH5.INI
[2007/11/12 18:47:25 | 000,002,066 | ---- | C] () -- C:\Windows\PACIOLIS.INI
[2007/11/02 06:09:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/11/01 22:51:53 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/10/13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/09/17 13:32:52 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/07/13 20:30:16 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/06/28 20:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/06/07 00:01:44 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2007/06/05 19:30:16 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2007/06/05 19:30:14 | 000,103,936 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2007/06/05 19:30:14 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/06/05 19:24:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/04/24 13:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,723 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2007/02/12 20:15:02 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007/02/12 19:50:02 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2006/11/02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/02 17:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini
[2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll
[2003/04/07 11:38:32 | 000,005,746 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL

========== LOP Check ==========

[2007/07/11 15:54:38 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\ACD Systems
[2009/03/26 15:23:32 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\Acronis
[2007/10/14 16:57:08 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\Datalayer
[2009/07/26 19:48:05 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\Ford Street Racing
[2010/01/07 11:41:01 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\FreeFixer
[2007/07/19 11:05:51 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\GlobalSCAPE
[2010/05/31 14:49:30 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\ICQ
[2007/06/05 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\ICQLite
[2007/06/05 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\InterVideo
[2009/07/12 12:53:41 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\MyPhoneExplorer
[2007/10/23 15:38:24 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\Nokia
[2009/08/01 23:07:23 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\Off Road
[2010/05/31 01:39:29 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\Offline Explorer
[2007/10/14 16:55:26 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\PC Suite
[2008/01/21 15:02:00 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\PeerNetworking
[2007/06/06 23:23:52 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\PHP Designer 2007
[2007/12/28 12:44:23 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\Teleca
[2010/05/31 01:40:43 | 000,000,000 | ---D | M] -- C:\Users\Radoslav Šabík\AppData\Roaming\uTorrent
[2010/05/31 21:26:53 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

Tu je obsah Extras.txt:

OTL Extras logfile created on: 31. 5. 2010 21:37:07 - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Radoslav Šabík\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): c:\pagefile.sys 64 64d:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 36,33 Gb Total Space | 1,50 Gb Free Space | 4,14% Space Free | Partition Type: NTFS
Drive D: | 122,02 Gb Total Space | 0,42 Gb Free Space | 0,34% Space Free | Partition Type: NTFS
Drive E: | 139,74 Gb Total Space | 1,43 Gb Free Space | 1,02% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 0,76 Gb Free Space | 0,16% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 4,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 465,76 Gb Total Space | 0,17 Gb Free Space | 0,04% Space Free | Partition Type: NTFS

