PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

trojské koně

https://pc-help.cnews.cz/viewtopic.php?f=70&t=81467

Stránka 1 z 2

trojské koně

Napsal: 13 úno 2012 22:56
od tomino-tom
prosím o pomoc, našel jsem v systému šest tr.koní a nedaří se mi spustit ani MWAV a ani ComboFix a to ani v nouzáku...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:25, on 13.2.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
I:\Nástroje\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: GomPicker - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{854374CA-A277-433B-AE05-4D80EE682FC7}: NameServer = 192.168.20.1
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 6007 bytes

Re: trojské koně

Napsal: 13 úno 2012 23:33
od Damned
Smaž starý Combofix.
Nesmíš vypnout nebo restartovat PC!

1. - Stáhni si Userinit na Plochu a spusť ho. Po proběhnutí bude log v C:\ s názvem rkill.log - zkopíruj mi ho sem.

2. - Stáhni si Rooter a ulož si ho na Plochu.
•Spusť Rooter.exe dvojklikem. Pod Vista a Windows 7 - jako ADMINISTRATOR.
•Klikni na Scan.
•Program chvíli bude skenovat po skončení se otevře log "Rooter.txt". Najdeš ho v C:\Rooter$\Rooter.txt. Zkopíruj ho sem

3. - Stáhni si Rogue killer a ulož si ho na Plochu.
Spusť ho. Po načtení se ti objeví okno programu. Zvol Scan. Proběhne sken a na Ploše se ti objeví log s názvem: RKreport[1].txt.
Zkopíruj mi ho sem.


4. - Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs) nebo ComboFix (subs) a ulož si ho na Plochu - Před uložením ho přejmenuj na Třeba.com!
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: trojské koně

Napsal: 14 úno 2012 00:24
od tomino-tom
Userinit proběhl a log je na konci, ale

Rooter a Rogue Killer po spuštění zamrznou a neděje se nic...

a Combofix stále neběží!!!

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 13.02.2012 at 23:47:08.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 13.02.2012 at 23:47:15.

Re: trojské koně

Napsal: 14 úno 2012 09:24
od jaro3
Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Pokud nepůjde , stáhni znovu a při ukládání zvol jako název:
winlogon.exe

Pak postupuj podle návodu na Combofix.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Re: trojské koně

Napsal: 14 úno 2012 10:19
od tomino-tom
Tak OTC proběhl a restartoval.....

ComboFix stále neběží :-(

a ten og z CrystalDiskInfo

----------------------------------------------------------------------------
CrystalDiskInfo 4.2.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows Vista Home Premium Edition SP2 [6.0 Build 6002] (x86)
Date : 2012/02/14 10:17:26

-- Controller Map ----------------------------------------------------------
- Ricoh SD/MMC Host Controller [ATA]
- Ricoh Memory Stick Controller [ATA]
- Ricoh xD-Picture Card Controller [ATA]
+ Intel(R) ICH9M-E/M SATA AHCI Controller [ATA]
- ST9320320AS
- HL-DT-ST DVDRAM GSA-T50N
+ Intel(R) Turbo Memory Controller [SCSI]
- IMD-0
+ A6K8R3WF IDE Controller [SCSI]
- RU7300M TAC284Z SCSI CdRom Device
- Iniciátor iSCSI společnosti Microsoft [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST9320320AS : 320.0 GB [0-0-0, pd1]

----------------------------------------------------------------------------
(1) ST9320320AS
----------------------------------------------------------------------------
Model : ST9320320AS
Firmware : 0303
Serial Number : 5SX1A9YQ
Disk Size : 320.0 GB (8.4/137.4/320.0)
Buffer Size : 8192 KB
NV Cache Size : 396 MB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/300
Power On Hours : 4840 hod.
Power On Count : 4326 krát
Temparature : 35 C (95 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 117 _99 __6 000007EC3372 Počet chyb čtení
03 _99 _96 __0 000000000000 Čas na roztočení ploten
04 _93 _93 _20 000000001E9D Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _82 _60 _30 00000A2EA8AC Počet chybných hledání
09 _95 _95 __0 0000000012E8 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _96 _96 _20 0000000010E6 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000001 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _65 _53 _45 000023140023 Teplota toku vzduchu
BF 100 100 __0 000000000138 Počet udalostí zaznamenaných otřesovým senzorem
C0 _98 _98 __0 000000001080 Počet vypnutí disku
C1 100 100 __0 000000000593 Počet cyklů načítání/vymazání
C2 _35 _47 __0 000800000023 Teplota
C3 _50 _33 __0 000007EC3372 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0C 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 20
020: 35 53 58 31 41 39 59 51 00 00 40 00 00 04 30 33
030: 30 33 20 20 20 20 53 54 39 33 32 30 33 32 30 41
040: 53 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 05 06 00 00 00 4C 00 4C
0A0: 01 F0 00 29 34 6B 7D 09 61 E3 34 69 BC 09 61 E3
0B0: 40 7F 00 33 00 33 80 80 FF FE 00 00 FE 00 00 00
0C0: 00 00 00 00 00 00 00 00 EA B0 25 42 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 50 00 C5 00 10 15 57 3B
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0E
0F0: 40 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 EA B0 25 42 EA B0 25 42 00 00 00 02 01 40
110: 01 00 50 00 3C 06 3C 0A 00 00 00 3C 00 00 00 08
120: 00 00 00 00 00 0F 02 80 00 00 00 00 00 08 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 34 00 80 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 10 3F 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 80
1B0: 00 0C 00 41 00 19 00 05 00 02 00 00 10 10 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8A A5

Re: trojské koně

Napsal: 14 úno 2012 13:52
od tomino-tom
ten malwarebytes se rozběhl, ale teď nic nenašel....

