Prosim o kontrolu. Vyřešeno

[HAFcool]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:27:26, on 14.9.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
I:\AVAST\AvastUI.exe
I:\STEAM\Steam.exe
I:\HIJACKTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - I:\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [BCSSync] "I:\MICROSOFT OFFICE 010\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [GrooveMonitor] I:\MICROS~1\Office14\GROOVEMN.EXE
O4 - HKLM\..\Run: [iLDkMnpBF] C:\Windows\system\SocUD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\ITUNES\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] I:\AVAST\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\MICROSOFT OFFICE 010\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [GameTracker] I:\GAMETRACKE\GameTracker\GTLite.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IpSharkk] "C:\Program Files (x86)\IpSharkk\IpSharkk.exe" /auto
O4 - HKCU\..\Run: [Vidalia] "I:\IPSHARK\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Steam] "i:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\HAF\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: OfficeSAS.lnk = ?
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files (x86)\EDIMAX\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote - res://I:\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIE.dll
O9 - Extra button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - I:\ICQ\ICQ7.0\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - I:\ICQ\ICQ7.0\ICQ.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - I:\AVAST\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - I:\AVAST\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - I:\AVAST\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - I:\NERO\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Office Software Protection Platform (osppsvc) - Unknown owner - C:\Windows\system32\OSPPSVC.EXE (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10907 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\ITUNES\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\MICROSOFT OFFICE 010\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - I:\ICQ\ICQ7.0\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - I:\ICQ\ICQ7.0\ICQ.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\system\SocUD.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[HAFcool]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4612

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.9.2010 9:37:20
mbam-log-2010-09-14 (09-37-20).txt

Typ skenu: Rychlý sken
Skenované objekty: 140969
Uplynulý čas: 4 minuta(y), 24 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\Software\apocalyps32 (Trojan.Horse) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

To co jsem mel otestovat sem v PC nenasel.Uz sem to tu resil,ten .exe se mi spoustel pri startu Windows a podarilo se mi ho vymazat.Takze uz ho v PC nemam,nebo o nem nevim.

[jaro3]

oK..

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

+
Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole můzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat
+

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

[HAFcool]

OTL-davam to na nekolik casti.¨
OTL logfile created on: 14.9.2010 10:40:14 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = I:\DOWNLOAD CHROM
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 199,43 Gb Free Space | 66,90% Space Free | Partition Type: NTFS
Drive D: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931,51 Gb Total Space | 675,94 Gb Free Space | 72,56% Space Free | Partition Type: NTFS
Drive J: | 6,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HAF-PC
Current User Name: HAF
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.14 10:39:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- I:\DOWNLOAD CHROM\OTL.exe
PRC - [2010.09.04 16:29:30 | 001,242,448 | ---- | M] (Valve Corporation) -- I:\STEAM\Steam.exe
PRC - [2010.09.03 02:58:56 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Users\HAF\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.08.07 21:12:00 | 006,975,488 | ---- | M] () -- I:\ZSZC Sillk\SRO_Client.exe
PRC - [2010.06.28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- I:\AVAST\AvastUI.exe
PRC - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- I:\AVAST\AvastSvc.exe
PRC - [2010.05.01 01:37:12 | 001,056,256 | ---- | M] (SRO-DB.de Productions) -- I:\ZSZC Sillk\DB-bot for ZSZC\db Bot.exe
PRC - [2010.03.10 00:12:46 | 000,409,600 | ---- | M] (Recyfer Inc.) -- I:\ZSZC Sillk\DB-bot for ZSZC\SrProxy.exe
PRC - [2009.12.08 12:46:32 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.12.04 19:49:08 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.08 17:22:58 | 000,345,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009.04.08 17:22:58 | 000,122,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2008.01.22 12:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.22 12:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.07.18 01:32:55 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
PRC - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (SafeList) ==========

MOD - [2010.09.14 10:39:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- I:\DOWNLOAD CHROM\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.04.08 16:37:02 | 004,593,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- I:\AVAST\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- I:\AVAST\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- I:\AVAST\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.12.08 12:46:32 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.04 19:49:08 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.07.16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.04.25 19:18:48 | 033,480,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\MICROSOFT OFFICE 010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2010.06.28 22:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.01.22 15:00:27 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009.11.24 20:24:26 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.25 22:34:29 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.08.28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.08.06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.08.05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.02 11:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008.05.02 11:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008.05.02 11:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV - [2009.02.10 18:23:10 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- I:\ULTRAISO\UltraISO\drivers\ISODrv64.sys -- (ISODrive)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/skins/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=skin&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.11.18 16:18:34 | 000,000,000 | ---D | M]

[2009.11.18 16:19:52 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\Mozilla\Extensions
[2009.11.11 21:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HAF\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.01.04 21:25:10 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\extensions
[2009.11.18 16:19:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.16 01:22:29 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.01.03 20:13:21 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.11.20 22:25:56 | 000,002,059 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\searchplugins\daemon-search.xml
[2010.01.04 21:35:05 | 000,000,955 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\searchplugins\icqplugin.xml
[2010.01.03 20:13:19 | 000,003,915 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\searchplugins\sweetim.xml

O1 HOSTS File: ([2010.09.14 09:29:51 | 000,000,734 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\MICROSOFT OFFICE 010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Pomocník pro přihlášení ke službě Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - I:\MICROSOFT OFFICE 010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [avast5] I:\AVAST\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] I:\MICROSOFT OFFICE 010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] I:\MICROSOFT OFFICE 010\Office14\GROOVEMN.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iLDkMnpBF] C:\Windows\system\SocUD.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [GameTracker] I:\GAMETRACKE\GameTracker\GTLite.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Users\HAF\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [IpSharkk] C:\Program Files (x86)\IpSharkk\IpSharkk.exe File not found
O4 - HKCU..\Run: [Steam] i:\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Vidalia] I:\IPSHARK\Vidalia Bundle\Vidalia\vidalia.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - I:\MICROSOFT OFFICE 010\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: S&end to OneNote - I:\MICROSOFT OFFICE 010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - I:\MICROSOFT OFFICE 010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: S&end to OneNote - I:\MICROSOFT OFFICE 010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing

[HAFcool]