Computer Name: EAGLERACER
Current User Name: Radoslav Šabík
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4136404604-2960614731-549300400-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04142192-E054-45F0-9976-7296C5CC5046}" = lport=40891 | protocol=6 | dir=in | name=emule_tcp |
"{04B515CB-524E-4A81-80E7-71F0E99EE2F2}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{0B140DF0-DB81-40DE-95BA-12B59AD1AAC5}" = lport=5358 | protocol=6 | dir=in | app=system |
"{1CDC49B0-9F43-48ED-88A9-1FCDB5C323F6}" = rport=5357 | protocol=6 | dir=out | app=system |
"{1CE998CD-95D0-4E78-80DF-B0E6755D4354}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{1F4B5187-A182-4602-ACF6-FAB1E8B2D5C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21BCAAAB-7614-4D11-83D7-7F489DB112DA}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4BC8FF72-F1E5-407A-B3E9-88EF8CAFAD65}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{53DBFD05-D8C5-4EEB-B8D0-5AF670D1E3C7}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{5A23392A-4609-4D8C-973C-9725A82A36BE}" = lport=19436 | protocol=17 | dir=in | name=emule_udp |
"{5F01F9D1-BD9E-483E-A77F-221DFFB52C4A}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{65CC3015-A3F4-4F08-AFDE-550EAFAF7E5C}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{6C647A17-6A8C-4E46-84DC-43784FCC0A1B}" = lport=40891 | protocol=6 | dir=in | name=emule_tcp |
"{6E9CCACA-BB49-43C3-BADD-7F0DC975F8FE}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{6F94C9A5-F619-4AD6-B5E5-D8B526B329C2}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{7A631115-F2F1-4D3E-9EFD-676167EDC636}" = rport=5358 | protocol=6 | dir=out | app=system |
"{8328AF56-1076-4D37-999A-923DFB1F56B5}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{A945939D-929B-4803-80D6-47C12AD0EEFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AAE02A18-8DA8-4D75-90FC-D83D541DA544}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{AC3906F9-226D-4993-A845-288138CB07C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AC96E2DF-B36C-4283-89AF-DD120106777E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{B70DEC5A-EAB6-40C2-A915-CD70DF58B55F}" = lport=19436 | protocol=17 | dir=in | name=emule_udp |
"{B74CC4CA-4B4A-448F-AC2D-374417EF923A}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{C20FF1CB-B63A-4EC2-A057-7A916F4BCB77}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{D0AD8FB5-7AB2-4816-AFDE-A38C46D791C3}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D0ED9DEA-3E0B-41FA-A3E6-9E513EE1E4E7}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D1F08672-9E00-48E5-8515-0682FB5B6411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D29322AF-E8B4-4080-AD40-6FE86CCAE553}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{D6A72FA1-8CE4-4C94-B220-9BAFD9B49701}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{D855A245-DCC9-46B2-B33C-FF240BF0FE8F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E3A950EB-3133-4236-B2C9-9CAC58ED132B}" = lport=5357 | protocol=6 | dir=in | app=system |
"{F53E0FE5-7682-4F31-872C-E1EC68F37C55}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{F6C833E6-3D9F-4291-B394-59332673B26E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{FD4B0299-6D7C-4E3C-A23D-4C827663791A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D7C319-E857-4754-8A94-5BB94004C896}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision45-win32.exe |
"{08FF9B31-3C3A-4B3E-B49B-21896D49BD92}" = protocol=6 | dir=in | app=d:\driversrepublic\missionimpossible45-win32.exe |
"{09F09911-BFFC-4868-A1A2-219B1F74F24E}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{0DC1B1BA-F065-470A-B48E-EF62D810A5CB}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision23-win32.exe |
"{14758368-0961-4583-8816-6EC6DD128869}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision38-win32.exe |
"{178A43E3-D8C3-4C60-A2F4-014D4DDF6E9B}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision54-win32.exe |
"{18D76BD8-50A3-4C14-A05A-83BE70737FA1}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision28-win32.exe |
"{1A755BC2-B91F-4A88-8862-C4A7621D9E08}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision35-win32.exe |
"{1C470C18-18CD-42D4-87AD-140F95D06A64}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision48-win32.exe |
"{1E79A648-43F4-43F5-953E-57B3AE21AB64}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision50-win32.exe |
"{1F360C03-7E42-4436-AB26-309D5734C1BC}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision41-win32.exe |
"{2132588F-A10E-4973-B733-ED984740781B}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision38-win32.exe |
"{25483AEC-4396-46F6-8213-3D2624806E37}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision55-win32.exe |
"{263491A7-5AE9-4CC2-8C0E-57A74A484E6C}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision21-win32.exe |
"{273793F0-9888-493E-91A6-0C80FCE1A61A}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision25-win32.exe |
"{30A48E43-7BCA-42DF-B02C-708B86E906C9}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision32-win32.exe |
