Logfile of random's system information tool 1.09 (written by random/random)
Run by Jozef at 2011-11-16 15:21:05
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 93 GB (78%) free of 119 GB
Total RAM: 2047 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:21:13, on 16.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSI\Super-Charger\Super-Charger.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Jozef\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Jozef.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe /reminder
O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files\MSI\Super-Charger\StartSuperCharger.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8493974531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8536985968
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7597 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\expressburnShakeIcon.job
C:\WINDOWS\tasks\expressripDowngrade.job
C:\WINDOWS\tasks\expressripShakeIcon.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\prismDowngrade.job
C:\WINDOWS\tasks\prismShakeIcon.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\switchDowngrade.job
C:\WINDOWS\tasks\switchShakeIcon.job
C:\WINDOWS\tasks\wavepadSevenDays.job
C:\WINDOWS\tasks\wavepadShakeIcon.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Jozef\Application Data\Mozilla\Firefox\Profiles\4xs5rtl7.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://sk.start3.mozilla.com/firefox?cl ... k:official"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, ffxtlbr@babylon.com:1.1.8, toolbar@ask.com:3.6.9.127, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"
prefs.js - "keyword.URL" - "http://search.babylon.com/?babsrc=SP_ss ... =100370&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\Jozef\Application Data\Mozilla\Firefox\Profiles\4xs5rtl7.default\extensions\
toolbar@ask.com
{20a82645-c095-46ed-80e3-08825760534b}
C:\Documents and Settings\Jozef\Application Data\Mozilla\Firefox\Profiles\4xs5rtl7.default\searchplugins\
askcom.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-21 1233288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-21 1233288]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-01-07 111208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-01-07 13880424]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-11-04 1753192]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-01-21 20026472]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"Live Update 5"=C:\Program Files\MSI\Live Update 5\LU5.exe [2011-02-01 1220608]
"DelReg"=C:\Program Files\MSI\DualCoreCenter\DelReg.exe [2008-05-13 196608]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Super-Charger"=C:\Program Files\MSI\Super-Charger\StartSuperCharger.exe [2011-01-25 303104]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
======List of files/folders created in the last 1 month======
2011-11-16 15:21:06 ----D---- C:\Program Files\trend micro
2011-11-16 15:21:05 ----D---- C:\rsit
2011-11-16 14:55:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2492386$
2011-11-16 14:50:59 ----D---- C:\Program Files\Common Files\Windows Live
2011-11-12 06:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2011-11-10 18:37:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
======List of files/folders modified in the last 1 month======
2011-11-16 15:21:06 ----RD---- C:\Program Files
2011-11-16 15:15:07 ----D---- C:\WINDOWS\Temp
2011-11-16 15:14:59 ----SD---- C:\WINDOWS\Tasks
2011-11-16 15:14:47 ----D---- C:\WINDOWS\Prefetch
2011-11-16 15:11:39 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-16 15:11:33 ----D---- C:\WINDOWS
2011-11-16 15:09:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-16 15:09:47 ----D---- C:\WINDOWS\AppPatch
2011-11-16 14:55:22 ----HD---- C:\WINDOWS\inf
2011-11-16 14:55:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-16 14:55:21 ----D---- C:\Program Files\Internet Explorer
2011-11-16 14:55:19 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-16 14:55:17 ----A---- C:\WINDOWS\imsins.BAK
2011-11-16 14:50:59 ----D---- C:\Program Files\Common Files
2011-11-16 14:50:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-11-16 14:39:15 ----SD---- C:\Documents and Settings\Jozef\Application Data\Microsoft
2011-11-12 07:03:04 ----D---- C:\WINDOWS\system32
2011-11-11 19:38:31 ----D---- C:\Program Files\Mozilla Firefox
2011-11-10 18:37:06 ----SHD---- C:\WINDOWS\Installer
2011-11-10 18:37:06 ----HD---- C:\Config.Msi
2011-11-10 18:37:01 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-11-10 18:11:29 ----A---- C:\WINDOWS\system32\MRT.exe
2011-11-09 17:14:18 ----D---- C:\WINDOWS\Microsoft.NET
2011-11-09 17:14:08 ----RSD---- C:\WINDOWS\assembly
2011-11-09 10:55:43 ----D---- C:\Program Files\Common Files\System
2011-11-09 10:55:43 ----A---- C:\WINDOWS\win.ini
2011-10-30 06:54:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKsl0da23c9f;MpKsl0da23c9f; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60B7A67F-2440-4A75-824B-C6EDD38CC2A4}\MpKsl0da23c9f.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-01-25 6321768]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; \??\C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-08 9888672]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-04-14 94592]
R3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys []
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 MpKsl6713fbe9;MpKsl6713fbe9; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7E8EF5F-7E84-433C-A05F-CA8C64BA7E41}\MpKsl6713fbe9.sys []
S1 MpKsla0d9fb10;MpKsla0d9fb10; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C109D621-F534-4708-A116-92450B85E858}\MpKsla0d9fb10.sys []
S1 MpKsle69aebac;MpKsle69aebac; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74E2EFF2-F8E7-4D64-ABB9-FBA8E92AB7C8}\MpKsle69aebac.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu logu PC tuhne
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: prosim o kontrolu logu PC tuhne
Zdravím. 