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\HAF\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\HAF\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - I:\MICROSOFT OFFICE 010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.01 13:21:49 | 001,418,544 | R--- | M] (Codemasters Software Co.) - J:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.02.26 15:51:29 | 000,000,067 | R--- | M] () - J:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.09.14 10:14:04 | 000,000,000 | ---D | C] -- C:\Users\HAF\DoctorWeb
[2010.09.14 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\HAF\AppData\Roaming\Malwarebytes
[2010.09.14 09:32:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.09.14 09:32:15 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.14 09:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.09.14 09:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.09 20:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.09.09 20:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.09.06 15:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.09.05 03:02:28 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.09.05 03:02:28 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.09.05 03:02:28 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.09.05 03:02:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.09.05 03:02:28 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.09.05 03:02:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.09.05 03:02:28 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.09.05 03:02:28 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.09.05 01:29:01 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010.09.05 01:29:01 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010.09.05 01:29:01 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010.09.05 01:29:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010.09.05 01:29:01 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010.09.05 01:29:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010.09.05 01:29:00 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010.09.05 01:29:00 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010.09.05 01:29:00 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010.09.05 01:29:00 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010.09.05 01:29:00 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010.09.05 01:29:00 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010.09.05 01:29:00 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.09.05 01:29:00 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.09.05 01:29:00 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010.09.05 01:29:00 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010.09.05 01:29:00 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010.09.05 01:29:00 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010.09.05 01:29:00 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.09.05 01:29:00 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.09.05 01:29:00 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.09.05 01:29:00 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.09.05 01:29:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.09.05 01:29:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.09.04 16:28:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.09.04 16:24:38 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.09.04 16:24:37 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.09.04 16:24:36 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.09.04 16:24:33 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.09.04 16:24:32 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.09.04 16:23:51 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.09.04 16:23:51 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010.09.04 16:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.09.04 15:59:28 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.09.04 15:59:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.09.04 15:59:10 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.09.04 15:59:10 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.09.04 15:59:10 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.09.04 15:59:06 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.09.04 15:59:05 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.09.04 15:59:05 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.09.04 15:59:05 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.09.04 15:59:05 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.09.04 15:59:05 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.09.04 15:59:05 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.09.04 15:59:05 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.09.04 15:59:05 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.09.04 15:59:05 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.09.04 15:59:05 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.09.04 15:59:05 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.09.04 15:59:05 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.09.04 15:59:05 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.09.04 15:59:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.09.04 15:59:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.09.04 15:58:51 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.09.04 15:58:50 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.09.04 15:58:50 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.09.04 15:58:44 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.09.04 15:58:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.09.04 15:58:44 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.09.04 15:58:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.09.04 15:58:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.09.04 15:58:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.09.04 15:58:42 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.09.04 15:58:42 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.09.04 15:58:42 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.09.04 15:58:41 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.09.04 15:58:41 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.09.04 15:58:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.09.04 15:58:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.09.04 15:58:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.09.04 15:58:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.09.04 15:58:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.09.04 15:58:23 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.09.04 15:58:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.09.04 15:58:12 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.09.04 15:58:12 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.09.04 15:58:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.09.04 15:58:11 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.09.04 15:58:11 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.09.04 15:58:11 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.09.04 15:58:11 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.09.04 15:58:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.09.04 15:58:11 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.09.04 15:58:10 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.09.04 15:58:10 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.09.04 15:58:09 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.09.04 15:58:09 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.09.04 15:58:06 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.09.04 15:58:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.09.04 15:58:02 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.09.04 15:58:01 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.09.04 15:58:01 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.09.04 15:58:01 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.09.04 15:58:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.09.04 15:55:27 | 000,000,000 | ---D | C] -- C:\Users\HAF\Documents\Downloads
[2010.09.04 15:48:09 | 000,000,000 | ---D | C] -- C:\Windows\{0D59735E-1DA7-4E6D-B1CC-44A4F59FD0FD}
[2010.09.04 15:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2010.09.04 15:23:49 | 000,000,000 | ---D | C] -- C:\Windows\{87148734-424B-4DD9-89B9-1413C2840D29}
[2010.09.04 12:52:32 | 000,000,000 | ---D | C] -- C:\Users\HAF\AppData\Roaming\InstallShield
[2010.09.03 21:28:24 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.09.03 21:28:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010.09.03 21:28:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010.09.03 20:23:07 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.09.03 20:23:07 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.09.03 20:22:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.09.03 20:22:39 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.01.22 15:00:27 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\HAF\AppData\Roaming\pcouffin.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.14 10:40:31 | 006,553,600 | -HS- | M] () -- C:\Users\HAF\NTUSER.DAT