"{3135555E-B1C5-4699-A496-652F697F49C0}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision31-win32.exe |
"{331BF89F-DCC1-47BE-8EC4-4265D480DBAC}" = protocol=17 | dir=in | app=d:\driversrepublic\missionimpossible45-win32.exe |
"{33458602-D4D0-49A0-995B-8919E56BBD91}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision23-win32.exe |
"{3CC268FB-1B58-4609-8CC9-90BAB8BB0839}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision43-win32.exe |
"{3DF1E2F3-4A10-4918-950B-517F9DE9A12C}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision42-win32.exe |
"{42CAF8D1-B722-4CE0-8051-CB7EBB681BFC}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision19-win32.exe |
"{446C1589-1004-44B5-B580-DC1028AD8DDD}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision34-win32.exe |
"{483D6B38-D5CA-4454-A59B-3D7BDFD1212A}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision47-win32.exe |
"{4E9A4AF1-7085-4BA8-B1D6-DB8FFBDB7649}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision24-win32.exe |
"{4F9CE77C-D1A8-4408-9969-57855660E983}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{53C61C38-3CBD-4121-B905-2A7239E1C283}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision21-win32.exe |
"{5B93023C-680C-4AF6-AC8A-7962FE84B2CC}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{5CF766FC-2760-49F9-8AC8-4D61C40DC7C9}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision32-win32.exe |
"{5FF58A04-EBFE-4773-8F89-48F54E21A75C}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{608208E2-20FD-437E-8093-DA9F23D5D6F0}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision55-win32.exe |
"{6209EC9A-2BD5-4376-B0C1-7D3D44CED38F}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision34-win32.exe |
"{62295D44-7CFD-442C-8E20-D8C38265B603}" = protocol=6 | dir=in | app=e:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{676A0E1B-BD55-455D-A6A2-E3822AE47F97}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{6D1D4A91-FAEB-45DE-97E1-481EFC8C4B44}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{6D5B2BEB-8AFD-47DA-9BA6-81EE0EA67EBD}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision49-win32.exe |
"{6DAEE608-4EF8-46AF-8C84-D2A2121EC345}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision46-win32.exe |
"{71D8D9C8-E742-40AB-963C-DB1E7E30068A}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision22-win32.exe |
"{71EB7E6D-F0B7-4C74-93E0-C0071F3E8AF7}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision29-win32.exe |
"{725E2229-8D6F-487E-A81B-C327ED48AEA5}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision20-win32.exe |
"{75AD7B36-0108-484B-BF1D-7381D7441231}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision44-win32.exe |
"{75F66073-4CE9-4A85-BF36-DF445442513E}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision36-win32.exe |
"{7788E518-55F4-48BA-864D-A6413E246E52}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision53-win32.exe |
"{7AD70E0E-0A95-403B-AB5A-58289B54001D}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{7C4D091C-3B3E-4366-8EEF-D9E23E58F970}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{7D6933A9-AFDE-407F-82DB-0A906236679A}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{7F452B4E-8DB8-429B-B7E9-17451AA70992}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision36-win32.exe |
"{7FC16FF5-FD0A-4232-A27B-2F79F1407383}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision49-win32.exe |
"{7FCDA223-A078-4238-829E-D739556B120A}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision37-win32.exe |
"{83FBCD74-98D8-4EC2-80F0-54684727DE52}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision46-win32.exe |
"{86C1FFB8-9074-4211-95E5-40D283FAFC8F}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision37-win32.exe |
"{8997528F-CBE6-4D63-8101-857361861F83}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision52-win32.exe |
"{8ED7FD0C-160D-415C-AD39-2C3C6D18E5DF}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision19-win32.exe |
"{91B12F7E-F914-4167-9AE6-F0065482D7DC}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision35-win32.exe |
"{921418D5-6C82-4153-B55C-2C0791FC7825}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision48-win32.exe |
"{94BA7D81-341A-4265-BF0D-BA3580829BF3}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision28-win32.exe |
"{958EAF19-4E15-4B68-A356-04D799704B11}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{9753139C-D347-4C7F-8F82-1FD90E004A79}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision51-win32.exe |
"{998EDDAB-E4AB-4B0E-B2C0-12984053ABDA}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision54-win32.exe |
"{9BE7E5E1-C673-4606-85D7-44519A328FC8}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision47-win32.exe |
"{9CB8FAD0-F9D3-4B91-B52E-9688A281482D}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision39-win32.exe |
"{9CF98757-4125-4B6C-B47F-0E416D03C09E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9DE962ED-2C34-4B07-A3E6-B4518001972A}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision52-win32.exe |
