Dnes poobede som zapol pc a je velmi spomaleny, i po reštarte. V núdzovom zdá sa že ide ako tak ok.
Tu je log z RSITu. Veľmi dakujem za ochotu.
Logfile of random's system information tool 1.08 (written by random/random)
Run by HP at 2011-10-12 16:19:22
Microsoft Windows 7 Enterprise
System drive C: has 133 GB (67%) free of 200 GB
Total RAM: 5883 MB (87% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3459725322-1938087869-839437923-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3459725322-1938087869-839437923-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-11-05 599544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
ZoneAlarm Security Toolbar - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll [2010-12-01 2735200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-05 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{91da5e8a-3318-4f8c-b67e-5964de3ab546} - ZoneAlarm Security Toolbar - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll [2010-12-01 2735200]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-11-05 599544]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"ZoneAlarm Client"=C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [2010-11-16 1043968]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 336384]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2008-10-20 210208]
"Google Update"=C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 136176]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21 4222864]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DpHost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2011-10-12 16:19:23 ----D---- C:\Program Files (x86)\trend micro
2011-10-12 16:19:22 ----D---- C:\rsit
2011-10-12 16:13:48 ----A---- C:\Windows\ntbtlog.txt
2011-09-24 16:09:47 ----D---- C:\ProgramData\ATI
2011-09-24 16:09:44 ----D---- C:\Program Files (x86)\AMD APP
2011-09-24 16:09:35 ----D---- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-24 16:06:14 ----A---- C:\Windows\SysWOW64\Oemdspif.dll
2011-09-24 16:06:14 ----A---- C:\Windows\SysWOW64\atiuxpag.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\atiumdva.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\atiumdmv.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\atiumdag.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\atiu9pag.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\atipdlxx.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\atioglxx.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\atimpc32.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\atiglpxx.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\atigktxx.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\atidxx32.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\aticfx32.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\aticalrt.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\aticaldd.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\aticalcl.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\atiadlxy.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\ati2edxx.dll
2011-09-24 16:06:13 ----A---- C:\Windows\SysWOW64\amdpcom32.dll
2011-09-24 15:42:17 ----D---- C:\AMD
2011-09-24 15:20:50 ----D---- C:\Users\HP\AppData\Roaming\3v
2011-09-24 08:02:14 ----A---- C:\Windows\SysWOW64\srvany.exe
2011-09-24 08:02:14 ----A---- C:\Windows\KMService.exe
2011-09-22 15:55:58 ----D---- C:\Program Files (x86)\Google
======List of files/folders modified in the last 1 months======
2011-10-12 16:19:23 ----RD---- C:\Program Files (x86)
2011-10-12 16:14:42 ----D---- C:\Windows\Internet Logs
2011-10-12 16:14:02 ----D---- C:\Windows\Temp
2011-10-12 16:13:48 ----D---- C:\Windows
2011-10-11 00:42:29 ----D---- C:\Windows\Prefetch
2011-10-10 21:09:47 ----SHD---- C:\System Volume Information
2011-10-10 20:32:36 ----D---- C:\Users\HP\AppData\Roaming\uTorrent
2011-10-08 22:17:06 ----D---- C:\ProgramData\Tunngle
2011-10-08 22:17:05 ----D---- C:\Users\HP\AppData\Roaming\Tunngle
2011-10-08 22:16:52 ----D---- C:\Users\HP\AppData\Roaming\Mumble
2011-10-08 20:07:41 ----D---- C:\Program Files (x86)\Garena
2011-10-08 20:04:42 ----D---- C:\Users\HP\AppData\Roaming\Skype
2011-10-08 15:03:10 ----D---- C:\Windows\Minidump
2011-10-06 21:05:04 ----SHD---- C:\Windows\Installer
2011-10-01 19:58:22 ----D---- C:\Users\HP\AppData\Roaming\TS3Client
2011-10-01 17:40:57 ----D---- C:\Users\HP\AppData\Roaming\Winamp
2011-10-01 14:43:53 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-09-24 16:44:13 ----D---- C:\Windows\System32
2011-09-24 16:09:47 ----HD---- C:\ProgramData
2011-09-24 16:09:44 ----D---- C:\Windows\SysWOW64
2011-09-24 16:09:35 ----D---- C:\Program Files (x86)\Common Files
2011-09-24 16:06:53 ----D---- C:\Windows\inf
2011-09-22 22:22:44 ----D---- C:\Program Files (x86)\Steam
2011-09-22 15:56:05 ----D---- C:\Windows\Tasks
2011-09-15 17:39:45 ----RSD---- C:\Windows\assembly
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys []
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys []
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys []
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys []
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
S1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
S1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
S1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Windows\system32\Drivers\ISODrv64.sys [2009-02-10 115600]
S2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
S2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 33528]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
S3 ASNDIS4;ASNDIS4 Protocol Driver; \??\C:\Windows\system32\ASNDIS4.SYS []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys []
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys []
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G6032E.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\safedrv.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DpHost;@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2010-04-23 445192]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2010-11-16 2435592]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
S2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-07-29 951584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 136176]
S2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe []
S2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 822264]
S2 KMService;KMService; C:\Windows\system32\srvany.exe [2011-09-24 8192]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-05-19 75136]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2010-07-22 263168]
S2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-06-15 737016]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2010-02-23 1799472]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-07-13 411432]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Spomalený pc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Spomalený pc
info.txt logfile of random's system information tool 1.08 2011-10-12 16:19:26
======Uninstall list======
-->E:\Hry\PoRTaL\Uninstall PORTAL_SK.exe
-->MsiExec /X{F9835182-794B-4F24-902A-E2CA9D43380F}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Digital Editions-->"C:\Program Files (x86)\Adobe\Adobe Digital Editions\uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe -maintain plugin
Adobe Reader X (10.1.0)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Age of Empires III-->C:\PROGRA~2\COMMON~1\InstallShield\Driver\11\Intel 32\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AMD USB Filter Driver-->MsiExec.exe /X{987B04C4-B5AC-4AD6-A7E9-8D681085B850}
Amnesia - The Dark Descent -->"E:\Hry\Amnesia - The Dark Descent\unins000.exe"
ArcaniA - Gothic 4-->"E:\Hry\ArcaniA - Gothic 4\uninstall.exe"
Brother MFL-Pro Suite DCP-7030-->"C:\Program Files (x86)\InstallShield Installation Information\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\Setup.exe" -runfromtemp -l0x001b UNINSTALL Reg=ALL2FB -removeonly
BS.Player FREE-->"C:\Program Files (x86)\Webteh\BSplayer\uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{0E33EC53-22CE-426C-A88B-2AAC231BAC85}
Counter-Strike 1.6-->E:\Hry\Counter-Strike\Uninstal.exe
Cryostasis (Remove Only)-->"E:\Hry\Cryostasis\unins000.exe"
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Dead Space™ 2-->MsiExec.exe /X{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
Dungeons and Dragons Daggerdale-->"E:\Hry\Dungeons and Dragons Daggerdale\unins000.exe"
Fallout New Vegas-->"E:\Hry\Fallout - New vegas\unins000.exe"
Fraps-->"C:\Fraps\uninstall.exe"
Gapminder Desktop-->msiexec /qb /x {2E4125CE-DDCF-8CF6-5A4E-88735CF284F9}
Gapminder Desktop-->MsiExec.exe /I{2E4125CE-DDCF-8CF6-5A4E-88735CF284F9}
Garena 2010-->C:\Program Files (x86)\Garena\uninst.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Zem-->MsiExec.exe /X{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}
Icewind Dale II-->C:\PROGRA~2\COMMON~1\InstallShield\Driver\7\Intel 32\IDriver.exe /M{81D200BA-8BC6-46D1-974D-FCC87ECCB2F8}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LIMBO [Install&Play]-->MsiExec.exe /I{3D88D0F7-FE8C-46A9-9966-3FEE8CAAD8F8}
Magicka-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/42910
Malwarebytes' Anti-Malware verzia 1.51.1.1800-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Reader-->RunDll32 C:\PROGRA~2\COMMON~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Miranda IM 0.9.24-->C:\Program Files\Uninstall.exe
MP3 Rocket-->C:\Program Files (x86)\MP3 Rocket\Uninstall.exe
Mumble and Murmur-->C:\Program Files (x86)\Mumble\Uninstall.exe
NVIDIA PhysX-->MsiExec.exe /X{F9835182-794B-4F24-902A-E2CA9D43380F}
OpenOffice.org 3.2-->MsiExec.exe /I{28B94253-5729-4C30-8DE4-F2A0A63149B0}
Opera 11.50-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Pixillion Image Converter-->C:\Program Files (x86)\NCH Software\Pixillion\uninst.exe
Portal 2-->"E:\Hry\Portal 2\unins000.exe"
PunkBuster Services-->C:\Users\HP\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe -u
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -removeonly