[2010.09.14 10:38:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.14 10:04:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796291009-1635198926-3344980590-1000UA.job
[2010.09.14 09:46:56 | 000,233,960 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.09.14 09:46:56 | 000,233,960 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.09.14 09:29:51 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.09.13 20:38:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.13 19:04:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796291009-1635198926-3344980590-1000Core.job
[2010.09.13 13:42:34 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.13 13:42:34 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.13 11:38:37 | 001,480,974 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.13 11:38:37 | 000,634,020 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.09.13 11:38:37 | 000,618,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.13 11:38:37 | 000,124,400 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.09.13 11:38:37 | 000,108,240 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.13 11:31:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.13 11:31:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.13 11:31:12 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.13 00:10:19 | 002,922,673 | -H-- | M] () -- C:\Users\HAF\AppData\Local\IconCache.db
[2010.09.05 12:45:50 | 000,416,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.09.04 16:24:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.09.04 12:52:43 | 000,001,990 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
[2010.09.03 22:49:24 | 000,017,534 | ---- | M] () -- C:\Windows\SysWow64\mdc8021x.vxd
[2010.09.03 22:49:24 | 000,001,726 | ---- | M] () -- C:\Windows\ndinst.exe
[2010.09.03 20:14:37 | 000,099,384 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\inst.exe
[2010.09.03 20:14:37 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\HAF\AppData\Roaming\pcouffin.sys
[2010.09.03 20:14:37 | 000,007,859 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\pcouffin.cat
[2010.09.03 20:14:37 | 000,001,167 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\pcouffin.inf
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.09 18:54:00 | 000,000,954 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796291009-1635198926-3344980590-1000UA.job
[2010.09.09 18:53:59 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796291009-1635198926-3344980590-1000Core.job
[2010.09.07 15:45:07 | 000,348,510 | ---- | C] () -- C:\Users\HAF\Desktop\MainUnit.pas
[2010.09.07 15:45:07 | 000,224,408 | ---- | C] () -- C:\Users\HAF\Desktop\OpenSave.pas
[2010.09.07 15:45:07 | 000,132,338 | ---- | C] () -- C:\Users\HAF\Desktop\memscan.pas
[2010.09.07 15:45:07 | 000,118,914 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryBrowserFormUnit.pas
[2010.09.07 15:45:07 | 000,104,891 | ---- | C] () -- C:\Users\HAF\Desktop\MainUnit.dfm
[2010.09.07 15:45:07 | 000,079,478 | ---- | C] () -- C:\Users\HAF\Desktop\style3def.bmp
[2010.09.07 15:45:07 | 000,077,108 | ---- | C] () -- C:\Users\HAF\Desktop\Structuresfrm.pas
[2010.09.07 15:45:07 | 000,067,646 | ---- | C] () -- C:\Users\HAF\Desktop\icon3.ico
[2010.09.07 15:45:07 | 000,053,815 | ---- | C] () -- C:\Users\HAF\Desktop\pointerscannerfrm.pas
[2010.09.07 15:45:07 | 000,048,409 | ---- | C] () -- C:\Users\HAF\Desktop\plugin.pas
[2010.09.07 15:45:07 | 000,046,282 | ---- | C] () -- C:\Users\HAF\Desktop\psvCPlusPlus.pas
[2010.09.07 15:45:07 | 000,039,137 | ---- | C] () -- C:\Users\HAF\Desktop\symbolhandler.pas
[2010.09.07 15:45:07 | 000,038,963 | ---- | C] () -- C:\Users\HAF\Desktop\KernelDebugger.pas
[2010.09.07 15:45:07 | 000,036,253 | ---- | C] () -- C:\Users\HAF\Desktop\PEInfounit.pas
[2010.09.07 15:45:07 | 000,034,925 | ---- | C] () -- C:\Users\HAF\Desktop\NewKernelHandler.pas
[2010.09.07 15:45:07 | 000,034,227 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignControlsUnit.dfm
[2010.09.07 15:45:07 | 000,031,918 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryBrowserFormUnit.dfm
[2010.09.07 15:45:07 | 000,028,269 | ---- | C] () -- C:\Users\HAF\Desktop\MainUnit2.pas
[2010.09.07 15:45:07 | 000,025,393 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignUnit.pas
[2010.09.07 15:45:07 | 000,023,313 | ---- | C] () -- C:\Users\HAF\Desktop\psvAutoAssembler.pas
[2010.09.07 15:45:07 | 000,020,755 | ---- | C] () -- C:\Users\HAF\Desktop\pointervaluelist.pas
[2010.09.07 15:45:07 | 000,020,439 | ---- | C] () -- C:\Users\HAF\Desktop\RichEditHighlight.pas
[2010.09.07 15:45:07 | 000,015,679 | ---- | C] () -- C:\Users\HAF\Desktop\pluginexports.pas
[2010.09.07 15:45:07 | 000,015,112 | ---- | C] () -- C:\Users\HAF\Desktop\ProcessWindowUnit.pas
[2010.09.07 15:45:07 | 000,014,000 | ---- | C] () -- C:\Users\HAF\Desktop\unrandomizer.pas
[2010.09.07 15:45:07 | 000,012,576 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignObjectViewUnit.pas
[2010.09.07 15:45:07 | 000,012,492 | ---- | C] () -- C:\Users\HAF\Desktop\x.dfm
[2010.09.07 15:45:07 | 000,012,029 | ---- | C] () -- C:\Users\HAF\Desktop\rescanhelper.pas
[2010.09.07 15:45:07 | 000,011,781 | ---- | C] () -- C:\Users\HAF\Desktop\ManualModuleLoader.pas
[2010.09.07 15:45:07 | 000,011,213 | ---- | C] () -- C:\Users\HAF\Desktop\HotKeys.pas
[2010.09.07 15:45:07 | 000,010,878 | ---- | C] () -- C:\Users\HAF\Desktop\Valuechange.pas
[2010.09.07 15:45:07 | 000,010,142 | ---- | C] () -- C:\Users\HAF\Desktop\Standalonetype3a.bmp
[2010.09.07 15:45:07 | 000,009,372 | ---- | C] () -- C:\Users\HAF\Desktop\ServiceDescriptorTables.pas
[2010.09.07 15:45:07 | 000,009,270 | ---- | C] () -- C:\Users\HAF\Desktop\LOGO3.BMP
[2010.09.07 15:45:07 | 000,009,142 | ---- | C] () -- C:\Users\HAF\Desktop\PointerscannerSettingsFrm.pas
[2010.09.07 15:45:07 | 000,008,579 | ---- | C] () -- C:\Users\HAF\Desktop\underc.pas
[2010.09.07 15:45:07 | 000,008,560 | ---- | C] () -- C:\Users\HAF\Desktop\VirtualMemory.pas
[2010.09.07 15:45:07 | 000,008,322 | ---- | C] () -- C:\Users\HAF\Desktop\logo2.bmp
[2010.09.07 15:45:07 | 000,007,840 | ---- | C] () -- C:\Users\HAF\Desktop\hotkeyhandler.pas
[2010.09.07 15:45:07 | 000,007,546 | ---- | C] () -- C:\Users\HAF\Desktop\PointerscannerSettingsFrm.dfm
[2010.09.07 15:45:07 | 000,007,182 | ---- | C] () -- C:\Users\HAF\Desktop\PointerscanresultReader.pas
[2010.09.07 15:45:07 | 000,007,075 | ---- | C] () -- C:\Users\HAF\Desktop\PEInfoFunctions.pas
[2010.09.07 15:45:07 | 000,006,844 | ---- | C] () -- C:\Users\HAF\Desktop\Structuresfrm.dfm
[2010.09.07 15:45:07 | 000,006,827 | ---- | C] () -- C:\Users\HAF\Desktop\psvRichSyntax.pas
[2010.09.07 15:45:07 | 000,006,556 | ---- | C] () -- C:\Users\HAF\Desktop\ValueFinder.pas
[2010.09.07 15:45:07 | 000,006,044 | ---- | C] () -- C:\Users\HAF\Desktop\savedisassemblyfrm.pas
[2010.09.07 15:45:07 | 000,005,673 | ---- | C] () -- C:\Users\HAF\Desktop\PEInfounit.dfm
[2010.09.07 15:45:07 | 000,005,254 | ---- | C] () -- C:\Users\HAF\Desktop\hypermode.pas
[2010.09.07 15:45:07 | 000,005,091 | ---- | C] () -- C:\Users\HAF\Desktop\pointerscannerfrm.dfm
[2010.09.07 15:45:07 | 000,004,662 | ---- | C] () -- C:\Users\HAF\Desktop\LockedString.bmp
[2010.09.07 15:45:07 | 000,004,594 | ---- | C] () -- C:\Users\HAF\Desktop\stacktrace2.pas
[2010.09.07 15:45:07 | 000,004,529 | ---- | C] () -- C:\Users\HAF\Desktop\TypePopup.dfm
[2010.09.07 15:45:07 | 000,004,342 | ---- | C] () -- C:\Users\HAF\Desktop\test.bmp
[2010.09.07 15:45:07 | 000,003,902 | ---- | C] () -- C:\Users\HAF\Desktop\inputboxtopunit.pas
[2010.09.07 15:45:07 | 000,003,890 | ---- | C] () -- C:\Users\HAF\Desktop\TypePopup.pas
[2010.09.07 15:45:07 | 000,003,886 | ---- | C] () -- C:\Users\HAF\Desktop\logo.bmp
[2010.09.07 15:45:07 | 000,003,840 | ---- | C] () -- C:\Users\HAF\Desktop\ProcessWindowUnit.dfm
[2010.09.07 15:45:07 | 000,003,675 | ---- | C] () -- C:\Users\HAF\Desktop\reinit.pas
[2010.09.07 15:45:07 | 000,003,638 | ---- | C] () -- C:\Users\HAF\Desktop\UnLockedString.bmp
[2010.09.07 15:45:07 | 000,003,549 | ---- | C] () -- C:\Users\HAF\Desktop\speedhack2.pas
[2010.09.07 15:45:07 | 000,003,510 | ---- | C] () -- C:\Users\HAF\Desktop\TextureString.bmp
[2010.09.07 15:45:07 | 000,003,276 | ---- | C] () -- C:\Users\HAF\Desktop\windows7taskbar.pas
[2010.09.07 15:45:07 | 000,003,171 | ---- | C] () -- C:\Users\HAF\Desktop\ThreadlistExFRM.pas
[2010.09.07 15:45:07 | 000,003,166 | ---- | C] () -- C:\Users\HAF\Desktop\symbolconfigunit.pas
[2010.09.07 15:45:07 | 000,002,743 | ---- | C] () -- C:\Users\HAF\Desktop\SaveFirstScan.pas
[2010.09.07 15:45:07 | 000,002,428 | ---- | C] () -- C:\Users\HAF\Desktop\symbolconfigunit.dfm
[2010.09.07 15:45:07 | 000,002,294 | ---- | C] () -- C:\Users\HAF\Desktop\ServiceDescriptorTables.dfm
[2010.09.07 15:45:07 | 000,002,047 | ---- | C] () -- C:\Users\HAF\Desktop\standaloneunit.dfm