"{A0907AC6-A5A2-4777-8E52-23A8921131F4}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{A2D911DC-0551-4376-A95B-D22287762B61}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision30-win32.exe |
"{AA4B4360-D695-4D85-A9BE-1B4F0C6E73F6}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision31-win32.exe |
"{ACF83F4C-9562-4636-83A9-81175F621CC9}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision33-win32.exe |
"{AE5B0A9A-8B18-4ACC-9032-96CD13A4ED12}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision44-win32.exe |
"{AF582517-5BC3-4537-AF52-C61C5484E6D3}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision30-win32.exe |
"{B153A6B9-B656-4469-8017-78C4672B2D45}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision50-win32.exe |
"{BAAF3294-EDC0-47B7-BABD-675C652C05CF}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C3192CD7-5F7A-438B-B7F5-74066140CB34}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision24-win32.exe |
"{C3686ECD-0506-4BE1-9A7C-A6BC3AEABE4B}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C37909D6-6EF6-4D5C-9CA5-07E41F365249}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision41-win32.exe |
"{C3FA422F-F6D6-46E5-81F0-3318FD679E44}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision33-win32.exe |
"{C8C74249-C9EA-44E2-B668-84816DD19F42}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision39-win32.exe |
"{D4A3A844-181D-412D-8ED8-E394CF0D5179}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision40-win32.exe |
"{D651AE9B-2E78-47BE-B4C4-29170F493235}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision25-win32.exe |
"{D88C89C9-383E-4C75-BB3F-4511D8627C8B}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision27-win32.exe |
"{D89CAD05-C5C3-478B-9E84-4340D8F006EC}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision26-win32.exe |
"{DA386CC2-8F43-42F2-8BFB-C6656A68CA5F}" = protocol=17 | dir=in | app=e:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{DC7CEC01-E6FE-4716-93C4-CE37CC146CBC}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{DCFBF83C-5723-4944-845D-534268BC6113}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DFDAC7AB-C312-4590-B6DF-95374CC197EE}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision53-win32.exe |
"{E2929D05-FA25-4FA4-A762-46978C46AF1B}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision45-win32.exe |
"{E63ACCAB-4BB9-4195-94BE-1B9BE4182DCB}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision42-win32.exe |
"{F05BB060-03CE-4DE0-8F9F-0757E3E33F3E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{F2BC6705-177A-4760-BA7D-BB0A00A907BA}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision27-win32.exe |
"{F452FAB0-58DB-4E3A-B9EF-3730EEF679FB}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision43-win32.exe |
"{F65C0542-5E36-47FB-9AFA-92AF1AB77CB1}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision22-win32.exe |
"{F9488F5E-DFBB-4685-BFE1-670615C12751}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision26-win32.exe |
"{FA4EFCF5-5ED3-46E4-8D37-24E8C1CD2DAE}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision51-win32.exe |
"{FB093BAC-AD63-4CCE-9C73-456C631E92EF}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision20-win32.exe |
"{FD7C3194-38E5-45F3-BC56-E4F656145E31}" = protocol=6 | dir=in | app=d:\driversrepublic\ovevision29-win32.exe |
"{FDC773E5-2575-499D-81DC-76B87F0E82B7}" = protocol=17 | dir=in | app=d:\driversrepublic\ovevision40-win32.exe |
"TCP Query User{050E4DB7-A7CF-42AE-8FC5-F79F491B097D}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe |
"TCP Query User{090C209E-71E4-43DB-B400-065911004E5E}D:\program files\ea games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=d:\program files\ea games\mohaa\mohaa.exe |
"TCP Query User{10CBC5C9-F88C-44F2-84F1-D9501F4FA88D}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{1139E4C7-B325-40BB-976C-DBE32B858728}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{37FC8C9F-659E-45F9-8388-FB84B8FAE797}E:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=e:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{42C1D168-28AB-40B9-B92E-63EB0789CA42}E:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=e:\program files\intervideo\dvd8\windvd.exe |
"TCP Query User{4CA0D057-9399-418B-9DAE-FB5D1E66A581}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{56BE1C92-DB28-4AFE-8290-87360B45404D}E:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=e:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{6925A2DE-49CF-460B-8BDD-80CC9F531314}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{6A27512D-EA16-43B7-B67A-C0E923867CF1}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{952878A7-5D8E-45A4-ABCB-095F792FB69A}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{9C7D6160-463A-4FFE-AB99-3D28D18F02C5}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{A23B9485-18A4-4FDA-9601-A40756B1DA24}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe |
"TCP Query User{A9AB986D-F921-4976-9C22-072E79FA91D4}E:\program files\electric rain\swift 3d\version 4.50\program\swift3d.exe" = protocol=6 | dir=in | app=e:\program files\electric rain\swift 3d\version 4.50\program\swift3d.exe |