Dej mi minutku, hnedle se na to mrknu.
Dej mi minutku, hnedle se na to mrknu.
-
-
- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: prosim o kontrolu logu PC tuhne
Jako první v nabídce Přidat nebo odebrat programy odinstaluj Ask.com Toolbar, Nero Toolbar a případně další nepotřebné toolbary. Potom fixni v HJT tyto položky:R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe /reminder
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
"Fixnout" znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek. Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
HJT najdeš zde: C:\Program Files\trend micro\Jozef.exe
A dále stáhni OTL z tohoto odkazu a ulož jej na Plochu.
- Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
- Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
- Zaškrtni okénko Pro všechny uživatele.
- Zaškrtni okénko Kontrola na havěť "LOP".
- Zaškrtni okénko Kontrola na havěť "Purity".
- Stáři souborů změň z 30 dnů na 7 dnů.
- Do spodního okénka Vlastní skenování/opravy vlož tento script:
Kód: Vybrat vše
safebootminimal
safebootnetwork
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
*legalizator* /s
*registration* /s
*Office 2010* /s
*AutoRearm* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5- Klikni na tlačítko Prohledat.
- Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
- Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: prosim o kontrolu logu PC tuhne
OTL logfile created on: 16.11.2011 16:16:50 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jozef\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,22% Memory free
3,85 Gb Paging File | 3,20 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 90,46 Gb Free Space | 77,69% Space Free | Partition Type: NTFS
Drive D: | 116,45 Gb Total Space | 106,89 Gb Free Space | 91,80% Space Free | Partition Type: NTFS
Computer Name: ORLOV | User Name: Jozef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.11.16 16:15:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jozef\Desktop\OTL.exe
PRC - [2011.11.16 15:56:17 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.11.16 15:56:15 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011.11.11 19:37:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.01.25 09:11:16 | 000,438,272 | ---- | M] (MSI CO.,LTD.) -- C:\Program Files\MSI\Super-Charger\Super-Charger.exe
PRC - [2010.06.29 18:20:56 | 041,382,002 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
PRC - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011.11.16 15:57:13 | 001,629,186 | ---- | M] () -- C:\Program Files\Spyware Terminator\TorentDll.dll
MOD - [2011.11.11 19:37:24 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.09.05 18:05:06 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SKY
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.02.24 09:26:34 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010.06.29 18:20:56 | 041,382,002 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009.03.17 16:36:46 | 000,147,456 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\RushTop.dll
MOD - [2008.09.08 15:02:26 | 000,094,208 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\VGADLL.dll
MOD - [2007.01.05 11:59:00 | 000,077,824 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\CpuUsage.dll
MOD - [2005.10.20 09:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005.10.20 09:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.11.16 15:56:15 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2006.03.03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2011.11.16 15:56:14 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011.11.16 15:09:59 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60B7A67F-2440-4A75-824B-C6EDD38CC2A4}\MpKsl0da23c9f.sys -- (MpKsl0da23c9f)
DRV - [2011.01.25 18:54:04 | 006,321,768 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.02.08 11:55:18 | 000,036,152 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.03.18 10:56:12 | 000,055,296 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2)
DRV - [2007.04.14 09:28:00 | 000,094,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 0B A5 17 0C 55 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://sk.start3.mozilla.com/firefox?cl ... k:official"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.8
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.127
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss ... =100370&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 19:37:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 16:51:03 | 000,000,000 | ---D | M]
[2011.02.24 08:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jozef\Application Data\Mozilla\Extensions
[2011.11.16 16:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jozef\Application Data\Mozilla\Firefox\Profiles\4xs5rtl7.default\extensions
[2011.02.24 10:30:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jozef\Application Data\Mozilla\Firefox\Profiles\4xs5rtl7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.07 19:09:35 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\Jozef\Application Data\Mozilla\Firefox\Profiles\4xs5rtl7.default\searchplugins\askcom.xml
[2011.10.17 08:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.11 19:37:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:11:36 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2011.09.29 02:11:36 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2011.08.07 08:33:35 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.09.29 02:11:36 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2011.09.29 02:11:36 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2011.09.29 02:11:36 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2011.09.29 02:11:36 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&oslať do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8493974531 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8536985968 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.146.128.62 195.146.132.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FDB9A3D-5F17-4E7D-B9E9-263F2059D663}: DhcpNameServer = 195.146.128.62 195.146.132.58
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.23 21:31:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2011.11.16 16:15:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jozef\Desktop\OTL.exe
[2011.11.16 15:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jozef\Application Data\Spyware Terminator
[2011.11.16 15:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator
[2011.11.16 15:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011.11.16 15:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.11.16 15:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.11.16 15:21:05 | 000,000,000 | ---D | C] -- C:\rsit
[2011.11.16 14:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.11.16 16:17:37 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.11.16 16:15:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jozef\Desktop\OTL.exe
[2011.11.16 16:09:02 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.16 15:56:27 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jozef\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk
[2011.11.16 15:56:27 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2011.11.16 15:56:14 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.11.16 15:14:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.11.16 15:09:53 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.16 15:09:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.16 14:55:17 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.16 14:52:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.14 20:09:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.11.16 16:17:37 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.11.16 15:56:27 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Jozef\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk
[2011.11.16 15:56:27 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2011.11.16 15:56:14 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.11.16 14:42:42 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011.05.14 11:31:09 | 000,117,708 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2011.05.14 11:22:43 | 000,094,107 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2011.03.27 14:54:34 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Jozef\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.24 10:56:28 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2011.02.24 10:41:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.02.24 10:41:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.02.24 10:41:40 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.02.24 10:41:40 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.02.24 10:41:39 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.02.24 09:39:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.02.24 08:31:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.23 22:21:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.02.23 22:20:12 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.23 21:58:56 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.02.23 21:58:54 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.02.23 21:58:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.02.23 21:58:49 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011.02.23 21:32:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.02.23 21:29:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.05.05 11:59:01 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006.02.28 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.02.28 13:00:00 | 000,448,042 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.02.28 13:00:00 | 000,074,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.02.28 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.01.03 18:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2001.07.07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 01:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
"SpywareTerminatorUpdate" = "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2011.11.16 15:56:17 | 003,037,696 | ---- | M] (Crawler.com)
< MD5 for: ATAPI.SYS >
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.02.24 07:38:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.02.24 07:38:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 01:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 01:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 13:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2011.02.24 07:38:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2011.02.24 07:38:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CSRSS.EXE >
[2008.04.14 01:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008.04.14 01:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2006.02.28 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
< MD5 for: EXPLORER.EXE >
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.02.28 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: LSASS.EXE >
[2006.02.28 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.02.28 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NTFS.SYS >
[2008.04.13 20:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008.04.13 20:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2006.02.28 13:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
< MD5 for: SCECLI.DLL >
[2006.02.28 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.02.06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008.04.14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009.02.06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006.02.28 13:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
< MD5 for: SMSS.EXE >
[2008.04.14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2006.02.28 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010.08.17 14:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2006.02.28 13:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2008.04.14 01:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008.04.14 01:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.02.28 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.02.28 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2006.02.28 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.02.28 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.07.06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006.04.10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2008.07.06 13:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
< %systemroot%\system32\drivers\*.sys /5 >
[2011.11.16 15:56:14 | 000,142,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
< %systemroot%\system32\drivers\*.sys /X >
[2008.04.14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004.07.17 11:36:24 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2008.04.14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004.07.17 22:55:24 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2006.02.28 13:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2006.02.28 13:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2004.07.17 11:35:00 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008.04.14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.* /5 >