S.T.A.L.K.E.R. - Shadow of Chernobyl-->"E:\Hry\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
ScanSoft PaperPort 11-->MsiExec.exe /I{5C4ED859-875F-4299-AA2C-E0E393BDCD21}
SeaMonkey (2.2)-->C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Serious Sam: The Second Encounter-->RunDll32 C:\PROGRA~2\COMMON~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}\Setup.exe" -l0x9
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Student and Home Edition-->"C:\Program Files (x86)\Britannica 11.0\Student and Home Edition\Uninstall_Student and Home Edition\Uninstall Student and Home Edition.exe"
TeamSpeak 3 Client-->"C:\Program Files (x86)\TeamSpeak 3 Client\uninstall.exe"
TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe
The Witcher 2-->"C:\Program Files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe" -runfromtemp -l0x0409 -removeonly
TomeRaider3 v3.3.5-->"C:\Program Files (x86)\TomeRaider3\unins000.exe"
Trine-->"E:\Hry\Trine\unins000.exe"
Tunngle beta-->"C:\Program Files (x86)\Tunngle\unins000.exe"
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
UltraISO Premium V9.35-->"C:\Program Files (x86)\UltraISO\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.1.11-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/20570
Warhammer® 40,000™: Dawn of War® II-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/15620
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
WinDjView 1.0.3-->C:\Program Files (x86)\WinDjView\uninstall.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files (x86)\Xvid\unins000.exe"
Zaklínač-->"C:\Program Files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0005 -removeonly
ZoneAlarm-->C:\Program Files (x86)\Zone Labs\ZoneAlarm\zauninst.exe
======Hosts File======
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 orbitservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
193.107.208.171 masterserver.hon.s2games.com
======System event log======
Computer Name: HP-PC
Event Code: 36
Message: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Record Number: 199969
Source Name: volsnap
Time Written: 20110819203618.071221-000
Event Type: Error
User:
Computer Name: HP-PC
Event Code: 3
Message: Časový limit príkazu, ktorý bol odoslaný adaptéru, uplynul. Adaptér neodpovedal.
Record Number: 199342
Source Name: BTHUSB
Time Written: 20110819154849.253831-000
Event Type: Warning
User:
Computer Name: HP-PC
Event Code: 4001
Message: Služba automatickej konfigurácie siete WLAN sa úspešne zastavila.
Record Number: 199313
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110819153500.077275-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: HP-PC
Event Code: 10002
Message: Modul WLAN Extensibility Module sa zastavil.
Cesta k modulu: C:\Windows\System32\bcmihvsrv64.dll
Record Number: 199312
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110819153500.046075-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: HP-PC
Event Code: 10010
Message: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Record Number: 199260
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20110819153452.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: HP-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3459725322-1938087869-839437923-1000:
Process 388 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3459725322-1938087869-839437923-1000
Record Number: 398
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110127211928.028861-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: HP-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.
Record Number: 373
Source Name: Microsoft-Windows-Search
Time Written: 20110127211330.000000-000
Event Type: Warning
User:
Computer Name: WIN-081A0P3FD4J
Event Code: 257
Message: Službe Cryptographic Services sa nepodarilo inicializovať databázu katalógu. Chyba ESENT: -546.
Record Number: 343
Source Name: Microsoft-Windows-CAPI2
Time Written: 20110127095323.459728-000
Event Type: Error
User:
Computer Name: WIN-081A0P3FD4J
Event Code: 412
Message: Catalog Database (288) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.
Record Number: 342
Source Name: ESENT
Time Written: 20110127095322.000000-000
Event Type: Error
User:
Computer Name: WIN-081A0P3FD4J
Event Code: 412
Message: Catalog Database (288) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.
Record Number: 341
Source Name: ESENT
Time Written: 20110127095322.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: HP-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x31643
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 5507
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110208091120.887855-000
Event Type: Audit Success
User:
Computer Name: HP-PC
Event Code: 5024
Message: The Windows Firewall service started successfully.
Record Number: 5506
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110208091119.468252-000
Event Type: Audit Success
User:
Computer Name: HP-PC
Event Code: 5033
Message: The Windows Firewall Driver started successfully.