"TCP Query User{C5F22BDD-6F71-4657-AA43-151192B7B591}E:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=e:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{D87A41B2-E9F2-46A6-8EB0-8CAA84992EE1}E:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=e:\program files\intervideo\dvd8\windvd.exe |
"TCP Query User{D996F270-FB0C-45C9-BD0B-51B36F3CD214}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{E5434784-DD7A-4743-BE3C-160A4A31859E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E969F768-E30A-4641-9FED-49A04659BA9D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{EA0AD30A-C2B2-4260-B385-CC41808E084F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{F071A3A7-FF41-4390-8218-B46C240398C9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{FC0A25F1-A744-41EF-B2FA-8E0EDB0DB3D1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FE713FFC-815D-4586-AA45-F24744F4D533}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{17673A7B-0958-4EA9-88CE-CB331431C1B1}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{19A68827-57CF-49E6-9CD8-28065192C8EC}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{2DFAC1F6-F70A-45E1-B773-C75C56234FE0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{387441EC-BAE4-4EA8-A074-D67CFF5F15E0}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{3E275790-E857-40EB-840F-CBB157E8D2CC}E:\program files\electric rain\swift 3d\version 4.50\program\swift3d.exe" = protocol=17 | dir=in | app=e:\program files\electric rain\swift 3d\version 4.50\program\swift3d.exe |
"UDP Query User{5E1C894E-1D8D-4058-981C-61C7FBC0A182}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{743EB5B9-2945-481F-AD4F-BDDB3F53358D}E:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=e:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{760B1654-6E0F-429B-B4D6-48B8DDDB7F85}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8267B91E-41BF-4558-9670-8587A008FDE0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{83472396-669F-4C38-8E8F-C01B2329EDF3}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{8E25D922-BA2D-4F0B-B676-74980B0B8E7E}E:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=e:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{8E5A4740-D3A1-4C4D-924B-2954519FC29D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{A0618B4D-AF58-44B5-A4F9-4ABFAE6F9EB2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A9F16713-DA7C-431E-9B64-DC0D42BC3B28}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{B42585ED-D0E8-40FE-8796-7ABCD2E0FB58}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{B90BEEB9-6AE6-4DC3-81FB-B57064447A1F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BB452156-12BC-43A6-8293-27C9732EFDD1}E:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=e:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{D1553060-178F-43F2-850A-FCBC60731927}E:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=e:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{D9DFA4FB-ED2A-4806-8F46-B5956BA6C136}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{DE82AC4E-7A70-4AF9-AB0A-0E1A846EBE1C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{DE889B34-A51C-4F7E-B594-27E0E915707B}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{F02158A9-1D6B-4A8A-8257-C68F61E26B50}D:\program files\ea games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=d:\program files\ea games\mohaa\mohaa.exe |
"UDP Query User{FA5C51AF-F98C-4E25-9C33-F3B531F57E0D}E:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=e:\program files\sony ericsson\update service\update service.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" skins ALMS Mod Prototypes 1998-2008 SCC v2.41 for GTR2" = skins ALMS Mod Prototypes 1998-2008 SCC v2.41 for GTR2
" skins Le Mans Mod Prototypes 1998-2008 SCC v2.41 for GTR2" = skins Le Mans Mod Prototypes 1998-2008 SCC v2.41 for GTR2
" skins LMES Mod Prototypes 1998-2008 SCC v2.41 for GTR2" = skins LMES Mod Prototypes 1998-2008 SCC v2.41 for GTR2
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{006DEADE-E12E-4DA0-AB65-134F0DE9AF9A}" = Swift 3D v4.50
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1064CABD-7390-4336-94E4-8A53DFBCB636}_is1" = GT Legends 1.0.0.0
"{11FC22F2-F582-40ED-B787-2C1FDC04CB3B}" = CorelDRAW Graphics Suite X4 - IPM
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1624E927-1F74-34E2-64FB-263CE6A6CD6F}" = CCC Help English
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}" = WinFast Codec-TS SDK
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{2A9196F5-9B7C-EA83-6BC8-944BF707143D}" = ccc-utility
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{377C9E1B-28E9-40C3-836C-85F8E839D4E6}" = John Deere Drive Green
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3FB8A9AC-EC71-419D-BBA1-F3CED8D10926}_is1" = GTL Camaro SS 1.1
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}" = WinFast Multimedia Driver Installation
"{4420B59B-9FEC-8F4C-75A3-3FE927D8AEA1}" = Catalyst Control Center Graphics Full Existing
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{4A091FC6-6DFE-4CB0-BF45-D90AB2353226}" = Mod DTM v3.5