[2010.09.07 15:45:07 | 000,001,997 | ---- | C] () -- C:\Users\HAF\Desktop\savedisassemblyfrm.dfm
[2010.09.07 15:45:07 | 000,001,995 | ---- | C] () -- C:\Users\HAF\Desktop\StructuresAddElementfrm.dfm
[2010.09.07 15:45:07 | 000,001,907 | ---- | C] () -- C:\Users\HAF\Desktop\PasteTableentryFRM.dfm
[2010.09.07 15:45:07 | 000,001,850 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignObjectViewUnit.dfm
[2010.09.07 15:45:07 | 000,001,846 | ---- | C] () -- C:\Users\HAF\Desktop\ModuleSafetyUnit.dfm
[2010.09.07 15:45:07 | 000,001,835 | ---- | C] () -- C:\Users\HAF\Desktop\HotKeys.dfm
[2010.09.07 15:45:07 | 000,001,697 | ---- | C] () -- C:\Users\HAF\Desktop\standaloneunit.pas
[2010.09.07 15:45:07 | 000,001,603 | ---- | C] () -- C:\Users\HAF\Desktop\Valuechange.dfm
[2010.09.07 15:45:07 | 000,001,584 | ---- | C] () -- C:\Users\HAF\Desktop\injectedpointerscanunit.pas
[2010.09.07 15:45:07 | 000,001,470 | ---- | C] () -- C:\Users\HAF\Desktop\tlgUnit.pas
[2010.09.07 15:45:07 | 000,001,409 | ---- | C] () -- C:\Users\HAF\Desktop\tlgUnit.dfm
[2010.09.07 15:45:07 | 000,001,404 | ---- | C] () -- C:\Users\HAF\Desktop\StructuresAddElementfrm.pas
[2010.09.07 15:45:07 | 000,001,354 | ---- | C] () -- C:\Users\HAF\Desktop\htmlHelp.pas
[2010.09.07 15:45:07 | 000,001,350 | ---- | C] () -- C:\Users\HAF\Desktop\process.bmp
[2010.09.07 15:45:07 | 000,001,128 | ---- | C] () -- C:\Users\HAF\Desktop\ModuleSafetyUnit.pas
[2010.09.07 15:45:07 | 000,001,121 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignControlsUnit.pas
[2010.09.07 15:45:07 | 000,001,111 | ---- | C] () -- C:\Users\HAF\Desktop\inputboxtopunit.dfm
[2010.09.07 15:45:07 | 000,001,041 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignUnit.dfm
[2010.09.07 15:45:07 | 000,001,002 | ---- | C] () -- C:\Users\HAF\Desktop\InjectedpointerscanornotFRM.dfm
[2010.09.07 15:45:07 | 000,000,893 | ---- | C] () -- C:\Users\HAF\Desktop\ThreadlistExFRM.dfm
[2010.09.07 15:45:07 | 000,000,888 | ---- | C] () -- C:\Users\HAF\Desktop\manifest.res
[2010.09.07 15:45:07 | 000,000,766 | ---- | C] () -- C:\Users\HAF\Desktop\possibletrainericon.ico
[2010.09.07 15:45:07 | 000,000,766 | ---- | C] () -- C:\Users\HAF\Desktop\icon2.ico
[2010.09.07 15:45:07 | 000,000,737 | ---- | C] () -- C:\Users\HAF\Desktop\simpleaobscanner.pas
[2010.09.07 15:45:07 | 000,000,726 | ---- | C] () -- C:\Users\HAF\Desktop\open.bmp
[2010.09.07 15:45:07 | 000,000,714 | ---- | C] () -- C:\Users\HAF\Desktop\save.bmp
[2010.09.07 15:45:07 | 000,000,709 | ---- | C] () -- C:\Users\HAF\Desktop\SyncObjs2.pas
[2010.09.07 15:45:07 | 000,000,603 | ---- | C] () -- C:\Users\HAF\Desktop\PasteTableentryFRM.pas
[2010.09.07 15:45:07 | 000,000,550 | ---- | C] () -- C:\Users\HAF\Desktop\standaloneexample.pas
[2010.09.07 15:45:07 | 000,000,478 | ---- | C] () -- C:\Users\HAF\Desktop\ProcessHandlerUnit.pas
[2010.09.07 15:45:07 | 000,000,475 | ---- | C] () -- C:\Users\HAF\Desktop\InjectedpointerscanornotFRM.pas
[2010.09.07 15:45:07 | 000,000,415 | ---- | C] () -- C:\Users\HAF\Desktop\LayoutUnit.dfm
[2010.09.07 15:45:07 | 000,000,393 | ---- | C] () -- C:\Users\HAF\Desktop\standaloneexample.dfm
[2010.09.07 15:45:07 | 000,000,388 | ---- | C] () -- C:\Users\HAF\Desktop\toolbarunit.dfm
[2010.09.07 15:45:07 | 000,000,374 | ---- | C] () -- C:\Users\HAF\Desktop\pause.bmp
[2010.09.07 15:45:07 | 000,000,370 | ---- | C] () -- C:\Users\HAF\Desktop\LayoutUnit.pas
[2010.09.07 15:45:07 | 000,000,365 | ---- | C] () -- C:\Users\HAF\Desktop\MenuItemExtra.pas
[2010.09.07 15:45:07 | 000,000,356 | ---- | C] () -- C:\Users\HAF\Desktop\pnlmemorybrowser2unit.pas
[2010.09.07 15:45:07 | 000,000,351 | ---- | C] () -- C:\Users\HAF\Desktop\Unit2.dfm
[2010.09.07 15:45:07 | 000,000,341 | ---- | C] () -- C:\Users\HAF\Desktop\toolbarunit.pas
[2010.09.07 15:45:07 | 000,000,334 | ---- | C] () -- C:\Users\HAF\Desktop\setgroupunit.dfm
[2010.09.07 15:45:07 | 000,000,333 | ---- | C] () -- C:\Users\HAF\Desktop\Unit2.pas
[2010.09.07 15:45:07 | 000,000,326 | ---- | C] () -- C:\Users\HAF\Desktop\setgroupunit.pas
[2010.09.07 15:45:07 | 000,000,308 | ---- | C] () -- C:\Users\HAF\Desktop\pnlmemorybrowser2unit.dfm
[2010.09.07 15:45:07 | 000,000,228 | ---- | C] () -- C:\Users\HAF\Desktop\trainer.rc
[2010.09.07 15:45:07 | 000,000,190 | ---- | C] () -- C:\Users\HAF\Desktop\targettexture.bmp
[2010.09.07 15:45:07 | 000,000,190 | ---- | C] () -- C:\Users\HAF\Desktop\movementtexture.bmp
[2010.09.07 15:45:07 | 000,000,190 | ---- | C] () -- C:\Users\HAF\Desktop\Locktexture.bmp
[2010.09.07 15:45:07 | 000,000,138 | ---- | C] () -- C:\Users\HAF\Desktop\selection.bmp
[2010.09.07 15:45:07 | 000,000,073 | ---- | C] () -- C:\Users\HAF\Desktop\OpenGLHook.pas
[2010.09.07 15:45:07 | 000,000,056 | ---- | C] () -- C:\Users\HAF\Desktop\unit1.pas
[2010.09.07 15:45:06 | 000,115,712 | ---- | C] () -- C:\Users\HAF\Desktop\Cheat Engine.FTS
[2010.09.07 15:45:06 | 000,068,612 | ---- | C] () -- C:\Users\HAF\Desktop\CheatEngine.res
[2010.09.07 15:45:06 | 000,059,992 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.drc
[2010.09.07 15:45:06 | 000,051,153 | ---- | C] () -- C:\Users\HAF\Desktop\CHEAT ENGINE.HLP
[2010.09.07 15:45:06 | 000,012,896 | ---- | C] () -- C:\Users\HAF\Desktop\Cheat Engine.GID
[2010.09.07 15:45:06 | 000,010,210 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.dpr
[2010.09.07 15:45:06 | 000,005,812 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.dof
[2010.09.07 15:45:06 | 000,002,900 | ---- | C] () -- C:\Users\HAF\Desktop\Changeoffsetunit.pas
[2010.09.07 15:45:06 | 000,001,856 | ---- | C] () -- C:\Users\HAF\Desktop\Cheat Engine.cnt
[2010.09.07 15:45:06 | 000,001,530 | ---- | C] () -- C:\Users\HAF\Desktop\Changeoffsetunit.dfm
[2010.09.07 15:45:06 | 000,001,110 | ---- | C] () -- C:\Users\HAF\Desktop\ChangeTimers.dfm
[2010.09.07 15:45:06 | 000,001,063 | ---- | C] () -- C:\Users\HAF\Desktop\ChangeTimers.pas
[2010.09.07 15:45:06 | 000,000,950 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.cfg
[2010.09.07 15:45:06 | 000,000,934 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.bpg
[2010.09.07 15:45:06 | 000,000,865 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.rtf
[2010.09.07 15:45:06 | 000,000,355 | ---- | C] () -- C:\Users\HAF\Desktop\ChangeValuefrm.dfm
[2010.09.07 15:45:06 | 000,000,346 | ---- | C] () -- C:\Users\HAF\Desktop\ChangeValuefrm.pas
[2010.09.07 15:45:06 | 000,000,086 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.mps
[2010.09.07 15:45:06 | 000,000,074 | ---- | C] () -- C:\Users\HAF\Desktop\CheatEngine.todo
[2010.09.04 12:52:43 | 000,001,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
[2010.09.03 22:48:40 | 000,017,534 | ---- | C] () -- C:\Windows\SysWow64\mdc8021x.vxd
[2010.09.03 22:48:40 | 000,001,726 | ---- | C] () -- C:\Windows\ndinst.exe
[2010.01.23 13:22:01 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.01.22 19:17:10 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.01.22 17:14:42 | 000,003,584 | ---- | C] () -- C:\Users\HAF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.22 15:00:57 | 000,000,033 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\pcouffin.log
[2010.01.22 15:00:27 | 000,099,384 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\inst.exe
[2010.01.22 15:00:27 | 000,007,859 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\pcouffin.cat
[2010.01.22 15:00:27 | 000,001,167 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\pcouffin.inf
[2010.01.04 19:09:08 | 000,000,091 | ---- | C] () -- C:\Users\HAF\AppData\Local\fusioncache.dat
[2009.12.17 15:45:16 | 001,668,632 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\farm.bmp
[2009.12.17 15:42:33 | 000,000,660 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\settings.dat
[2009.12.09 22:41:22 | 001,504,256 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.04 19:33:12 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.12.04 19:33:12 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.10.29 19:25:27 | 000,000,252 | ---- | C] () -- C:\Windows\game.ini
[2009.10.25 22:34:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009.10.25 22:34:47 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009.10.25 22:34:42 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009.10.25 22:34:42 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010.01.23 03:09:26 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\Apowersoft
[2010.01.23 13:54:48 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\Broad Intelligence
[2009.11.18 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\DAEMON Tools Lite
[2009.11.21 17:23:42 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\GetRightToGo
[2010.09.08 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\ICQ
[2010.01.22 17:29:27 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\Leawo
[2010.01.22 15:12:16 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\TeamViewer
[2010.09.03 20:14:37 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\Vso
[2009.07.14 07:08:49 | 000,030,332 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:63DAEC83
< End of report >