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.02.14.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Tomas :: TOMAS-PC [administrátor]

Ochrana: Zakázána

14.2.2012 12:42:37
mbam-log-2012-02-14 (12-42-37).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 312815
Uplynulý čas: 58 minut, 39 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Re: trojské koně

Napsal: 14 úno 2012 14:36
od Žbeky
Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

Re: trojské koně

Napsal: 14 úno 2012 15:54
od tomino-tom
OTL logfile created on: 14.2.2012 15:29:23 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tomas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 49,81% Memory free
6,19 Gb Paging File | 4,66 Gb Available in Paging File | 75,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 18,66 Gb Free Space | 12,52% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 29,22 Gb Free Space | 20,98% Space Free | Partition Type: NTFS

Computer Name: TOMAS-PC | User Name: Tomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.14 15:28:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tomas\Desktop\OTL.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009.05.04 23:01:46 | 001,466,368 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.11 13:20:36 | 000,864,256 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009.02.11 12:16:28 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.12.04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.12.04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.07.09 17:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.18 06:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.06.04 01:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.04.01 09:31:19 | 006,025,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.01 23:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2008.02.01 22:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008.01.23 23:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008.01.23 18:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008.01.12 06:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
PRC - [2007.12.04 18:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.05 03:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007.08.15 19:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.06 00:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.11 11:56:34 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012.01.11 11:56:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 16:50:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.14 16:49:54 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.14 16:49:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.14 16:48:43 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.14 16:47:38 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009.08.16 05:06:04 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.03.31 19:04:50 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.09.03 07:24:15 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3009.39983__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.09.03 07:24:15 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3009.40180__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008.09.03 07:24:15 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3009.39941__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.09.03 07:24:15 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3009.39997__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.09.03 07:24:15 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3009.40172__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.09.03 07:24:15 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3009.40135__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.09.03 07:24:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3009.39975__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.09.03 07:24:15 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.09.03 07:24:15 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3009.39962__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.09.03 07:24:14 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3009.40202__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.09.03 07:23:56 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3009.40208__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3009.39955__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:55 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:55 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3009.40010__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:55 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3009.39963__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:55 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3009.40163__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.09.03 07:23:55 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3009.40143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:55 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3009.40004__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:55 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3009.40201__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:55 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3009.40116__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:55 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3009.40149__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.09.03 07:23:55 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.09.03 07:23:55 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3009.40142__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.09.03 07:23:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3009.40200__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.09.03 07:23:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3009.40016__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.09.03 07:23:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3009.40115__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.09.03 07:23:54 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3009.40173__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:54 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3009.40095__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:54 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3009.40089__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:54 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3009.40129__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.09.03 07:23:54 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3009.40017__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.09.03 07:23:54 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.09.03 07:23:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3009.40101__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.09.03 07:23:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3009.40128__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.09.03 07:23:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.09.03 07:23:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.09.03 07:23:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.09.03 07:23:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.09.03 07:23:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.09.03 07:23:54 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.09.03 07:23:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.09.03 07:23:49 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.09.03 07:23:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.09.03 07:23:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.09.03 07:23:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.09.03 07:23:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.09.03 07:23:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.09.03 07:23:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.09.03 07:23:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.09.03 07:23:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.09.03 07:23:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.09.03 07:23:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.09.03 07:23:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.09.03 07:23:48 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.09.03 07:23:48 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.09.03 07:23:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.09.03 07:23:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.09.03 07:23:48 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.09.03 07:23:48 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.09.03 07:23:48 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.09.03 07:23:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.09.03 07:23:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.09.03 07:23:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3009.40217__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.09.03 07:23:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.09.03 07:23:44 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3009.40228__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008.09.03 07:23:44 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.09.03 07:23:44 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3009.40186_cs_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2008.09.03 07:23:43 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3009.39949__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.09.03 07:23:43 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3009.39969__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.09.03 07:23:43 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3009.40186__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.09.03 07:23:43 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3009.40194__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.09.03 07:23:43 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.09.03 07:23:43 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3009.39934__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.09.03 07:23:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3009.40193__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.09.03 07:23:43 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.09.03 07:23:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.09.03 07:23:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.09.03 07:23:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.09.03 07:23:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3009.40194__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.09.03 07:23:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.09.03 07:23:43 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.09.03 07:23:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.09.03 07:23:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.09.03 07:23:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.09.03 07:23:42 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3009.39931__90ba9c70f846762e\APM.Server.dll
MOD - [2008.09.03 07:23:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3009.39932__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.03.29 08:19:11 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.02.01 22:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\DMedia.exe
MOD - [2008.02.01 22:29:28 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll
MOD - [2008.01.23 23:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
MOD - [2008.01.12 06:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
MOD - [2007.11.12 23:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTran.dll
MOD - [2007.03.07 01:03:08 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.02.11 13:20:36 | 000,864,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.02.11 12:16:28 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.12.04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)


========== Driver Services (SafeList) ==========

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.06 22:51:45 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011.05.18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.05.18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.05.18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.05.18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.05.05 00:15:58 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.04.16 22:48:36 | 000,048,128 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spvads.sys -- (spvads) SoundPlane Audio Device (S)
DRV - [2009.02.09 09:40:32 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009.02.08 06:15:54 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.24 06:09:40 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2008.04.21 15:26:12 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.03.29 10:24:17 | 003,544,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.02.15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.10.01 22:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.08.03 05:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 19:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.17 05:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.01.25 02:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.14 23:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005.09.23 10:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2000.01.01 01:00:00 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

[=#E56717]========== Standard Registry (SafeList) ==========[/]