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{54D966AE-AEB7-7BC9-B09A-A7BB0EAC236C}" = ccc-core-static
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5E44C19D-3D1F-87F9-65D2-F87C6F66DF91}" = Catalyst Control Center Core Implementation
"{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6DF68292-863C-2943-813E-144E41DB1908}" = Catalyst Control Center Graphics Previews Vista
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737F8964-D019-5D45-5FF4-8924FE62F564}" = Catalyst Control Center Graphics Full New
"{74F5766E-2792-40C3-85F8-B04111F904B2}" = Windows Live Messenger
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE38C02-9CFD-78DC-B4F3-32168B004ACF}" = Catalyst Control Center Graphics Previews Common
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{8424EF22-44CF-4DD4-B702-FADA3998F4BA}" = StuffIt 11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9012041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A0E0340-C3D7-42D1-96D4-64179FD456AE}" = WinFast De-interlace SDK
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA668889-AA01-AA01-AADC-65462C3DE344}" = FreeFixer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF9848E2-5F19-4E49-9E6E-044FBDC28404}" = WinFast TT-SB SDK
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B944FA21-81AF-4A77-8328-CE4F4CC51051}" = Nero 8 Demo
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C7DE589B-59FB-1A37-33DA-DED08CA88DC4}" = Skins
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CEE5F860-7FAB-80D0-E7CF-022C18B95E25}" = ATI Catalyst Install Manager
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1" = GTR 2 1.0.0.0
"{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED958CA9-245B-474F-BD27-E10CAA10217B}" = Mod GT 70's
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F530581E-12FE-43B4-A28D-E5257AAD63E6}" = O&O Defrag Professional
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"{FAC09C92-93A7-38BC-BA47-8F20439C2781}" = Catalyst Control Center Graphics Light
"18 Wheels of Steel American Long Haul 1.00" = 18 Wheels of Steel American Long Haul 1.00
"18 Wheels of Steel Pedal to the Metal" = 18 Wheels of Steel Pedal to the Metal
"207_RCup" = 207_RCup Screen Saver
"3GP Player_is1" = 3GP Player 2008
"4x4 Evo2" = 4x4 Evo2
"7-Zip" = 7-Zip 4.64
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"AngelPotion Video Codec V1" = AngelPotion Video Codec V1
"AudioConSole" = Creative Audio Console
"Bink and Smacker" = Bink and Smacker
"CCleaner" = CCleaner
"Cfont Pro_is1" = Cfont Pro v3.1
"CodInstl" = Intel A/V Codecs V2.0
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.1.0
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule" = eMule
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"FLV Player" = FLV Player 2.0 (build 25)
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"GrabIt_is1" = GrabIt 1.7.2 Beta 3 (build 996)
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAZ-MAN 6x4 for PTTM" = MAZ-MAN 6x4 for PTTM
"MetaProducts Offline Explorer Enterprise" = MetaProducts Offline Explorer Enterprise
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mod Prototypes 1998-2008 SCC v2.41 for GTR2 - Cars" = Mod Prototypes 1998-2008 SCC v2.41 for GTR2 - Cars
"MPE" = MyPhoneExplorer
"MSI Live Update 3" = MSI Live Update 3
"NIBMISWGTCPGTR2_is1" = NIBMIS World GT Carpack for GTR2 v2.0.0.0
"Norisring for GTL 1.11_is1" = Norisring for GTL 1.11
"Norisring for GTR2_is1" = 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"OPEL Corsa OPC" = OPEL Corsa OPC Screen Saver
"OPEL OPC Range" = OPEL OPC Range Screen Saver
"OpenAL" = OpenAL
"Podvojné účtovníctvo od A do Z 38" = Podvojné účtovníctvo od A do Z 38
"r32_screensaver" = r32_screensaver
"RealAlt_is1" = Real Alternative 1.51
"RealPlayer 6.0" = RealPlayer
"Scania R164L Longline" = Scania R164L Longline
"SCANIA R580 Topline: faraon's Edition for PTTM" = SCANIA R580 Topline: faraon's Edition for PTTM
"Skype_is1" = Skype 3.0
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"TTDX Configurator" = TTDX Configurator
"TV JOJ Media Player" = TV JOJ Media Player
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WebZIP" = WebZIP
"Windows Media Recorder" = Windows Media Recorder
"WinWget_is1" = WinWget version 0.20 beta
"WTCC 2006_is1" = BMW E90 MOD v1.1 FINAL
"ZyGoVideo 2.0" = ZyGoVideo 2.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PCC06 by GRF" = PCC06 by GRF
"uTorrent" = µTorrent
"WSGT by RMT for GTR2" = WSGT by RMT for GTR2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24. 10. 2008 4:57:16 | Computer Name = EagleRacer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24. 10. 2008 4:57:32 | Computer Name = EagleRacer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24. 10. 2008 4:57:48 | Computer Name = EagleRacer | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24. 10. 2008 11:10:44 | Computer Name = EagleRacer | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16757, time stamp
0x48e4238e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x1178, application
start time 0x01c935eaa5b9a010.