[HAFcool]

EXTRAS -

OTL Extras logfile created on: 14.9.2010 10:40:14 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = I:\DOWNLOAD CHROM
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 199,43 Gb Free Space | 66,90% Space Free | Partition Type: NTFS
Drive D: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931,51 Gb Total Space | 675,94 Gb Free Space | 72,56% Space Free | Partition Type: NTFS
Drive J: | 6,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HAF-PC
Current User Name: HAF
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "I:\MICROSOFT OFFICE 010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "I:\MICROSOFT OFFICE 010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "I:\VLC PLAYER\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "I:\VLC PLAYER\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "I:\MICROSOFT OFFICE 010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "I:\MICROSOFT OFFICE 010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "I:\VLC PLAYER\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "I:\VLC PLAYER\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 14
"{10140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 14
"{10140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 14
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{A6A6319B-4AD7-4699-BB7E-2E0515E5B04E}" = Windows Live Zabezpečení rodiny
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{068B46A0-8858-4CEB-80BC-A4AE787A05FC}" = Windows Live Sync
"{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14
"{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14
"{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14
"{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14
"{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14
"{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14
"{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14
"{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14
"{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14
"{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14
"{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14
"{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14
"{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14
"{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14
"{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14
"{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14
"{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14
"{10140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1D097338-B4FA-4F29-9C43-8D7A970A007E}" = Windows Live Fotogalerie
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{3E62B27C-342F-4B44-9331-CA4BC59A586F}" = Asistent pro přihlášení ke službě Windows Live
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{479A749B-1684-4881-8266-BF8DD22251E7}" = Windows Live Writer
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E257F26-57FA-4BC9-AE3B-D50AF937DA7F}" = Windows Live Toolbar
"{71E40B32-5173-4538-8996-5822DD18E8D4}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{98EFD8F0-08DE-48DB-B922-A2EBAB711029}" = Nero 7 Ultra Edition
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3 - Czech
"{B0490CEE-D5ED-431A-88EB-772D9DB70C0C}" = Windows Live Movie Maker
"{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C13E90B0-4E1C-11DB-6784-0152EAA218BE}" = Call of Duty(R) 2 Patch 1.3
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}" = Windows Live Essentials
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5A10EF8-DBF3-4251-A9CA-423311DBBFC8}" = Windows Live Mail
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Edimax Wireless LAN
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"123 DVD Clone_is1" = 123 DVD Clone
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"GameParkClient_is1" = GamePark
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Basic)
"Magic Video Converter_is1" = Magic Video Converter 10.0.10.2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.2.4560
"MP4 Converter_is1" = MP4 Converter 1.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview)
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 1.9.0
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 50130" = Mafia II
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever
"Tor" = Tor 0.2.1.20
"UltraISO_is1" = UltraISO Premium V9.35
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_res
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKLM..\Run: [iLDkMnpBF] C:\Windows\system\SocUD.exe File not found
O4 - HKCU..\Run: [GameTracker] I:\GAMETRACKE\GameTracker\GTLite.exe File not found
O4 - HKCU..\Run: [IpSharkk] C:\Program Files (x86)\IpSharkk\IpSharkk.exe File not found
O4 - HKCU..\Run: [Vidalia] I:\IPSHARK\Vidalia Bundle\Vidalia\vidalia.exe File not found
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - AutoRun File - [2008.05.01 13:21:49 | 001,418,544 | R--- | M] (Codemasters Software Co.) - J:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.02.26 15:51:29 | 000,000,067 | R--- | M] () - J:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:63DAEC83

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\tasks\SA.DAT
C:\Users\HAF\AppData\Roaming\inst.exe

:Reg
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
I:\ZSZC Sillk\DB-bot for ZSZC\SrProxy.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Máš plný disk:
Drive D: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Měl bys něco ubrat , i když není systémový..

Koukni do těchto složek:
C:\Windows\{0D59735E-1DA7-4E6D-B1CC-44A4F59FD0FD}
C:\Windows\{87148734-424B-4DD9-89B9-1413C2840D29}
co v nich je.

+
Poklepej znovu na ikonu OTL by OldTimer, pod Vlastní skenování/opravy (Custom Scans/Fixes) vlož následující text , zeleně zbarvený:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Neměň nastavení, jen klikni na Prohledat (Run Scan), nech sken dokončit. Až se se objeví textový soubor , tak sem vlož prosím jeho celý obsah.

Problémy nejsou žádné?

[HAFcool]

C:\Windows\{0D59735E-1DA7-4E6D-B1CC-44A4F59FD0FD}
C:\Windows\{87148734-424B-4DD9-89B9-1413C2840D29}
V techto slozkach mam instalacky na Wifi-usb

I:\ZSZC Sillk\DB-bot for ZSZC\SrProxy.exe
tohle je bez viru,ale nejde mi pretahnout sem ten link.Pracuju na tom programu porad.
Ne,problemy nemam.A mel bych nejake ocekavat ?

[HAFcool]

OTL logfile created on: 14.9.2010 13:05:16 - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = I:\DOWNLOAD CHROM
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 199,47 Gb Free Space | 66,92% Space Free | Partition Type: NTFS
Drive D: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931,51 Gb Total Space | 675,94 Gb Free Space | 72,56% Space Free | Partition Type: NTFS
Drive J: | 6,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HAF-PC
Current User Name: HAF
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.14 10:39:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- I:\DOWNLOAD CHROM\OTL.exe
PRC - [2010.09.03 02:58:56 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Users\HAF\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.06.28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- I:\AVAST\AvastUI.exe
PRC - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- I:\AVAST\AvastSvc.exe
PRC - [2009.12.08 12:46:32 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.12.04 19:49:08 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (SafeList) ==========

MOD - [2010.09.14 10:39:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- I:\DOWNLOAD CHROM\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.04.08 16:37:02 | 004,593,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- I:\AVAST\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- I:\AVAST\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- I:\AVAST\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.12.08 12:46:32 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.04 19:49:08 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.09.27 17:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.07.16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.04.25 19:18:48 | 033,480,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\MICROSOFT OFFICE 010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.06.28 22:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.01.22 15:00:27 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009.11.24 20:24:26 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.25 22:34:29 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.08.28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.08.06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.08.05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.02 11:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008.05.02 11:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008.05.02 11:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV - [2009.02.10 18:23:10 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- I:\ULTRAISO\UltraISO\drivers\ISODrv64.sys -- (ISODrive)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/skins/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=skin&q="


[2009.11.18 16:19:52 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\Mozilla\Extensions
[2010.01.04 21:25:10 | 000,000,000 | ---D | M] -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\extensions
[2009.11.18 16:19:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.16 01:22:29 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.01.03 20:13:21 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.11.20 22:25:56 | 000,002,059 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\searchplugins\daemon-search.xml
[2010.01.04 21:35:05 | 000,000,955 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\searchplugins\icqplugin.xml
[2010.01.03 20:13:19 | 000,003,915 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\Mozilla\Firefox\Profiles\lqs926d2.default\searchplugins\sweetim.xml

O1 HOSTS File: ([2010.09.14 09:29:51 | 000,000,734 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\MICROSOFT OFFICE 010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - I:\MICROSOFT OFFICE 010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [avast5] I:\AVAST\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] I:\MICROSOFT OFFICE 010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] I:\MICROSOFT OFFICE 010\Office14\GROOVEMN.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iLDkMnpBF] C:\Windows\system\SocUD.exeICE14\GROOVEMN.EX File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [GameTracker] I:\GAMETRACKE\GameTracker\GTLite.exe File not found
O4 - HKCU..\Run: [IpSharkk] C:\Program Files (x86)\IpSharkk\IpSharkk.exe File not found
O4 - HKCU..\Run: [Steam] i:\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Vidalia] I:\IPSHARK\Vidalia Bundle\Vidalia\vidalia.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - I:\MICROSOFT OFFICE 010\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: S&end to OneNote - I:\MICROSOFT OFFICE 010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - I:\MICROSOFT OFFICE 010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: S&end to OneNote - I:\MICROSOFT OFFICE 010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - I:\MICROSOFT OFFICE 010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\HAF\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\HAF\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - I:\MICROSOFT OFFICE 010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.01 13:21:49 | 001,418,544 | R--- | M] (Codemasters Software Co.) - J:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.02.26 15:51:29 | 000,000,067 | R--- | M] () - J:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010.09.14 11:04:09 | 000,000,000 | ---D | C] -- C:\Users\HAF\AppData\Local\2K Games
[2010.09.14 10:14:04 | 000,000,000 | ---D | C] -- C:\Users\HAF\DoctorWeb
[2010.09.14 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\HAF\AppData\Roaming\Malwarebytes
[2010.09.14 09:32:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.09.14 09:32:15 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.14 09:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.09.14 09:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.09 20:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.09.09 20:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.09.06 15:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.09.05 03:02:28 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.09.05 03:02:28 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.09.05 03:02:28 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.09.05 03:02:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.09.05 03:02:28 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.09.05 03:02:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.09.05 03:02:28 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.09.05 03:02:28 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.09.05 01:29:01 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010.09.05 01:29:01 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010.09.05 01:29:01 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010.09.05 01:29:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010.09.05 01:29:01 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010.09.05 01:29:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010.09.05 01:29:00 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010.09.05 01:29:00 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010.09.05 01:29:00 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010.09.05 01:29:00 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010.09.05 01:29:00 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010.09.05 01:29:00 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010.09.05 01:29:00 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.09.05 01:29:00 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.09.05 01:29:00 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010.09.05 01:29:00 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010.09.05 01:29:00 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010.09.05 01:29:00 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010.09.05 01:29:00 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.09.05 01:29:00 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.09.05 01:29:00 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.09.05 01:29:00 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.09.05 01:29:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.09.05 01:29:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.09.04 16:28:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.09.04 16:24:38 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.09.04 16:24:37 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.09.04 16:24:36 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.09.04 16:24:33 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.09.04 16:24:32 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.09.04 16:23:51 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.09.04 16:23:51 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010.09.04 16:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.09.04 15:59:28 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.09.04 15:59:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.09.04 15:59:10 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.09.04 15:59:10 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.09.04 15:59:10 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.09.04 15:59:06 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.09.04 15:59:05 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.09.04 15:59:05 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.09.04 15:59:05 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.09.04 15:59:05 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.09.04 15:59:05 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.09.04 15:59:05 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.09.04 15:59:05 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.09.04 15:59:05 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.09.04 15:59:05 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.09.04 15:59:05 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.09.04 15:59:05 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.09.04 15:59:05 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.09.04 15:59:05 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.09.04 15:59:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.09.04 15:59:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.09.04 15:58:51 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.09.04 15:58:50 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.09.04 15:58:50 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.09.04 15:58:44 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.09.04 15:58:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.09.04 15:58:44 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.09.04 15:58:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.09.04 15:58:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.09.04 15:58:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[