[=#E56717]========== Internet Explorer ==========[/]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-580842018-1790242405-52285137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-580842018-1790242405-52285137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 85 3F A7 32 00 CB 01 [binary data]
IE - HKU\S-1-5-21-580842018-1790242405-52285137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.cz"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {707db484-2428-402d-afb5-d85b387544c7}:2.1.0.15
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.740
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tomas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.07.27 11:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.12.06 21:28:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.07 20:09:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 23:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.07.27 11:23:29 | 000,000,000 | ---D | M]

[2011.03.27 17:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\mozilla\Extensions
[2009.10.15 07:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\mozilla\Extensions\MediaCoder
[2009.10.15 07:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
[2009.10.15 07:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2011.01.30 14:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.01.14 16:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions
[2011.05.14 20:51:14 | 000,000,000 | ---D | M] (Mario Forever Toolbar) -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}
[2012.01.14 16:44:48 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.19 23:00:29 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.30 23:47:31 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010.12.18 16:33:16 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.03.27 14:17:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\engine@conduit.com
[2009.10.15 14:38:29 | 000,002,236 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\askcom.xml
[2010.10.21 12:58:56 | 000,000,881 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\conduit.xml
[2010.09.02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\iMeshWebSearch.xml
[2009.10.14 15:02:50 | 000,001,201 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\winamp-search.xml
[2011.12.07 20:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.21 05:19:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.21 02:50:48 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.09.02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2011.11.21 02:50:48 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.11.21 02:50:48 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.11.21 02:50:48 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.11.21 02:50:48 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011.12.07 18:04:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (GretechBHO Class) - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO.dll (Gretech Corporation)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-580842018-1790242405-52285137-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-580842018-1790242405-52285137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-21-580842018-1790242405-52285137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll ()
O15 - HKU\S-1-5-21-580842018-1790242405-52285137-1000\..Trusted Domains: nokia.com ([*.online] https in Důvěryhodné servery)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7209B3DA-1D1F-4746-9D12-51C55AC0CC25}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{854374CA-A277-433B-AE05-4D80EE682FC7}: NameServer = 192.168.20.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.14 15:28:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tomas\Desktop\OTL.exe
[2012.02.14 10:29:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.02.14 09:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2012.02.14 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2012.02.14 09:48:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.02.14 09:48:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.02.14 09:48:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.02.14 09:48:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.02.14 09:39:42 | 001,488,976 | ---- | C] (Crystal Dew World ) -- C:\Users\Tomas\Desktop\CrystalDiskInfo4_2_0a-en.exe
[2012.02.14 09:39:16 | 004,403,246 | R--- | C] (Swearware) -- C:\Users\Tomas\Desktop\ComboFix.exe
[2012.02.14 00:07:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.02.14 00:04:49 | 000,000,000 | ---D | C] -- C:\Users\Tomas\Desktop\RK_Quarantine
[2012.02.13 19:47:58 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2012.02.13 19:47:57 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2012.02.13 19:47:57 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2012.02.13 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2012.02.12 12:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Tomas\AppData\Local\a55a34b8
[2012.01.26 02:24:11 | 000,000,000 | ---D | C] -- C:\Users\Tomas\Documents\MyHeritage
[2012.01.26 02:23:58 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx
[2012.01.26 02:23:58 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmapi32.ocx
[2012.01.26 02:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\MyHeritage
[2012.01.21 03:05:20 | 000,000,000 | ---D | C] -- C:\Users\Tomas\Desktop\Sesion 4 - eNG
[2012.01.21 01:45:52 | 000,000,000 | ---D | C] -- C:\Users\Tomas\vpworkspace
[2012.01.21 01:45:45 | 000,000,000 | ---D | C] -- C:\Users\Tomas\visualparadigm
[2012.01.21 01:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\VP Suite 5.3
[2008.12.13 08:47:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Tomas\AppData\Roaming\pcouffin.sys
[2007.01.25 02:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[1 C:\Users\Tomas\AppData\Local\*.tmp files -> C:\Users\Tomas\AppData\Local\*.tmp -> ]

[#E56717]========== Files - Modified Within 30 Days ==========[/]

[2012.02.14 15:30:26 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FE1E1BA-FF5F-4CBF-AC88-AC3346021044}.job
[2012.02.14 15:28:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tomas\Desktop\OTL.exe
[2012.02.14 15:25:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.14 15:25:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 15:25:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 13:26:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-580842018-1790242405-52285137-1000UA.job
[2012.02.14 13:26:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-580842018-1790242405-52285137-1000Core.job
[2012.02.14 12:30:36 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.14 11:25:04 | 3220,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.14 10:25:56 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.02.14 10:20:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.14 09:59:03 | 000,000,680 | ---- | M] () -- C:\Users\Tomas\AppData\Local\d3d9caps.dat
[2012.02.14 09:55:43 | 000,001,732 | ---- | M] () -- C:\Users\Tomas\Desktop\CrystalDiskInfo.lnk
[2012.02.14 09:43:11 | 000,445,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.14 09:42:36 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.02.14 09:39:43 | 001,488,976 | ---- | M] (Crystal Dew World ) -- C:\Users\Tomas\Desktop\CrystalDiskInfo4_2_0a-en.exe
[2012.02.14 09:39:33 | 004,403,246 | R--- | M] (Swearware) -- C:\Users\Tomas\Desktop\ComboFix.exe
[2012.02.14 00:04:51 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012.02.13 23:39:46 | 001,008,141 | ---- | M] () -- C:\Users\Tomas\Desktop\uSeRiNiT.exe
[2012.02.13 22:46:27 | 000,183,296 | ---- | M] () -- C:\Users\Tomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.13 19:47:56 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2012.02.13 19:15:45 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2012.02.13 19:15:44 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2012.02.13 19:14:33 | 000,612,818 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.02.13 19:14:33 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.13 19:14:33 | 000,120,286 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.02.13 19:14:33 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.13 18:28:46 | 001,488,607 | ---- | M] () -- C:\Users\Tomas\Documents\pinfect.zip
[2012.01.31 13:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.23 17:33:52 | 1677,326,336 | ---- | M] () -- C:\Users\Tomas\Desktop\Šéfové-na-zabití-CZ-dabing.avi
[2012.01.23 16:09:32 | 873,784,458 | ---- | M] () -- C:\Users\Tomas\Desktop\zkažená-úča--super-komedie---CZ-(2011).avi
[2012.01.23 14:40:28 | 802,003,082 | ---- | M] () -- C:\Users\Tomas\Desktop\vanocni-polibek-2011-brrip-cz-warezfilm.avi
[2012.01.21 00:08:52 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[1 C:\Users\Tomas\AppData\Local\*.tmp files -> C:\Users\Tomas\AppData\Local\*.tmp -> ]