Error - 25. 10. 2008 9:29:27 | Computer Name = EagleRacer | Source = Application Error | ID = 1000
Description = Faulting application flashget.exe, version 1.5.0.0, time stamp 0x40303fc1,
faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0xc0000005, fault offset 0x00061884, process id 0x1370, application start time
0x01c936a53890f194.

Error - 27. 10. 2008 11:39:49 | Computer Name = EagleRacer | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 11.0.0.372, time stamp
0x47324eac, faulting module rjbdll.dll, version 1.0.4.3038, time stamp 0x47325042,
exception code 0xc0000005, fault offset 0x0008a041, process id 0xcfc, application
start time 0x01c9384a360109db.

Error - 29. 10. 2008 15:33:23 | Computer Name = EagleRacer | Source = System Restore | ID = 8193
Description =

Error - 7. 11. 2008 17:28:56 | Computer Name = EagleRacer | Source = Application Error | ID = 1000
Description = Faulting application DevDetect.exe, version 3.1.40.0, time stamp 0x43aa1c4a,
faulting module kernel32.dll, version 6.0.6000.16386, time stamp 0x4549bd80, exception
code 0xc000008c, fault offset 0x0001b09e, process id 0xb90, application start time
0x01c940b508c1d856.

Error - 7. 11. 2008 17:47:07 | Computer Name = EagleRacer | Source = Application Error | ID = 1000
Description = Faulting application Application Launcher.exe, version 2.2.12.63,
time stamp 0x466921ca, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x059cd200, process id 0xbd4, application
start time 0x01c940b5093b7044.

Error - 7. 11. 2008 19:11:26 | Computer Name = EagleRacer | Source = Application Error | ID = 1000
Description = Faulting application Application Launcher.exe, version 2.2.12.63,
time stamp 0x466921ca, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x059cd200, process id 0xbe4, application
start time 0x01c9412e22694c89.