[2011.11.16 14:52:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\config\*.sav >
[2011.02.23 22:19:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011.02.23 22:19:32 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011.02.23 22:19:32 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\*.* /U /s >
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
< %systemroot%\*. /mp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >
< %APPDATA%\*. >
[2011.02.24 08:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Adobe
[2011.08.07 08:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Babylon
[2011.02.24 09:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Canneverbe Limited
[2011.02.24 08:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\GHISLER
[2011.03.07 07:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\HP
[2011.02.23 21:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Identities
[2011.03.31 18:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Image Zone Express
[2011.02.23 21:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Macromedia
[2011.02.24 10:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Media Player Classic
[2011.11.16 14:39:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jozef\Application Data\Microsoft
[2011.02.24 08:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Mozilla
[2011.02.24 09:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\NCH Software
[2011.02.24 09:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\NCH Swift Sound
[2011.08.07 15:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Nero
[2011.10.14 19:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Skype
[2011.11.16 15:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Spyware Terminator
[2011.04.01 15:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\TeamViewer
< %APPDATA%\*.* >
[2011.02.23 22:20:44 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Jozef\Application Data\desktop.ini
< %APPDATA%\*.exe /s >
< %SYSTEMDRIVE%\*.exe >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2011.11.09 13:52:41 | 000,001,849 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\0CZDQ6PI\ajax-loader[1].gif
[2011.11.03 20:32:12 | 000,004,178 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\0CZDQ6PI\dsq-loader-dark[1].gif
[2011.11.08 11:44:31 | 000,002,289 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\19B2K21R\loader_frame[1].htm
[2011.11.10 09:18:29 | 000,000,673 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\2G5A1RX4\loader.white[1].gif
[2011.11.12 12:50:49 | 000,004,178 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\3AVGBNXF\dsq-loader-dark[1].gif
[2011.11.08 12:22:48 | 000,085,952 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\3AVGBNXF\orange_vianoce_microsite_preloader[1].swf
[2011.11.08 12:29:31 | 000,000,919 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\3ZOMJF3Z\ajax-loader[1].css
[2011.11.05 14:02:50 | 000,004,178 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\3ZOMJF3Z\dsq-loader-dark[2].gif
[2011.11.10 07:06:55 | 000,004,178 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\3ZOMJF3Z\dsq-loader-dark[3].gif
[2011.11.02 09:03:20 | 000,002,608 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\OX7Q8Q1F\loader_layer[1].gif
[2011.11.03 21:03:47 | 000,000,399 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\PTDSNSXG\jquery.loader[1].js
[2011.10.06 20:45:38 | 000,001,849 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\TTQTZ1Q4\ajax-loader[1].gif
[2011.11.08 12:41:03 | 000,000,673 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\UQA5GWUC\loader.white[1].gif
[2011.11.11 14:54:39 | 000,004,178 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\XGXO5UKA\dsq-loader-dark[1].gif
[2011.08.07 08:10:38 | 000,284,896 | ---- | M] () -- \Documents and Settings\Jozef\My Documents\Preberanie\SoftonicDownloader_for_nero-burning-rom.exe
[2010.10.07 04:36:40 | 000,265,552 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2010.10.07 04:36:40 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2009.05.31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2006.02.28 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2010.03.24 20:12:34 | 000,018,264 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2010.03.24 20:12:34 | 000,249,680 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2008.04.14 01:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 19:31:43 | 000,230,400 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 19:31:44 | 000,278,016 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 01:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2011.11.10 07:06:43 | 000,001,963 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\2G5A1RX4\Kathleen-Robertson-Boss-Daily-Motion-serial-vnady-hore-bez--prsia-[1].jpg
[2011.11.10 07:05:52 | 000,001,963 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\PTDSNSXG\serial-vnady-hore-bez--prsia--Kathleen-Robertson-Boss-Daily-Motion[1].jpg
[2011.11.10 07:05:52 | 000,003,451 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\UQA5GWUC\Kathleen-Robertson-Boss-Daily-Motion-serial-vnady-hore-bez--prsia-[1].jpg
[2011.11.15 18:04:50 | 000,027,158 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\XGXO5UKA\Prachar-serial-intimnosti-Hod-svistom-Polnisova[1].png
[2011.11.15 18:04:02 | 000,027,158 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\YOGYWP8Q\serial-intimnosti-Hod-svistom-Polnisova-Prachar[1].png
[2011.08.30 16:58:34 | 000,413,696 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.0.60831.0\System.Runtime.Serialization.dll
[2011.10.14 16:07:19 | 001,186,816 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.0.60831.0\System.Runtime.Serialization.ni.dll
[2010.04.07 23:48:30 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2006.02.28 13:00:00 | 000,064,896 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2011.10.14 16:08:49 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2011.02.24 09:47:10 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2011.10.14 19:03:28 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011.10.14 19:03:44 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC24745\System.Runtime.Serialization.Formatters.Soap.dll
[2010.04.07 23:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2003.08.01 12:54:06 | 000,005,632 | ---- | M] () -- \WINDOWS\mui\FALLBACK\041b\serialui.dll.mui