[=#E56717]========== Files Created - No Company Name ==========[/]

[2012.02.14 12:30:36 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.14 11:24:58 | 3220,279,296 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.14 09:59:03 | 000,000,680 | ---- | C] () -- C:\Users\Tomas\AppData\Local\d3d9caps.dat
[2012.02.14 09:55:43 | 000,001,732 | ---- | C] () -- C:\Users\Tomas\Desktop\CrystalDiskInfo.lnk
[2012.02.14 09:48:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.14 09:48:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.14 09:48:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.14 09:48:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.14 09:48:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.14 00:04:51 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012.02.13 23:39:45 | 001,008,141 | ---- | C] () -- C:\Users\Tomas\Desktop\uSeRiNiT.exe
[2012.01.26 00:07:22 | 731,553,792 | ---- | C] () -- C:\Users\Tomas\Desktop\Fotři jsou lotři (2010) DVDRip CZ.avi
[2012.01.25 16:59:48 | 873,784,458 | ---- | C] () -- C:\Users\Tomas\Desktop\zkažená-úča--super-komedie---CZ-(2011).avi
[2012.01.25 16:58:56 | 802,003,082 | ---- | C] () -- C:\Users\Tomas\Desktop\vanocni-polibek-2011-brrip-cz-warezfilm.avi
[2012.01.25 16:57:07 | 1677,326,336 | ---- | C] () -- C:\Users\Tomas\Desktop\Šéfové-na-zabití-CZ-dabing.avi
[2011.12.18 21:19:06 | 000,001,041 | ---- | C] () -- C:\Users\Tomas\AppData\Roaming\vso_ts_preview.xml
[2011.12.09 12:08:10 | 000,445,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.09.19 20:59:15 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.05.14 12:38:46 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2010.12.14 21:48:17 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.25 09:24:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.11 03:37:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 03:37:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.30 10:57:46 | 000,486,083 | ---- | C] () -- C:\Users\Tomas\AppData\Roaming\UserTile.png
[2009.04.01 03:20:08 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.10 00:40:11 | 000,002,686 | ---- | C] () -- C:\Windows\TRNCOM.INI
[2009.02.10 00:38:55 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2008.12.13 08:47:50 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2008.12.13 08:47:14 | 000,081,920 | ---- | C] () -- C:\Users\Tomas\AppData\Roaming\ezpinst.exe
[2008.12.13 08:47:14 | 000,007,887 | ---- | C] () -- C:\Users\Tomas\AppData\Roaming\pcouffin.cat
[2008.12.13 08:47:14 | 000,001,144 | ---- | C] () -- C:\Users\Tomas\AppData\Roaming\pcouffin.inf
[2008.11.02 09:14:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.10.22 02:12:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.11 23:21:41 | 000,183,296 | ---- | C] () -- C:\Users\Tomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.11 07:51:17 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008.09.03 08:10:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.09.03 08:00:50 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2008.09.03 07:49:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.03 07:08:41 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.09.03 06:10:53 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.04.17 11:37:47 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.04.17 11:34:43 | 000,612,818 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2008.04.17 11:34:43 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2008.04.17 11:34:43 | 000,120,286 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2008.04.17 11:34:43 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2008.03.29 08:19:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.03.29 07:51:09 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.03.06 18:40:53 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.03.05 03:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.10.01 22:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.05.09 23:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.04.16 11:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,601,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,105,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 17:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,778,240 | ---- | C] () -- C:\Windows\System32\DivXsm.exe
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2005.04.03 15:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2002.09.17 12:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2001.11.14 21:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998.05.06 20:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

[=#E56717]========== LOP Check ==========[/]

[2009.04.06 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Any Video Converter
[2009.10.15 13:53:32 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Broad Intelligence
[2008.12.14 08:33:22 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\CoolFlvMan
[2008.12.14 08:33:05 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\CoolYouTubeDownloader
[2009.02.08 06:14:05 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\DAEMON Tools
[2011.04.21 23:55:38 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\DVDVideoSoft
[2011.01.10 11:58:12 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.08 05:13:43 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\IObit
[2009.02.10 00:41:47 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\LangSoft
[2009.02.13 01:48:05 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Leadertech
[2011.06.20 17:40:34 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\LimeWire
[2011.08.31 11:09:00 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Nokia
[2011.09.28 19:02:25 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\PC Suite
[2009.10.30 07:39:31 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Sony
[2009.10.29 17:22:03 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\uTorrent
[2011.12.18 22:32:49 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Vso
[2009.10.30 05:39:11 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\VSRevoGroup
[2012.02.14 13:26:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-580842018-1790242405-52285137-1000Core.job
[2012.02.14 13:26:00 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-580842018-1790242405-52285137-1000UA.job
[2012.02.14 10:20:51 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.14 15:30:26 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7FE1E1BA-FF5F-4CBF-AC88-AC3346021044}.job