[HAFcool]

2010.09.04 15:58:42 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.09.04 15:58:42 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.09.04 15:58:42 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.09.04 15:58:41 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.09.04 15:58:41 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.09.04 15:58:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.09.04 15:58:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.09.04 15:58:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.09.04 15:58:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.09.04 15:58:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.09.04 15:58:23 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.09.04 15:58:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.09.04 15:58:12 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.09.04 15:58:12 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.09.04 15:58:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.09.04 15:58:11 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.09.04 15:58:11 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.09.04 15:58:11 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.09.04 15:58:11 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.09.04 15:58:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.09.04 15:58:11 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.09.04 15:58:10 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.09.04 15:58:10 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.09.04 15:58:09 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.09.04 15:58:09 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.09.04 15:58:06 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.09.04 15:58:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.09.04 15:58:02 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.09.04 15:58:01 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.09.04 15:58:01 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.09.04 15:58:01 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.09.04 15:58:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.09.04 15:55:27 | 000,000,000 | ---D | C] -- C:\Users\HAF\Documents\Downloads
[2010.09.04 15:48:09 | 000,000,000 | ---D | C] -- C:\Windows\{0D59735E-1DA7-4E6D-B1CC-44A4F59FD0FD}
[2010.09.04 15:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2010.09.04 15:23:49 | 000,000,000 | ---D | C] -- C:\Windows\{87148734-424B-4DD9-89B9-1413C2840D29}
[2010.09.04 12:52:32 | 000,000,000 | ---D | C] -- C:\Users\HAF\AppData\Roaming\InstallShield
[2010.09.03 21:28:24 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.09.03 21:28:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010.09.03 21:28:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010.09.03 20:23:07 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.09.03 20:23:07 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.09.03 20:22:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.09.03 20:22:39 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.01.22 15:00:27 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\HAF\AppData\Roaming\pcouffin.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.14 13:07:40 | 006,553,600 | -HS- | M] () -- C:\Users\HAF\NTUSER.DAT
[2010.09.14 13:04:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796291009-1635198926-3344980590-1000UA.job
[2010.09.14 12:38:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.14 09:46:56 | 000,233,960 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.09.14 09:46:56 | 000,233,960 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.09.14 09:29:51 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.09.13 20:38:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.13 19:04:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796291009-1635198926-3344980590-1000Core.job
[2010.09.13 13:42:34 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.13 13:42:34 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.13 11:38:37 | 001,480,974 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.13 11:38:37 | 000,634,020 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.09.13 11:38:37 | 000,618,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.13 11:38:37 | 000,124,400 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.09.13 11:38:37 | 000,108,240 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.13 11:31:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.13 11:31:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.13 11:31:12 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.13 00:10:19 | 002,922,673 | -H-- | M] () -- C:\Users\HAF\AppData\Local\IconCache.db
[2010.09.05 12:45:50 | 000,416,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.09.04 16:24:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.09.04 12:52:43 | 000,001,990 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
[2010.09.03 22:49:24 | 000,017,534 | ---- | M] () -- C:\Windows\SysWow64\mdc8021x.vxd
[2010.09.03 22:49:24 | 000,001,726 | ---- | M] () -- C:\Windows\ndinst.exe
[2010.09.03 20:14:37 | 000,099,384 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\inst.exe
[2010.09.03 20:14:37 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\HAF\AppData\Roaming\pcouffin.sys
[2010.09.03 20:14:37 | 000,007,859 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\pcouffin.cat
[2010.09.03 20:14:37 | 000,001,167 | ---- | M] () -- C:\Users\HAF\AppData\Roaming\pcouffin.inf
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.09 18:54:00 | 000,000,954 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796291009-1635198926-3344980590-1000UA.job
[2010.09.09 18:53:59 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796291009-1635198926-3344980590-1000Core.job
[2010.09.07 15:45:07 | 000,348,510 | ---- | C] () -- C:\Users\HAF\Desktop\MainUnit.pas
[2010.09.07 15:45:07 | 000,224,408 | ---- | C] () -- C:\Users\HAF\Desktop\OpenSave.pas
[2010.09.07 15:45:07 | 000,132,338 | ---- | C] () -- C:\Users\HAF\Desktop\memscan.pas
[2010.09.07 15:45:07 | 000,118,914 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryBrowserFormUnit.pas
[2010.09.07 15:45:07 | 000,104,891 | ---- | C] () -- C:\Users\HAF\Desktop\MainUnit.dfm
[2010.09.07 15:45:07 | 000,079,478 | ---- | C] () -- C:\Users\HAF\Desktop\style3def.bmp
[2010.09.07 15:45:07 | 000,077,108 | ---- | C] () -- C:\Users\HAF\Desktop\Structuresfrm.pas
[2010.09.07 15:45:07 | 000,067,646 | ---- | C] () -- C:\Users\HAF\Desktop\icon3.ico
[2010.09.07 15:45:07 | 000,053,815 | ---- | C] () -- C:\Users\HAF\Desktop\pointerscannerfrm.pas
[2010.09.07 15:45:07 | 000,048,409 | ---- | C] () -- C:\Users\HAF\Desktop\plugin.pas
[2010.09.07 15:45:07 | 000,046,282 | ---- | C] () -- C:\Users\HAF\Desktop\psvCPlusPlus.pas
[2010.09.07 15:45:07 | 000,039,137 | ---- | C] () -- C:\Users\HAF\Desktop\symbolhandler.pas
[2010.09.07 15:45:07 | 000,038,963 | ---- | C] () -- C:\Users\HAF\Desktop\KernelDebugger.pas
[2010.09.07 15:45:07 | 000,036,253 | ---- | C] () -- C:\Users\HAF\Desktop\PEInfounit.pas
[2010.09.07 15:45:07 | 000,034,925 | ---- | C] () -- C:\Users\HAF\Desktop\NewKernelHandler.pas
[2010.09.07 15:45:07 | 000,034,227 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignControlsUnit.dfm
[2010.09.07 15:45:07 | 000,031,918 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryBrowserFormUnit.dfm