[2008.04.13 19:40:21 | 000,028,288 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.13 20:15:45 | 000,064,512 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2006.02.28 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2006.02.28 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2006.02.28 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2006.02.28 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.13 20:15:45 | 000,064,512 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
< *legalizator* /s >
< *registration* /s >
[2011.08.07 17:12:47 | 000,000,240 | ---- | M] () -- \Documents and Settings\Jozef\Application Data\Nero\Nero 10\OnlineServices\1registrationinfo.xml
[2010.09.10 12:47:30 | 003,736,872 | ---- | M] () -- \Program Files\Nero\Nero 10\Nero Burning ROM\OnlineServices\NOSProductRegistration.dll
[2011.02.24 09:30:49 | 000,003,338 | ---- | M] () -- \Program Files\NCH Swift Sound\ExpressBurn\Help\registration.html
[5 \WINDOWS\*.tmp files -> \WINDOWS\*.tmp -> ]
< *Office 2010* /s >
[2011.03.02 12:49:11 | 000,002,032 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Nástroje balíka Microsoft Office 2010\Centrum ukladania na servery Microsoft Office 2010.lnk
[2011.03.02 12:49:11 | 000,001,900 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Nástroje balíka Microsoft Office 2010\Jazykové predvoľby balíka Microsoft Office 2010.lnk
< *AutoRearm* /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-12 05:24:52
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0\0
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.11.16 16:17:37 | 000,000,512 | ---- | M] () MD5=12DD3E7038FF1F6720A4B04E00D5ACEC -- C:\PhysicalMBR.bin
< End of report >
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jozef\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,22% Memory free
3,85 Gb Paging File | 3,20 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 90,46 Gb Free Space | 77,69% Space Free | Partition Type: NTFS
Drive D: | 116,45 Gb Total Space | 106,89 Gb Free Space | 91,80% Space Free | Partition Type: NTFS
Computer Name: ORLOV | User Name: Jozef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.11.16 16:15:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jozef\Desktop\OTL.exe
PRC - [2011.11.16 15:56:17 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.11.16 15:56:15 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011.11.11 19:37:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.01.25 09:11:16 | 000,438,272 | ---- | M] (MSI CO.,LTD.) -- C:\Program Files\MSI\Super-Charger\Super-Charger.exe
PRC - [2010.06.29 18:20:56 | 041,382,002 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
PRC - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011.11.16 15:57:13 | 001,629,186 | ---- | M] () -- C:\Program Files\Spyware Terminator\TorentDll.dll
MOD - [2011.11.11 19:37:24 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.09.05 18:05:06 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SKY
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.02.24 09:26:34 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010.06.29 18:20:56 | 041,382,002 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009.03.17 16:36:46 | 000,147,456 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\RushTop.dll
MOD - [2008.09.08 15:02:26 | 000,094,208 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\VGADLL.dll
MOD - [2007.01.05 11:59:00 | 000,077,824 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\CpuUsage.dll
MOD - [2005.10.20 09:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005.10.20 09:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.11.16 15:56:15 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2006.03.03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2011.11.16 15:56:14 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011.11.16 15:09:59 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60B7A67F-2440-4A75-824B-C6EDD38CC2A4}\MpKsl0da23c9f.sys -- (MpKsl0da23c9f)
DRV - [2011.01.25 18:54:04 | 006,321,768 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.02.08 11:55:18 | 000,036,152 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.03.18 10:56:12 | 000,055,296 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2)
DRV - [2007.04.14 09:28:00 | 000,094,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 0B A5 17 0C 55 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://sk.start3.mozilla.com/firefox?cl ... k:official"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.8
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.127
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss ... =100370&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 19:37:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 16:51:03 | 000,000,000 | ---D | M]
[2011.02.24 08:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jozef\Application Data\Mozilla\Extensions
[2011.11.16 16:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jozef\Application Data\Mozilla\Firefox\Profiles\4xs5rtl7.default\extensions
[2011.02.24 10:30:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jozef\Application Data\Mozilla\Firefox\Profiles\4xs5rtl7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.07 19:09:35 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\Jozef\Application Data\Mozilla\Firefox\Profiles\4xs5rtl7.default\searchplugins\askcom.xml
[2011.10.17 08:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.11 19:37:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:11:36 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2011.09.29 02:11:36 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2011.08.07 08:33:35 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.09.29 02:11:36 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2011.09.29 02:11:36 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2011.09.29 02:11:36 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2011.09.29 02:11:36 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&oslať do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8493974531 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8536985968 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.146.128.62 195.146.132.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FDB9A3D-5F17-4E7D-B9E9-263F2059D663}: DhcpNameServer = 195.146.128.62 195.146.132.58
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.23 21:31:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2011.11.16 16:15:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jozef\Desktop\OTL.exe
[2011.11.16 15:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jozef\Application Data\Spyware Terminator
[2011.11.16 15:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator
[2011.11.16 15:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011.11.16 15:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.11.16 15:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.11.16 15:21:05 | 000,000,000 | ---D | C] -- C:\rsit
[2011.11.16 14:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2011.11.16 16:17:37 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.11.16 16:15:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jozef\Desktop\OTL.exe
[2011.11.16 16:09:02 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.16 15:56:27 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jozef\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk
[2011.11.16 15:56:27 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2011.11.16 15:56:14 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.11.16 15:14:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.11.16 15:09:53 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.16 15:09:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.16 14:55:17 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.16 14:52:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.14 20:09:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.11.16 16:17:37 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.11.16 15:56:27 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Jozef\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk
[2011.11.16 15:56:27 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2011.11.16 15:56:14 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.11.16 14:42:42 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011.05.14 11:31:09 | 000,117,708 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2011.05.14 11:22:43 | 000,094,107 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2011.03.27 14:54:34 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Jozef\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.24 10:56:28 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2011.02.24 10:41:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.02.24 10:41:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.02.24 10:41:40 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.02.24 10:41:40 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.02.24 10:41:39 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.02.24 09:39:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.02.24 08:31:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.23 22:21:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.02.23 22:20:12 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.23 21:58:56 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.02.23 21:58:54 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.02.23 21:58:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.02.23 21:58:49 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011.02.23 21:32:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.02.23 21:29:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.05.05 11:59:01 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006.02.28 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.02.28 13:00:00 | 000,448,042 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.02.28 13:00:00 | 000,074,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.02.28 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.01.03 18:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2001.07.07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 01:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
"SpywareTerminatorUpdate" = "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2011.11.16 15:56:17 | 003,037,696 | ---- | M] (Crawler.com)
< MD5 for: ATAPI.SYS >
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.02.24 07:38:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.02.24 07:38:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 01:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 01:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 13:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2011.02.24 07:38:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2011.02.24 07:38:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CSRSS.EXE >
[2008.04.14 01:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008.04.14 01:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2006.02.28 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
< MD5 for: EXPLORER.EXE >
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.02.28 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: LSASS.EXE >
[2006.02.28 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.02.28 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NTFS.SYS >
[2008.04.13 20:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008.04.13 20:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2006.02.28 13:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
< MD5 for: SCECLI.DLL >
[2006.02.28 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.02.06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008.04.14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009.02.06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006.02.28 13:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
< MD5 for: SMSS.EXE >
[2008.04.14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2006.02.28 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010.08.17 14:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2006.02.28 13:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2008.04.14 01:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008.04.14 01:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.02.28 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.02.28 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2006.02.28 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.02.28 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.07.06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006.04.10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2008.07.06 13:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
< %systemroot%\system32\drivers\*.sys /5 >
[2011.11.16 15:56:14 | 000,142,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
< %systemroot%\system32\drivers\*.sys /X >
[2008.04.14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004.07.17 11:36:24 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2008.04.14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004.07.17 22:55:24 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2006.02.28 13:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2006.02.28 13:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2004.07.17 11:35:00 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008.04.14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.* /5 >