[ System Events ]
Error - 31. 5. 2010 14:59:50 | Computer Name = EagleRacer | Source = HTTP | ID = 15016
Description =

Error - 31. 5. 2010 15:10:06 | Computer Name = EagleRacer | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 31. 5. 2010 15:27:29 | Computer Name = EagleRacer | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 31. 5. 2010 15:27:29 | Computer Name = EagleRacer | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 31. 5. 2010 15:28:06 | Computer Name = EagleRacer | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 31. 5. 2010 15:28:08 | Computer Name = EagleRacer | Source = atikmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field

Error - 31. 5. 2010 15:28:09 | Computer Name = EagleRacer | Source = atikmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field

Error - 31. 5. 2010 15:28:11 | Computer Name = EagleRacer | Source = atikmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field

Error - 31. 5. 2010 15:28:18 | Computer Name = EagleRacer | Source = HTTP | ID = 15016
Description =

Error - 31. 5. 2010 15:30:30 | Computer Name = EagleRacer | Source = Service Control Manager | ID = 7034
Description =


< End of report >

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/Opravy do okénka vlož následující text, zobrazený zeleně:




Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Tu je obsah logu:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Starting removal of ActiveX control {00000075-9980-0010-8000-00AA00389B71}
C:\Windows\Downloaded Program Files\voxacm.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000075-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== FILES ==========
C:\WINDOWS\95FC26FB19FD4A96BBB1B1062E8648F5.TMP folder moved successfully.
C:\WINDOWS\System32\SET2CDE.tmp moved successfully.
C:\WINDOWS\System32\SET2D3F.tmp moved successfully.
C:\WINDOWS\System32\SET3727.tmp moved successfully.
C:\WINDOWS\System32\SET3758.tmp moved successfully.
C:\WINDOWS\System32\SET5B77.tmp moved successfully.
C:\WINDOWS\System32\SET5BE7.tmp moved successfully.
C:\WINDOWS\System32\SET8BFE.tmp moved successfully.
C:\WINDOWS\System32\SET8CA1.tmp moved successfully.
C:\WINDOWS\System32\SET8EE5.tmp moved successfully.
C:\WINDOWS\System32\SET9393.tmp moved successfully.
C:\WINDOWS\System32\SETB864.tmp moved successfully.
C:\WINDOWS\System32\SETBA6B.tmp moved successfully.
C:\WINDOWS\System32\SETBB07.tmp moved successfully.
C:\WINDOWS\System32\SETBB68.tmp moved successfully.
C:\WINDOWS\System32\SETBCDE.tmp moved successfully.
C:\WINDOWS\System32\SETC0C3.tmp moved successfully.
C:\WINDOWS\System32\SETE1DB.tmp moved successfully.
C:\WINDOWS\System32\SETE26B.tmp moved successfully.
C:\WINDOWS\System32\SETEB07.tmp moved successfully.
C:\WINDOWS\System32\SETEB58.tmp moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\Users\Radoslav Šabík\Documents\~WRL0297.tmp moved successfully.
C:\Users\Radoslav Šabík\Documents\~WRL1491.tmp moved successfully.
C:\Users\Radoslav Šabík\Documents\~WRL1594.tmp moved successfully.
C:\Users\Radoslav Šabík\Documents\~WRL2433.tmp moved successfully.
C:\Users\Radoslav Šabík\Documents\~WRL2782.tmp moved successfully.
C:\Users\Radoslav Šabík\Documents\~WRL3021.tmp moved successfully.
C:\Users\Radoslav Šabík\Documents\~WRL3264.tmp moved successfully.
File\Folder C:\Recycler not found.
C:\$RECYCLE.BIN\S-1-5-21-4136404604-2960614731-549300400-1000 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
C:\Windows\tasks\SA.DAT moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Radoslav Šabík
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1239986 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1928731 bytes

User: Radoslav �ab�k
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Radoslav Šabík
->Flash cache emptied: 0 bytes

User: Radoslav �ab�k

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.5.2 log created on 05312010_221711

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Měl by si to mít v pořádku.

Smaž složku C:\_OTL a vysypej Koš.

Stáhni si ToolsCleaner2 (by de A.Rothstein & Dj Quiou) na Plochu a spusť ho.

Klikni na Pt. Restauration (obnova) a poté na OK.
Klikni na Corbeille (koš) a poté na OK.
Klikni na Fichiers temp (temp složky) a poté na OK.
Klikni na Recherche (hledání) a nech Cleaner pracovat. Může se během čištění zastavit , ale nech ho pokračovat.
Když program skončí , klikni na Suppression (odstranění) a odstraň nalezené.
Zavři a smaž program.

Kdyby se něco zase objevilo, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.

Ďakujem za rýchlu pomoc a prajem príjemný deň.