[2010.09.07 15:45:07 | 000,028,269 | ---- | C] () -- C:\Users\HAF\Desktop\MainUnit2.pas
[2010.09.07 15:45:07 | 000,025,393 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignUnit.pas
[2010.09.07 15:45:07 | 000,023,313 | ---- | C] () -- C:\Users\HAF\Desktop\psvAutoAssembler.pas
[2010.09.07 15:45:07 | 000,020,755 | ---- | C] () -- C:\Users\HAF\Desktop\pointervaluelist.pas
[2010.09.07 15:45:07 | 000,020,439 | ---- | C] () -- C:\Users\HAF\Desktop\RichEditHighlight.pas
[2010.09.07 15:45:07 | 000,015,679 | ---- | C] () -- C:\Users\HAF\Desktop\pluginexports.pas
[2010.09.07 15:45:07 | 000,015,112 | ---- | C] () -- C:\Users\HAF\Desktop\ProcessWindowUnit.pas
[2010.09.07 15:45:07 | 000,014,000 | ---- | C] () -- C:\Users\HAF\Desktop\unrandomizer.pas
[2010.09.07 15:45:07 | 000,012,576 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignObjectViewUnit.pas
[2010.09.07 15:45:07 | 000,012,492 | ---- | C] () -- C:\Users\HAF\Desktop\x.dfm
[2010.09.07 15:45:07 | 000,012,029 | ---- | C] () -- C:\Users\HAF\Desktop\rescanhelper.pas
[2010.09.07 15:45:07 | 000,011,781 | ---- | C] () -- C:\Users\HAF\Desktop\ManualModuleLoader.pas
[2010.09.07 15:45:07 | 000,011,213 | ---- | C] () -- C:\Users\HAF\Desktop\HotKeys.pas
[2010.09.07 15:45:07 | 000,010,878 | ---- | C] () -- C:\Users\HAF\Desktop\Valuechange.pas
[2010.09.07 15:45:07 | 000,010,142 | ---- | C] () -- C:\Users\HAF\Desktop\Standalonetype3a.bmp
[2010.09.07 15:45:07 | 000,009,372 | ---- | C] () -- C:\Users\HAF\Desktop\ServiceDescriptorTables.pas
[2010.09.07 15:45:07 | 000,009,270 | ---- | C] () -- C:\Users\HAF\Desktop\LOGO3.BMP
[2010.09.07 15:45:07 | 000,009,142 | ---- | C] () -- C:\Users\HAF\Desktop\PointerscannerSettingsFrm.pas
[2010.09.07 15:45:07 | 000,008,579 | ---- | C] () -- C:\Users\HAF\Desktop\underc.pas
[2010.09.07 15:45:07 | 000,008,560 | ---- | C] () -- C:\Users\HAF\Desktop\VirtualMemory.pas
[2010.09.07 15:45:07 | 000,008,322 | ---- | C] () -- C:\Users\HAF\Desktop\logo2.bmp
[2010.09.07 15:45:07 | 000,007,840 | ---- | C] () -- C:\Users\HAF\Desktop\hotkeyhandler.pas
[2010.09.07 15:45:07 | 000,007,546 | ---- | C] () -- C:\Users\HAF\Desktop\PointerscannerSettingsFrm.dfm
[2010.09.07 15:45:07 | 000,007,182 | ---- | C] () -- C:\Users\HAF\Desktop\PointerscanresultReader.pas
[2010.09.07 15:45:07 | 000,007,075 | ---- | C] () -- C:\Users\HAF\Desktop\PEInfoFunctions.pas
[2010.09.07 15:45:07 | 000,006,844 | ---- | C] () -- C:\Users\HAF\Desktop\Structuresfrm.dfm
[2010.09.07 15:45:07 | 000,006,827 | ---- | C] () -- C:\Users\HAF\Desktop\psvRichSyntax.pas
[2010.09.07 15:45:07 | 000,006,556 | ---- | C] () -- C:\Users\HAF\Desktop\ValueFinder.pas
[2010.09.07 15:45:07 | 000,006,044 | ---- | C] () -- C:\Users\HAF\Desktop\savedisassemblyfrm.pas
[2010.09.07 15:45:07 | 000,005,673 | ---- | C] () -- C:\Users\HAF\Desktop\PEInfounit.dfm
[2010.09.07 15:45:07 | 000,005,254 | ---- | C] () -- C:\Users\HAF\Desktop\hypermode.pas
[2010.09.07 15:45:07 | 000,005,091 | ---- | C] () -- C:\Users\HAF\Desktop\pointerscannerfrm.dfm
[2010.09.07 15:45:07 | 000,004,662 | ---- | C] () -- C:\Users\HAF\Desktop\LockedString.bmp
[2010.09.07 15:45:07 | 000,004,594 | ---- | C] () -- C:\Users\HAF\Desktop\stacktrace2.pas
[2010.09.07 15:45:07 | 000,004,529 | ---- | C] () -- C:\Users\HAF\Desktop\TypePopup.dfm
[2010.09.07 15:45:07 | 000,004,342 | ---- | C] () -- C:\Users\HAF\Desktop\test.bmp
[2010.09.07 15:45:07 | 000,003,902 | ---- | C] () -- C:\Users\HAF\Desktop\inputboxtopunit.pas
[2010.09.07 15:45:07 | 000,003,890 | ---- | C] () -- C:\Users\HAF\Desktop\TypePopup.pas
[2010.09.07 15:45:07 | 000,003,886 | ---- | C] () -- C:\Users\HAF\Desktop\logo.bmp
[2010.09.07 15:45:07 | 000,003,840 | ---- | C] () -- C:\Users\HAF\Desktop\ProcessWindowUnit.dfm
[2010.09.07 15:45:07 | 000,003,675 | ---- | C] () -- C:\Users\HAF\Desktop\reinit.pas
[2010.09.07 15:45:07 | 000,003,638 | ---- | C] () -- C:\Users\HAF\Desktop\UnLockedString.bmp
[2010.09.07 15:45:07 | 000,003,549 | ---- | C] () -- C:\Users\HAF\Desktop\speedhack2.pas
[2010.09.07 15:45:07 | 000,003,510 | ---- | C] () -- C:\Users\HAF\Desktop\TextureString.bmp
[2010.09.07 15:45:07 | 000,003,276 | ---- | C] () -- C:\Users\HAF\Desktop\windows7taskbar.pas
[2010.09.07 15:45:07 | 000,003,171 | ---- | C] () -- C:\Users\HAF\Desktop\ThreadlistExFRM.pas
[2010.09.07 15:45:07 | 000,003,166 | ---- | C] () -- C:\Users\HAF\Desktop\symbolconfigunit.pas
[2010.09.07 15:45:07 | 000,002,743 | ---- | C] () -- C:\Users\HAF\Desktop\SaveFirstScan.pas
[2010.09.07 15:45:07 | 000,002,428 | ---- | C] () -- C:\Users\HAF\Desktop\symbolconfigunit.dfm
[2010.09.07 15:45:07 | 000,002,294 | ---- | C] () -- C:\Users\HAF\Desktop\ServiceDescriptorTables.dfm
[2010.09.07 15:45:07 | 000,002,047 | ---- | C] () -- C:\Users\HAF\Desktop\standaloneunit.dfm
[2010.09.07 15:45:07 | 000,001,997 | ---- | C] () -- C:\Users\HAF\Desktop\savedisassemblyfrm.dfm
[2010.09.07 15:45:07 | 000,001,995 | ---- | C] () -- C:\Users\HAF\Desktop\StructuresAddElementfrm.dfm
[2010.09.07 15:45:07 | 000,001,907 | ---- | C] () -- C:\Users\HAF\Desktop\PasteTableentryFRM.dfm
[2010.09.07 15:45:07 | 000,001,850 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignObjectViewUnit.dfm
[2010.09.07 15:45:07 | 000,001,846 | ---- | C] () -- C:\Users\HAF\Desktop\ModuleSafetyUnit.dfm
[2010.09.07 15:45:07 | 000,001,835 | ---- | C] () -- C:\Users\HAF\Desktop\HotKeys.dfm
[2010.09.07 15:45:07 | 000,001,697 | ---- | C] () -- C:\Users\HAF\Desktop\standaloneunit.pas
[2010.09.07 15:45:07 | 000,001,603 | ---- | C] () -- C:\Users\HAF\Desktop\Valuechange.dfm
[2010.09.07 15:45:07 | 000,001,584 | ---- | C] () -- C:\Users\HAF\Desktop\injectedpointerscanunit.pas
[2010.09.07 15:45:07 | 000,001,470 | ---- | C] () -- C:\Users\HAF\Desktop\tlgUnit.pas
[2010.09.07 15:45:07 | 000,001,409 | ---- | C] () -- C:\Users\HAF\Desktop\tlgUnit.dfm
[2010.09.07 15:45:07 | 000,001,404 | ---- | C] () -- C:\Users\HAF\Desktop\StructuresAddElementfrm.pas
[2010.09.07 15:45:07 | 000,001,354 | ---- | C] () -- C:\Users\HAF\Desktop\htmlHelp.pas
[2010.09.07 15:45:07 | 000,001,350 | ---- | C] () -- C:\Users\HAF\Desktop\process.bmp
[2010.09.07 15:45:07 | 000,001,128 | ---- | C] () -- C:\Users\HAF\Desktop\ModuleSafetyUnit.pas
[2010.09.07 15:45:07 | 000,001,121 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignControlsUnit.pas
[2010.09.07 15:45:07 | 000,001,111 | ---- | C] () -- C:\Users\HAF\Desktop\inputboxtopunit.dfm
[2010.09.07 15:45:07 | 000,001,041 | ---- | C] () -- C:\Users\HAF\Desktop\MemoryTrainerDesignUnit.dfm
[2010.09.07 15:45:07 | 000,001,002 | ---- | C] () -- C:\Users\HAF\Desktop\InjectedpointerscanornotFRM.dfm
[2010.09.07 15:45:07 | 000,000,893 | ---- | C] () -- C:\Users\HAF\Desktop\ThreadlistExFRM.dfm
[2010.09.07 15:45:07 | 000,000,888 | ---- | C] () -- C:\Users\HAF\Desktop\manifest.res
[2010.09.07 15:45:07 | 000,000,766 | ---- | C] () -- C:\Users\HAF\Desktop\possibletrainericon.ico
[2010.09.07 15:45:07 | 000,000,766 | ---- | C] () -- C:\Users\HAF\Desktop\icon2.ico
[2010.09.07 15:45:07 | 000,000,737 | ---- | C] () -- C:\Users\HAF\Desktop\simpleaobscanner.pas
[2010.09.07 15:45:07 | 000,000,726 | ---- | C] () -- C:\Users\HAF\Desktop\open.bmp
[2010.09.07 15:45:07 | 000,000,714 | ---- | C] () -- C:\Users\HAF\Desktop\save.bmp
[2010.09.07 15:45:07 | 000,000,709 | ---- | C] () -- C:\Users\HAF\Desktop\SyncObjs2.pas
[2010.09.07 15:45:07 | 000,000,603 | ---- | C] () -- C:\Users\HAF\Desktop\PasteTableentryFRM.pas