[2011.11.16 14:52:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\config\*.sav >
[2011.02.23 22:19:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011.02.23 22:19:32 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011.02.23 22:19:32 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\*.* /U /s >
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
< %systemroot%\*. /mp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >
< %APPDATA%\*. >
[2011.02.24 08:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Adobe
[2011.08.07 08:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Babylon
[2011.02.24 09:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Canneverbe Limited
[2011.02.24 08:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\GHISLER
[2011.03.07 07:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\HP
[2011.02.23 21:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Identities
[2011.03.31 18:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Image Zone Express
[2011.02.23 21:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Macromedia
[2011.02.24 10:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Media Player Classic
[2011.11.16 14:39:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jozef\Application Data\Microsoft
[2011.02.24 08:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Mozilla
[2011.02.24 09:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\NCH Software
[2011.02.24 09:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\NCH Swift Sound
[2011.08.07 15:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Nero
[2011.10.14 19:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Skype
[2011.11.16 15:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\Spyware Terminator
[2011.04.01 15:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jozef\Application Data\TeamViewer
< %APPDATA%\*.* >
[2011.02.23 22:20:44 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Jozef\Application Data\desktop.ini
< %APPDATA%\*.exe /s >
< %SYSTEMDRIVE%\*.exe >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2011.11.09 13:52:41 | 000,001,849 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\0CZDQ6PI\ajax-loader[1].gif
[2011.11.03 20:32:12 | 000,004,178 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\0CZDQ6PI\dsq-loader-dark[1].gif
[2011.11.08 11:44:31 | 000,002,289 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\19B2K21R\loader_frame[1].htm
[2011.11.10 09:18:29 | 000,000,673 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\2G5A1RX4\loader.white[1].gif
[2011.11.12 12:50:49 | 000,004,178 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\3AVGBNXF\dsq-loader-dark[1].gif
[2011.11.08 12:22:48 | 000,085,952 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\3AVGBNXF\orange_vianoce_microsite_preloader[1].swf
[2011.11.08 12:29:31 | 000,000,919 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\3ZOMJF3Z\ajax-loader[1].css
[2011.11.05 14:02:50 | 000,004,178 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\3ZOMJF3Z\dsq-loader-dark[2].gif
[2011.11.10 07:06:55 | 000,004,178 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\3ZOMJF3Z\dsq-loader-dark[3].gif
[2011.11.02 09:03:20 | 000,002,608 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\OX7Q8Q1F\loader_layer[1].gif
[2011.11.03 21:03:47 | 000,000,399 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\PTDSNSXG\jquery.loader[1].js
[2011.10.06 20:45:38 | 000,001,849 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\TTQTZ1Q4\ajax-loader[1].gif
[2011.11.08 12:41:03 | 000,000,673 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\UQA5GWUC\loader.white[1].gif
[2011.11.11 14:54:39 | 000,004,178 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\XGXO5UKA\dsq-loader-dark[1].gif
[2011.08.07 08:10:38 | 000,284,896 | ---- | M] () -- \Documents and Settings\Jozef\My Documents\Preberanie\SoftonicDownloader_for_nero-burning-rom.exe
[2010.10.07 04:36:40 | 000,265,552 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2010.10.07 04:36:40 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2009.05.31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2006.02.28 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2010.03.24 20:12:34 | 000,018,264 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2010.03.24 20:12:34 | 000,249,680 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2008.04.14 01:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 19:31:43 | 000,230,400 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 19:31:44 | 000,278,016 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 01:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2011.11.10 07:06:43 | 000,001,963 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\2G5A1RX4\Kathleen-Robertson-Boss-Daily-Motion-serial-vnady-hore-bez--prsia-[1].jpg
[2011.11.10 07:05:52 | 000,001,963 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\PTDSNSXG\serial-vnady-hore-bez--prsia--Kathleen-Robertson-Boss-Daily-Motion[1].jpg
[2011.11.10 07:05:52 | 000,003,451 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\UQA5GWUC\Kathleen-Robertson-Boss-Daily-Motion-serial-vnady-hore-bez--prsia-[1].jpg
[2011.11.15 18:04:50 | 000,027,158 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\XGXO5UKA\Prachar-serial-intimnosti-Hod-svistom-Polnisova[1].png
[2011.11.15 18:04:02 | 000,027,158 | ---- | M] () -- \Documents and Settings\Jozef\Local Settings\Temporary Internet Files\Content.IE5\YOGYWP8Q\serial-intimnosti-Hod-svistom-Polnisova-Prachar[1].png
[2011.08.30 16:58:34 | 000,413,696 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.0.60831.0\System.Runtime.Serialization.dll
[2011.10.14 16:07:19 | 001,186,816 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.0.60831.0\System.Runtime.Serialization.ni.dll
[2010.04.07 23:48:30 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2006.02.28 13:00:00 | 000,064,896 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2011.10.14 16:08:49 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2011.02.24 09:47:10 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2011.10.14 19:03:28 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011.10.14 19:03:44 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC24745\System.Runtime.Serialization.Formatters.Soap.dll
[2010.04.07 23:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2003.08.01 12:54:06 | 000,005,632 | ---- | M] () -- \WINDOWS\mui\FALLBACK\041b\serialui.dll.mui