[=#E56717]========== Purity Check ==========[/]

[=#E56717]========== Alternate Data Streams ==========[/]

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:8C35AEA7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A66A990E

< End of report >

Re: trojské koně

Napsal: 14 úno 2012 15:55
od tomino-tom
OTL Extras logfile created on: 14.2.2012 15:29:23 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tomas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 49,81% Memory free
6,19 Gb Paging File | 4,66 Gb Available in Paging File | 75,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 18,66 Gb Free Space | 12,52% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 29,22 Gb Free Space | 20,98% Space Free | Partition Type: NTFS

Computer Name: TOMAS-PC | User Name: Tomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-580842018-1790242405-52285137-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B76337E-3CB3-4CF1-9032-DD9EA1494D5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17DA6C1F-FF3F-4795-9F16-4F8204F96C92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{24D50199-FB14-4082-A04B-333410638244}" = rport=445 | protocol=6 | dir=out | app=system |
"{326D32B4-83C9-461D-8EEE-B07AEC3F8B3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{45B834AF-71EF-49C5-99FD-89E3FFA819BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4983D589-5388-4A9A-AAF3-F5071DBEBFDB}" = lport=139 | protocol=6 | dir=in | app=system |
"{4CBE8D07-7C42-458E-85F0-F80E560B51F2}" = rport=139 | protocol=6 | dir=out | app=system |
"{5383CBA5-A70E-46CE-9978-8F49F2AF9071}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5FBFD97D-DF05-4FE7-AE8F-0A846AC42607}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{637124EB-27B0-4946-A695-CDCC8AEC11B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6EF56CA8-7C43-44FF-9F97-4FBC1A13B609}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D50387B-1EB5-49AC-BFBE-5042BE310682}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{803C6665-5206-4231-8D5D-B0939294E436}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{809DE5E7-FCED-4E2B-ACD3-D83D2741AC07}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DEF5D66-A417-4736-A045-8AB25CF5C2D9}" = lport=137 | protocol=17 | dir=in | app=system |
"{A4DB1EBB-286E-4DE5-816B-FB4B93C9C4B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B396F089-D219-4B55-B4D9-473F436DC882}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C08ECD07-52BA-4218-A475-45EDF7663D94}" = lport=138 | protocol=17 | dir=in | app=system |
"{C2F447E0-C62B-465F-A111-40C222D1EA4C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DA7B145A-248D-4A4E-A7C7-306022C0364B}" = rport=137 | protocol=17 | dir=out | app=system |
"{E271FFFA-A320-4F9D-AA93-7A37804088BF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E338018A-9E14-4E6B-9C36-95586D710CC2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECEE14BD-2B8E-4C73-826C-E863DF01F4BE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FCFFF6CD-56FA-450E-8ED5-ACA4F7E1C106}" = lport=445 | protocol=6 | dir=in | app=system |
"{FDC8DBDD-17E7-4BC9-AF61-8DB0766B1966}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FDD9319C-4F8C-4667-8D66-5F0A3EF96749}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FEDFC434-2E51-4EBC-B5A6-1796798992A7}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E91B01C-444C-411C-B8D8-3C4F79CF902F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1DC46045-8F72-4632-BFCE-317C21ED0B89}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{24C4DE4F-1C57-4CBE-9EC8-EB27B8034E17}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{25024C6B-6842-40D0-95E9-F0CC2AE38538}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28270E0B-3B35-4AAC-A480-0AFFFCFCE32D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{29DC0606-A93E-44BA-8B44-3AA679216705}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{33795D4D-23E6-4CB2-8807-957EBCC5DC3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CCE451D-AC0D-4611-B02A-90A36A108028}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{49585EAC-D4B2-45A0-B9DF-7BAFFE2CBFB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49C40AF4-F052-4DE0-99A9-0EC147184BB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DA2FECA-9AD9-4455-B93E-8280E38325BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EA34897-02E9-448A-BB1E-4556404315A2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5F8EF268-EA2A-4F36-A04B-CAC9E2379659}" = protocol=6 | dir=out | app=system |
"{65FE7B56-3B0B-4C98-B815-DB99C24BEF7F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{68E7C82A-2992-4E33-A147-4A5164880212}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{77C40A55-4ECD-48BC-939E-EBC87C1A247F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B8A5C9B-DEAC-4C01-AD2B-7112CA9F3D70}" = dir=in | app=c:\users\tomas\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{82D4AABC-93AC-47DA-8312-B0FE51AB058F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A03A6EBC-84D4-4CCF-AA06-18018AF686FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B39D53DF-7D51-4252-A18B-F363F3473300}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{B55842ED-BF2C-4285-9C42-D3D172B5BB10}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B8D9DEB3-BCA5-4CFB-A1A4-45F765F51F10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B96CE792-B8CD-452E-A51D-0EC93963F937}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B99A6A5F-D515-43FF-B02D-93FD2FCF5C06}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BD6DB4D8-1A07-4A90-BB0B-7466B93EBCE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1145D0C-D229-4F75-9B89-270A4946C039}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{C702AF49-0230-4DF5-9F5D-CEB6B98623BC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D803854B-DB36-43E8-AFC7-A59A3F849D3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D844229B-7AE3-4452-A937-BD472B6FD23A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{24078F3C-9DDA-4F22-94E2-796291DCAABA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{3BED7ABB-F53B-41EA-B5D0-9A5EAD48695A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BAEC6572-3B17-443B-84A4-770D5883BDDD}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |
"TCP Query User{D4F756E6-ADF4-4643-AE6A-90D1905AFC3A}C:\program files\pinnacle\studio 14\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"TCP Query User{D7E9858D-3110-456F-891A-FBFA69DCCCA2}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{FB91E1DC-314F-496E-A8AD-D4931C1FD08B}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{3CB38877-69E0-4D68-AB7B-8E7858B196FF}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{68E9A266-D230-4F7E-8002-5DF82A2D5BE6}C:\program files\pinnacle\studio 14\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"UDP Query User{7A270B8A-3F1F-480A-901A-50BE18569FD4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7C2A6409-9866-4B2B-A596-A7F363768EBD}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{97686ED1-FCCC-4B33-B255-BE45E7DE6224}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{FCEAFDAC-F185-4609-AA14-804CFAEBF62A}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0733409B-F4AC-CE4B-29A2-6780AE0B31C0}" = Skins