Record Number: 5505
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110208091118.875451-000
Event Type: Audit Success
User:
Computer Name: HP-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5504
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110208091117.705449-000
Event Type: Audit Success
User:
Computer Name: HP-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: HP-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x244
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 5503
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110208091117.705449-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Broadcom\Broadcom 802.11\Driver;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\ImageConverter Plus;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC90.CRT;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC90.MFC;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=3
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0503
"tvdumpflags"=8
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
======Uninstall list======
-->E:\Hry\PoRTaL\Uninstall PORTAL_SK.exe
-->MsiExec /X{F9835182-794B-4F24-902A-E2CA9D43380F}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Digital Editions-->"C:\Program Files (x86)\Adobe\Adobe Digital Editions\uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe -maintain plugin
Adobe Reader X (10.1.0)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Age of Empires III-->C:\PROGRA~2\COMMON~1\InstallShield\Driver\11\Intel 32\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AMD USB Filter Driver-->MsiExec.exe /X{987B04C4-B5AC-4AD6-A7E9-8D681085B850}
Amnesia - The Dark Descent -->"E:\Hry\Amnesia - The Dark Descent\unins000.exe"
ArcaniA - Gothic 4-->"E:\Hry\ArcaniA - Gothic 4\uninstall.exe"
Brother MFL-Pro Suite DCP-7030-->"C:\Program Files (x86)\InstallShield Installation Information\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\Setup.exe" -runfromtemp -l0x001b UNINSTALL Reg=ALL2FB -removeonly
BS.Player FREE-->"C:\Program Files (x86)\Webteh\BSplayer\uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{0E33EC53-22CE-426C-A88B-2AAC231BAC85}
Counter-Strike 1.6-->E:\Hry\Counter-Strike\Uninstal.exe
Cryostasis (Remove Only)-->"E:\Hry\Cryostasis\unins000.exe"
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Dead Space™ 2-->MsiExec.exe /X{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
Dungeons and Dragons Daggerdale-->"E:\Hry\Dungeons and Dragons Daggerdale\unins000.exe"
Fallout New Vegas-->"E:\Hry\Fallout - New vegas\unins000.exe"
Fraps-->"C:\Fraps\uninstall.exe"
Gapminder Desktop-->msiexec /qb /x {2E4125CE-DDCF-8CF6-5A4E-88735CF284F9}
Gapminder Desktop-->MsiExec.exe /I{2E4125CE-DDCF-8CF6-5A4E-88735CF284F9}
Garena 2010-->C:\Program Files (x86)\Garena\uninst.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Zem-->MsiExec.exe /X{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}
Icewind Dale II-->C:\PROGRA~2\COMMON~1\InstallShield\Driver\7\Intel 32\IDriver.exe /M{81D200BA-8BC6-46D1-974D-FCC87ECCB2F8}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LIMBO [Install&Play]-->MsiExec.exe /I{3D88D0F7-FE8C-46A9-9966-3FEE8CAAD8F8}
Magicka-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/42910
Malwarebytes' Anti-Malware verzia 1.51.1.1800-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Reader-->RunDll32 C:\PROGRA~2\COMMON~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Miranda IM 0.9.24-->C:\Program Files\Uninstall.exe
MP3 Rocket-->C:\Program Files (x86)\MP3 Rocket\Uninstall.exe
Mumble and Murmur-->C:\Program Files (x86)\Mumble\Uninstall.exe
NVIDIA PhysX-->MsiExec.exe /X{F9835182-794B-4F24-902A-E2CA9D43380F}
OpenOffice.org 3.2-->MsiExec.exe /I{28B94253-5729-4C30-8DE4-F2A0A63149B0}
Opera 11.50-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Pixillion Image Converter-->C:\Program Files (x86)\NCH Software\Pixillion\uninst.exe
Portal 2-->"E:\Hry\Portal 2\unins000.exe"
PunkBuster Services-->C:\Users\HP\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe -u
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -removeonly
S.T.A.L.K.E.R. - Shadow of Chernobyl-->"E:\Hry\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
ScanSoft PaperPort 11-->MsiExec.exe /I{5C4ED859-875F-4299-AA2C-E0E393BDCD21}
SeaMonkey (2.2)-->C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Serious Sam: The Second Encounter-->RunDll32 C:\PROGRA~2\COMMON~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}\Setup.exe" -l0x9
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Student and Home Edition-->"C:\Program Files (x86)\Britannica 11.0\Student and Home Edition\Uninstall_Student and Home Edition\Uninstall Student and Home Edition.exe"
TeamSpeak 3 Client-->"C:\Program Files (x86)\TeamSpeak 3 Client\uninstall.exe"
TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe
The Witcher 2-->"C:\Program Files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe" -runfromtemp -l0x0409 -removeonly
TomeRaider3 v3.3.5-->"C:\Program Files (x86)\TomeRaider3\unins000.exe"
Trine-->"E:\Hry\Trine\unins000.exe"
Tunngle beta-->"C:\Program Files (x86)\Tunngle\unins000.exe"
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