[2010.09.07 15:45:07 | 000,000,550 | ---- | C] () -- C:\Users\HAF\Desktop\standaloneexample.pas
[2010.09.07 15:45:07 | 000,000,478 | ---- | C] () -- C:\Users\HAF\Desktop\ProcessHandlerUnit.pas
[2010.09.07 15:45:07 | 000,000,475 | ---- | C] () -- C:\Users\HAF\Desktop\InjectedpointerscanornotFRM.pas
[2010.09.07 15:45:07 | 000,000,415 | ---- | C] () -- C:\Users\HAF\Desktop\LayoutUnit.dfm
[2010.09.07 15:45:07 | 000,000,393 | ---- | C] () -- C:\Users\HAF\Desktop\standaloneexample.dfm
[2010.09.07 15:45:07 | 000,000,388 | ---- | C] () -- C:\Users\HAF\Desktop\toolbarunit.dfm
[2010.09.07 15:45:07 | 000,000,374 | ---- | C] () -- C:\Users\HAF\Desktop\pause.bmp
[2010.09.07 15:45:07 | 000,000,370 | ---- | C] () -- C:\Users\HAF\Desktop\LayoutUnit.pas
[2010.09.07 15:45:07 | 000,000,365 | ---- | C] () -- C:\Users\HAF\Desktop\MenuItemExtra.pas
[2010.09.07 15:45:07 | 000,000,356 | ---- | C] () -- C:\Users\HAF\Desktop\pnlmemorybrowser2unit.pas
[2010.09.07 15:45:07 | 000,000,351 | ---- | C] () -- C:\Users\HAF\Desktop\Unit2.dfm
[2010.09.07 15:45:07 | 000,000,341 | ---- | C] () -- C:\Users\HAF\Desktop\toolbarunit.pas
[2010.09.07 15:45:07 | 000,000,334 | ---- | C] () -- C:\Users\HAF\Desktop\setgroupunit.dfm
[2010.09.07 15:45:07 | 000,000,333 | ---- | C] () -- C:\Users\HAF\Desktop\Unit2.pas
[2010.09.07 15:45:07 | 000,000,326 | ---- | C] () -- C:\Users\HAF\Desktop\setgroupunit.pas
[2010.09.07 15:45:07 | 000,000,308 | ---- | C] () -- C:\Users\HAF\Desktop\pnlmemorybrowser2unit.dfm
[2010.09.07 15:45:07 | 000,000,228 | ---- | C] () -- C:\Users\HAF\Desktop\trainer.rc
[2010.09.07 15:45:07 | 000,000,190 | ---- | C] () -- C:\Users\HAF\Desktop\targettexture.bmp
[2010.09.07 15:45:07 | 000,000,190 | ---- | C] () -- C:\Users\HAF\Desktop\movementtexture.bmp
[2010.09.07 15:45:07 | 000,000,190 | ---- | C] () -- C:\Users\HAF\Desktop\Locktexture.bmp
[2010.09.07 15:45:07 | 000,000,138 | ---- | C] () -- C:\Users\HAF\Desktop\selection.bmp
[2010.09.07 15:45:07 | 000,000,073 | ---- | C] () -- C:\Users\HAF\Desktop\OpenGLHook.pas
[2010.09.07 15:45:07 | 000,000,056 | ---- | C] () -- C:\Users\HAF\Desktop\unit1.pas
[2010.09.07 15:45:06 | 000,115,712 | ---- | C] () -- C:\Users\HAF\Desktop\Cheat Engine.FTS
[2010.09.07 15:45:06 | 000,068,612 | ---- | C] () -- C:\Users\HAF\Desktop\CheatEngine.res
[2010.09.07 15:45:06 | 000,059,992 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.drc
[2010.09.07 15:45:06 | 000,051,153 | ---- | C] () -- C:\Users\HAF\Desktop\CHEAT ENGINE.HLP
[2010.09.07 15:45:06 | 000,012,896 | ---- | C] () -- C:\Users\HAF\Desktop\Cheat Engine.GID
[2010.09.07 15:45:06 | 000,010,210 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.dpr
[2010.09.07 15:45:06 | 000,005,812 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.dof
[2010.09.07 15:45:06 | 000,002,900 | ---- | C] () -- C:\Users\HAF\Desktop\Changeoffsetunit.pas
[2010.09.07 15:45:06 | 000,001,856 | ---- | C] () -- C:\Users\HAF\Desktop\Cheat Engine.cnt
[2010.09.07 15:45:06 | 000,001,530 | ---- | C] () -- C:\Users\HAF\Desktop\Changeoffsetunit.dfm
[2010.09.07 15:45:06 | 000,001,110 | ---- | C] () -- C:\Users\HAF\Desktop\ChangeTimers.dfm
[2010.09.07 15:45:06 | 000,001,063 | ---- | C] () -- C:\Users\HAF\Desktop\ChangeTimers.pas
[2010.09.07 15:45:06 | 000,000,950 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.cfg
[2010.09.07 15:45:06 | 000,000,934 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.bpg
[2010.09.07 15:45:06 | 000,000,865 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.rtf
[2010.09.07 15:45:06 | 000,000,355 | ---- | C] () -- C:\Users\HAF\Desktop\ChangeValuefrm.dfm
[2010.09.07 15:45:06 | 000,000,346 | ---- | C] () -- C:\Users\HAF\Desktop\ChangeValuefrm.pas
[2010.09.07 15:45:06 | 000,000,086 | ---- | C] () -- C:\Users\HAF\Desktop\cheatengine.mps
[2010.09.07 15:45:06 | 000,000,074 | ---- | C] () -- C:\Users\HAF\Desktop\CheatEngine.todo
[2010.09.04 12:52:43 | 000,001,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
[2010.09.03 22:48:40 | 000,017,534 | ---- | C] () -- C:\Windows\SysWow64\mdc8021x.vxd
[2010.09.03 22:48:40 | 000,001,726 | ---- | C] () -- C:\Windows\ndinst.exe
[2010.01.23 13:22:01 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.01.22 19:17:10 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.01.22 17:14:42 | 000,003,584 | ---- | C] () -- C:\Users\HAF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.22 15:00:57 | 000,000,033 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\pcouffin.log
[2010.01.22 15:00:27 | 000,099,384 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\inst.exe
[2010.01.22 15:00:27 | 000,007,859 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\pcouffin.cat
[2010.01.22 15:00:27 | 000,001,167 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\pcouffin.inf
[2010.01.04 19:09:08 | 000,000,091 | ---- | C] () -- C:\Users\HAF\AppData\Local\fusioncache.dat
[2009.12.17 15:45:16 | 001,668,632 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\farm.bmp
[2009.12.17 15:42:33 | 000,000,660 | ---- | C] () -- C:\Users\HAF\AppData\Roaming\settings.dat
[2009.12.09 22:41:22 | 001,504,256 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.04 19:33:12 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.12.04 19:33:12 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.10.29 19:25:27 | 000,000,252 | ---- | C] () -- C:\Windows\game.ini
[2009.10.25 22:34:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009.10.25 22:34:47 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009.10.25 22:34:42 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009.10.25 22:34:42 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_c41411ff\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_986ce78a\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_eee87d92\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2006.11.02 14:01:02 | 000,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b6d20d6f\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_fbe95c71\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_69d79584\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows.old\Windows\System32\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_a5403adf\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_63cdbcfd\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows.old\Windows\System32\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:63DAEC83
< End of report >

[jaro3]

Neudělal si ten script v OTL..

Takže znovu:

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_res
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKLM..\Run: [iLDkMnpBF] C:\Windows\system\SocUD.exe File not found
O4 - HKCU..\Run: [GameTracker] I:\GAMETRACKE\GameTracker\GTLite.exe File not found
O4 - HKCU..\Run: [IpSharkk] C:\Program Files (x86)\IpSharkk\IpSharkk.exe File not found
O4 - HKCU..\Run: [Vidalia] I:\IPSHARK\Vidalia Bundle\Vidalia\vidalia.exe File not found
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - AutoRun File - [2008.05.01 13:21:49 | 001,418,544 | R--- | M] (Codemasters Software Co.) - J:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.02.26 15:51:29 | 000,000,067 | R--- | M] () - J:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:63DAEC83

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\tasks\SA.DAT
C:\Users\HAF\AppData\Roaming\inst.exe

:Reg
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.