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09A84D86-C709-4825-9548-ACF4838D478D}" = Software Intel(R) PROSet/Wireless WiFi
"{0A4429CE-6364-D7BB-B256-4872BE4F3D9E}" = Catalyst Control Center Localization Russian
"{0AA35E34-8F21-5749-6F2D-E951D3CDFDFE}" = Catalyst Control Center Graphics Full Existing
"{0DF72BB0-1987-B5C5-A60C-0CA92748C274}" = Catalyst Control Center Localization Chinese Traditional
"{0E16D92F-F281-5EC8-98E7-724FB00ECE98}" = Catalyst Control Center Localization Danish
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{135108A2-EE1C-85B3-C344-1E80087E5EA6}" = CCC Help Hungarian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{19CD2BFF-6104-F902-D257-38CFF32E6B6A}" = ccc-utility
"{1CA4F25C-491E-B759-4639-5EDDACE361DD}" = CCC Help Italian
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{20F5A78C-611D-E54D-B4FA-A602CF310FA3}" = Catalyst Control Center Localization French
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{214D83A9-E08A-9E5C-C6FB-0F0D207F6C5B}" = Catalyst Control Center Localization Spanish
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{293BE8D0-7FE1-83BF-3BBA-2809B91A8E07}" = CCC Help Finnish
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
"{36DA8767-9BE9-4ACF-8679-958D6379F22C}" = Vodafone Mobile Connect Lite
"{3825FAAB-E1BC-C226-505C-E83E211D7599}" = CCC Help Norwegian
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{387368F4-8190-D6F5-67AE-F0E8B6EAEC1A}" = Catalyst Control Center Localization Finnish
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41F166E3-9320-7C84-A46B-5512961BBEDC}" = Catalyst Control Center Localization Thai
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4DF2EED9-7369-A220-325E-50B70F5ED455}" = CCC Help Greek
"{4E86CC69-D727-21EF-E131-E85715E92B02}" = CCC Help Russian
"{4F760C04-80A7-24A7-AC60-4EE66AC47A39}" = CCC Help Spanish
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client CS-CZ Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{565CB281-B789-34A0-6145-012AC0A08C85}" = CCC Help German
"{5664434C-B68F-8563-9709-B2EDF78A0920}" = Catalyst Control Center Graphics Previews Common
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59BBB3C7-B020-F02F-27B4-DA52B6AB8ADF}" = Catalyst Control Center Localization Greek
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.56.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DB5B034-5EE9-9F5B-7A30-E0C51F96529B}" = Catalyst Control Center Localization Polish
"{5E1263C5-7EAC-2F91-EC96-095FF28CB680}" = CCC Help Thai
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65227FF2-D50A-231B-D30F-3358D61DA10F}" = CCC Help Korean
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{686A032A-2855-B333-3551-64943D174A3A}" = Catalyst Control Center Localization Hungarian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB522AD-28EE-674D-A046-2F108849359B}" = Catalyst Control Center Localization Dutch
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{852B4B87-C487-6A08-FCB8-31F6A870E59E}" = Catalyst Control Center Core Implementation
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{882A56F6-8DCA-0A30-9C68-46A926BB24A6}" = ccc-core-static
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8B445CD1-2388-4E18-1A30-E7D493B464DA}" = CCC Help Portuguese
"{8B6F528B-2F58-F931-47C4-A935C02624DF}" = Catalyst Control Center Localization Norwegian
"{8D8DA4EC-7F07-9E99-21A2-DA635EC48AD3}" = CCC Help Dutch
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{919635D1-5C0D-4B64-B724-BDDB31D11029}" = Nero 8
"{97040054-AEC3-E198-E6D0-F4BB9352278E}" = CCC Help English
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A42424B7-85A0-FA60-2E6F-A97C8042AFFF}" = ATI Catalyst Install Manager
"{A6DBBE54-CCB6-2347-74CF-D0F7E3C49316}" = Catalyst Control Center Localization Czech
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Czech
"{AD6B37CD-781E-2E5E-D17B-F4141DF3A811}" = Catalyst Control Center Localization Italian
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0EA9DD7-ABD6-832A-6C4D-AFFB353879A7}" = CCC Help Czech
"{B66C4937-65C3-78AA-1BFF-47DF439FC379}" = Catalyst Control Center Localization Turkish
"{B8808D7E-8117-03C9-91BD-1AC9355297B7}" = Catalyst Control Center Graphics Full New
"{BC2342D0-66CC-E877-FF74-2CCB4093EB67}" = Catalyst Control Center Localization German
"{BDFD0E5D-51B1-EB29-E2F4-3DAA88A2409A}" = CCC Help Chinese Traditional
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C4437790-923C-5A7D-70CE-36C96C03FC34}" = Catalyst Control Center Localization Korean
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C653515F-58F7-F90B-7AA8-91DFC9B50BF9}" = Catalyst Control Center Localization Portuguese
"{CAD00ED2-0B6D-02D8-FF61-AFE2D106F742}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF02F0E8-2293-B1D3-CF88-F5A5F70C12A4}" = Catalyst Control Center Localization Japanese
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6BE54C0-947B-D867-1143-30CD92468F74}" = Catalyst Control Center Graphics Light
"{D9FF51F9-58E6-D71E-51DA-C2653669D95A}" = Catalyst Control Center Localization Chinese Standard
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.304
"{DD4D99AD-3F4B-CFA7-D22A-0F7AE61706C9}" = CCC Help Chinese Standard
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E03DD0E3-682A-B142-3BA9-0647DB801624}" = Catalyst Control Center Localization Swedish
"{E6EFD3F2-68AE-573F-EBD9-E7815813584C}" = Catalyst Control Center Graphics Previews Vista
"{E8BAC393-B023-48A1-F80F-BF3480AC20D3}" = CCC Help French
"{EB823850-BC46-5B5A-4298-FEE391601797}" = CCC Help Polish
"{EC870F56-6157-2547-43E7-963285E07BDB}" = CCC Help Turkish
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F56996B6-B0D0-813B-92BD-2B5E24DA1632}" = CCC Help Danish
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FEEA55B6-FB60-50C2-35F4-03336FFA8810}" = CCC Help Japanese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"CCleaner" = CCleaner
"CoreAAC" = CoreAAC
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.2.0a
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.0.8
"GOM Encoder" = GOM Encoder
"GOM Picker" = GOM PICKER
"GOM Player" = GOM Player
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0.1 (x86 cs)" = Mozilla Firefox 8.0.1 (x86 cs)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"ProInst" = Intel PROSet Wireless
"Revo Uninstaller" = Revo Uninstaller 1.92
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"stax-Pinnacle_is1" = SureThing Express Labeler
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18.5.2011 16:17:39 | Computer Name = Tomas-PC | Source = WinMgmt | ID = 10
Description =