UltraISO Premium V9.35-->"C:\Program Files (x86)\UltraISO\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.1.11-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/20570
Warhammer® 40,000™: Dawn of War® II-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/15620
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
WinDjView 1.0.3-->C:\Program Files (x86)\WinDjView\uninstall.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files (x86)\Xvid\unins000.exe"
Zaklínač-->"C:\Program Files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0005 -removeonly
ZoneAlarm-->C:\Program Files (x86)\Zone Labs\ZoneAlarm\zauninst.exe
======Hosts File======
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 orbitservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
193.107.208.171 masterserver.hon.s2games.com
======System event log======
Computer Name: HP-PC
Event Code: 36
Message: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Record Number: 199969
Source Name: volsnap
Time Written: 20110819203618.071221-000
Event Type: Error
User:
Computer Name: HP-PC
Event Code: 3
Message: Časový limit príkazu, ktorý bol odoslaný adaptéru, uplynul. Adaptér neodpovedal.
Record Number: 199342
Source Name: BTHUSB
Time Written: 20110819154849.253831-000
Event Type: Warning
User:
Computer Name: HP-PC
Event Code: 4001
Message: Služba automatickej konfigurácie siete WLAN sa úspešne zastavila.
Record Number: 199313
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110819153500.077275-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: HP-PC
Event Code: 10002
Message: Modul WLAN Extensibility Module sa zastavil.
Cesta k modulu: C:\Windows\System32\bcmihvsrv64.dll
Record Number: 199312
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110819153500.046075-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: HP-PC
Event Code: 10010
Message: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Record Number: 199260
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20110819153452.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: HP-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3459725322-1938087869-839437923-1000:
Process 388 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3459725322-1938087869-839437923-1000
Record Number: 398
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110127211928.028861-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: HP-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.
Record Number: 373
Source Name: Microsoft-Windows-Search
Time Written: 20110127211330.000000-000
Event Type: Warning
User:
Computer Name: WIN-081A0P3FD4J
Event Code: 257
Message: Službe Cryptographic Services sa nepodarilo inicializovať databázu katalógu. Chyba ESENT: -546.
Record Number: 343
Source Name: Microsoft-Windows-CAPI2
Time Written: 20110127095323.459728-000
Event Type: Error
User:
Computer Name: WIN-081A0P3FD4J
Event Code: 412
Message: Catalog Database (288) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.
Record Number: 342
Source Name: ESENT
Time Written: 20110127095322.000000-000
Event Type: Error
User:
Computer Name: WIN-081A0P3FD4J
Event Code: 412
Message: Catalog Database (288) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.
Record Number: 341
Source Name: ESENT
Time Written: 20110127095322.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: HP-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x31643
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 5507
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110208091120.887855-000
Event Type: Audit Success
User:
Computer Name: HP-PC
Event Code: 5024
Message: The Windows Firewall service started successfully.
Record Number: 5506
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110208091119.468252-000
Event Type: Audit Success
User:
Computer Name: HP-PC
Event Code: 5033
Message: The Windows Firewall Driver started successfully.
Record Number: 5505
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110208091118.875451-000
Event Type: Audit Success
User:
Computer Name: HP-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5504
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110208091117.705449-000
Event Type: Audit Success
User:
Computer Name: HP-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: HP-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x244
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 5503
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110208091117.705449-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Broadcom\Broadcom 802.11\Driver;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\ImageConverter Plus;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC90.CRT;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC90.MFC;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=3
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0503
"tvdumpflags"=8
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
Re: Spomalený pc
Zdravim a pekny den preji 
Tak nelegalni windows tu resit nebudeme - pravidla fora hovori jasne....
Tak nelegalni windows tu resit nebudeme - pravidla fora hovori jasne....
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?