Error - 18.5.2011 17:49:01 | Computer Name = Tomas-PC | Source = EventSystem | ID = 4621
Description =

Error - 19.5.2011 4:14:04 | Computer Name = Tomas-PC | Source = WinMgmt | ID = 10
Description =

Error - 19.5.2011 4:22:23 | Computer Name = Tomas-PC | Source = EventSystem | ID = 4621
Description =

Error - 19.5.2011 8:56:48 | Computer Name = Tomas-PC | Source = WinMgmt | ID = 10
Description =

Error - 20.5.2011 5:13:09 | Computer Name = Tomas-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.5.2011 17:57:58 | Computer Name = Tomas-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.5.2011 18:30:13 | Computer Name = Tomas-PC | Source = EventSystem | ID = 4621
Description =

Error - 22.5.2011 4:43:01 | Computer Name = Tomas-PC | Source = WinMgmt | ID = 10
Description =

Error - 22.5.2011 9:32:35 | Computer Name = Tomas-PC | Source = Application Hang | ID = 1002
Description = Program iexplore.exe verze 9.0.8112.16421 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: 1448 Čas zahájení: 01cc1884992617f0 Čas ukončení: 9850

[ System Events ]
Error - 29.10.2008 10:46:16 | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 29.10.2008 10:46:16 | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 29.10.2008 10:46:16 | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 29.10.2008 10:46:16 | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 29.10.2008 10:46:16 | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 29.10.2008 10:46:16 | Computer Name = Tomas-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 29.10.2008 15:20:04 | Computer Name = Tomas-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (4:26:51, 30.10.2008) bylo neočekávané.

Error - 29.10.2008 15:20:06 | Computer Name = Tomas-PC | Source = HTTP | ID = 15016
Description =

Error - 29.10.2008 15:21:15 | Computer Name = Tomas-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 29.10.2008 15:21:50 | Computer Name = Tomas-PC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.106 pro síťovou kartu s adresou 0016EA94F26A
byla serverem DHCP 192.168.88.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).


< End of report >

Re: trojské koně

Napsal: 14 úno 2012 20:49
od jaro3
Odinstaluj:
LimeWire

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {707db484-2428-402d-afb5-d85b387544c7}:2.1.0.15
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
[2011.03.27 17:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\mozilla\Extensions
[2012.01.14 16:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions
[2011.05.14 20:51:14 | 000,000,000 | ---D | M] (Mario Forever Toolbar) -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}
[2012.01.14 16:44:48 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.18 16:33:16 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.03.27 14:17:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\engine@conduit.com
[2009.10.15 14:38:29 | 000,002,236 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\askcom.xml
[2010.10.21 12:58:56 | 000,000,881 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\conduit.xml
[2010.09.02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\iMeshWebSearch.xml
[2009.10.14 15:02:50 | 000,001,201 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\winamp-search.xml
[2011.12.07 20:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2011.12.07 18:04:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-580842018-1790242405-52285137-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
[2012.02.13 19:14:33 | 000,612,818 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.02.13 19:14:33 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.13 19:14:33 | 000,120,286 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.02.13 19:14:33 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.13 18:28:46 | 001,488,607 | ---- | M] () -- C:\Users\Tomas\Documents\pinfect.zip
[2008.04.17 11:34:43 | 000,612,818 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2008.04.17 11:34:43 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2008.04.17 11:34:43 | 000,120,286 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2008.04.17 11:34:43 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2006.11.02 11:33:01 | 000,601,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,105,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:8C35AEA7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A66A990E

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
 [1 C:\Users\Tomas\AppData\Local\*.tmp files -> C:\Users\Tomas\AppData\Local\*.tmp -> ]
C:\ComboFix
C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\NIRCMD.exe
C:\Qoobox
C:\Users\Tomas\Desktop\RK_Quarantine
C:\Users\Tomas\AppData\Local\a55a34b8
C:\Windows\bthservsdp.dat
C:\Users\Tomas\AppData\Local\d3d9caps.dat
C:\Users\Tomas\Desktop\ComboFix.exe
C:\Users\Tomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Windows\PEV.exe
C:\Windows\MBR.exe
C:\Windows\sed.exe
C:\Windows\grep.exe
C:\Windows\zip.exe
C:\Windows\System32\systeminfo3.dll
C:\ProgramData\ezsidmv.dat
C:\Windows\ativpsrm.bin
C:\Users\Tomas\AppData\Roaming\LimeWire

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\System32\acovcnt.exe
C:\Users\Tomas\Desktop\uSeRiNiT.exe
C:\Users\Tomas\AppData\Roaming\ezpinst.exe
C:\Windows\System32\providers.bin
C:\Windows\System32\lcppn21.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Drive C: | 149,04 Gb Total Space | 18,66 Gb Free Space | 12,52% Space Free | Partition Type: NTFS
Málo místa na disku , pro win se doporučuje mít alespon 15% volného místa , něco odinstaluj , smaž.

Re: trojské koně

Napsal: 15 bře 2012 13:37
od tomino-tom
....dřív jsem to nějak nestihl...pardón :-)

tady je ten log a potom jsem nainstaloval Java.....nakonci je ještě těch pár odkazů na Virustotal, druhá položka něco ukázala. DĚKUJU!!!

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "iMesh Web Search" removed from browser.search.defaultenginename
Prefs.js: "iMesh Web Search" removed from browser.search.order.1
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 removed from extensions.enabledItems
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0 removed from extensions.enabledItems
Prefs.js: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {707db484-2428-402d-afb5-d85b387544c7}:2.1.0.15 removed from extensions.enabledItems
Prefs.js: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1 removed from extensions.enabledItems
C:\Users\Tomas\AppData\Roaming\mozilla\Extensions folder moved successfully.
Folder C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\ not found.
Folder C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\ not found.
Folder C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Folder C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Folder C:\Users\Tomas\AppData\Roaming\mozilla\Firefox\Profiles\zbcdahka.default\extensions\engine@conduit.com\ not found.
File C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\askcom.xml not found.
File C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\conduit.xml not found.
File C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\iMeshWebSearch.xml not found.
File C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\zbcdahka.default\searchplugins\winamp-search.xml not found.
Folder C:\Program Files\Mozilla Firefox\extensions\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware not found.
File C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-580842018-1790242405-52285137-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\WikiKomentáře Google...\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File C:\Windows\System32\perfh005.dat not found.
File C:\Windows\System32\perfh009.dat not found.
File C:\Windows\System32\perfc005.dat not found.
File C:\Windows\System32\perfc009.dat not found.
File C:\Users\Tomas\Documents\pinfect.zip not found.
File C:\Windows\System32\perfh005.dat not found.
File C:\Windows\System32\perfi005.dat not found.
File C:\Windows\System32\perfc005.dat not found.
File C:\Windows\System32\perfd005.dat not found.
File C:\Windows\System32\perfh009.dat not found.
File C:\Windows\System32\perfi009.dat not found.
File C:\Windows\System32\perfc009.dat not found.
File C:\Windows\System32\perfd009.dat not found.
Unable to delete ADS C:\ProgramData\Temp:8C35AEA7 .
Unable to delete ADS C:\ProgramData\Temp:A66A990E .
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder [1 C:\Users\Tomas\AppData\Local\*.tmp files -> C:\Users\Tomas\AppData\Local\*.tmp -> ] not found.
File\Folder C:\ComboFix not found.
File\Folder C:\Windows\SWREG.exe not found.
File\Folder C:\Windows\SWSC.exe not found.
File\Folder C:\Windows\NIRCMD.exe not found.
File\Folder C:\Qoobox not found.
File\Folder C:\Users\Tomas\Desktop\RK_Quarantine not found.
File\Folder C:\Users\Tomas\AppData\Local\a55a34b8 not found.
File\Folder C:\Windows\bthservsdp.dat not found.
File\Folder C:\Users\Tomas\AppData\Local\d3d9caps.dat not found.
File\Folder C:\Users\Tomas\Desktop\ComboFix.exe not found.
C:\Users\Tomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
File\Folder C:\Windows\PEV.exe not found.
File\Folder C:\Windows\MBR.exe not found.
File\Folder C:\Windows\sed.exe not found.
File\Folder C:\Windows\grep.exe not found.
File\Folder C:\Windows\zip.exe not found.
File\Folder C:\Windows\System32\systeminfo3.dll not found.
File\Folder C:\ProgramData\ezsidmv.dat not found.
File\Folder C:\Windows\ativpsrm.bin not found.
File\Folder C:\Users\Tomas\AppData\Roaming\LimeWire not found.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public

User: Tomas
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 203844076 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66634017 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8135 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3370062 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 23841424 bytes

Total Files Cleaned = 284,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 03152012_130133

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

VIRUSTOTAL:
https://www.virustotal.com/file/aaf659e ... 331813823/
https://www.virustotal.com/file/b7fc473 ... 331814090/
https://www.virustotal.com/file/6224991 ... 331814291/
https://www.virustotal.com/file/09f1b2b ... 331814411/
https://www.virustotal.com/file/6d35439 ... 331814612/

Re: trojské koně

Napsal: 15 bře 2012 15:59
od jaro3

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

:Files
C:\Users\Tomas\Desktop\uSeRiNiT.exe

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Časové pásmo: UTC+02:00
Stránka 1 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/