[2008.04.13 19:40:21 | 000,028,288 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.13 20:15:45 | 000,064,512 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2006.02.28 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2006.02.28 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2006.02.28 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2006.02.28 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.13 20:15:45 | 000,064,512 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
< *legalizator* /s >
< *registration* /s >
[2011.08.07 17:12:47 | 000,000,240 | ---- | M] () -- \Documents and Settings\Jozef\Application Data\Nero\Nero 10\OnlineServices\1registrationinfo.xml
[2010.09.10 12:47:30 | 003,736,872 | ---- | M] () -- \Program Files\Nero\Nero 10\Nero Burning ROM\OnlineServices\NOSProductRegistration.dll
[2011.02.24 09:30:49 | 000,003,338 | ---- | M] () -- \Program Files\NCH Swift Sound\ExpressBurn\Help\registration.html
[5 \WINDOWS\*.tmp files -> \WINDOWS\*.tmp -> ]
< *Office 2010* /s >
[2011.03.02 12:49:11 | 000,002,032 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Nástroje balíka Microsoft Office 2010\Centrum ukladania na servery Microsoft Office 2010.lnk
[2011.03.02 12:49:11 | 000,001,900 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Nástroje balíka Microsoft Office 2010\Jazykové predvoľby balíka Microsoft Office 2010.lnk
< *AutoRearm* /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-12 05:24:52
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0\0
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.11.16 16:17:37 | 000,000,512 | ---- | M] () MD5=12DD3E7038FF1F6720A4B04E00D5ACEC -- C:\PhysicalMBR.bin
< End of report >
Re: prosim o kontrolu logu PC tuhne
OTL Extras logfile created on: 16.11.2011 16:16:50 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jozef\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,22% Memory free
3,85 Gb Paging File | 3,20 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 90,46 Gb Free Space | 77,69% Space Free | Partition Type: NTFS
Drive D: | 116,45 Gb Total Space | 106,89 Gb Free Space | 91,80% Space Free | Partition Type: NTFS
Computer Name: ORLOV | User Name: Jozef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- (Crawler.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0FB871A9-C617-4415-BB5D-619A8D946115}" = Microsoft Antimalware Service SK-SK Language Pack
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45212F71-750F-4B98-8931-2F35DBE6B661}" = Paint.NET v3.5.7
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client SK-SK Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 14
"{90140000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2010
"{90140000-0015-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2010
"{90140000-0016-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2010
"{90140000-0018-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2010
"{90140000-0019-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2010
"{90140000-001A-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2010
"{90140000-001B-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{2304F942-79D2-46F7-A512-269A7F5B7EFC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-040E-0000-0000000FF1CE}_Office14.PROPLUSR_{71431694-851E-4BC7-92A9-4BB9D196E24F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{A162C5E6-7778-4D5B-9F0A-38F0122DD859}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2010
"{90140000-002C-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{93F2D01D-F7E6-46E5-9A7C-316262461F9F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2010
"{90140000-0044-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2010
"{90140000-006E-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{56405E5D-9583-4644-B183-AFB3E19D80B3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2010
"{90140000-00A1-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2010
"{90140000-00BA-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1051-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Slovak
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DualCoreCenter_is1" = DualCoreCenter
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.5 (Full)
"Liveupdate5_is1" = Liveupdate5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 sk)" = Mozilla Firefox 8.0 (x86 sk)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Prism" = Prism Video File Converter
"Spyware Terminator_is1" = Spyware Terminator
"Super-Charger_is1" = Super-Charger
"Switch" = Switch Sound File Converter
"Totalcmd" = Total Commander (Remove or Repair)
"WavePad" = WavePad Sound Editor
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3.9.2011 14:05:49 | Computer Name = ORLOV | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 9.9.2011 23:44:53 | Computer Name = ORLOV | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia firefox.exe, verzia 1.9.2.4259, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 30.9.2011 23:50:38 | Computer Name = ORLOV | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia firefox.exe, verzia 1.9.2.4280, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 30.9.2011 23:50:38 | Computer Name = ORLOV | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia firefox.exe, verzia 1.9.2.4280, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 11.10.2011 13:17:55 | Computer Name = ORLOV | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie skype.exe, verzia 5.6.59.105, zlyhanie modulu unknown,
verzia 0.0.0.0, adresa zlyhania 0x07c7c638.
Error - 13.10.2011 10:07:53 | Computer Name = ORLOV | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd,
P4 10.3.1781.0, P5 mpsigstub.exe, P6 3.0.8402.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.
Error - 23.10.2011 1:22:16 | Computer Name = ORLOV | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie dualcorecenter.exe, verzia 2.0.6.7, zlyhanie modulu
ntdll.dll, verzia 5.1.2600.6055, adresa zlyhania 0x0000120e.
Error - 31.10.2011 15:11:12 | Computer Name = ORLOV | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie dualcorecenter.exe, verzia 2.0.6.7, zlyhanie modulu
ntdll.dll, verzia 5.1.2600.6055, adresa zlyhania 0x0000120e.
[ System Events ]
Error - 16.11.2011 11:08:20 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:20 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:20 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:20 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
< End of report >
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jozef\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,22% Memory free
3,85 Gb Paging File | 3,20 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 90,46 Gb Free Space | 77,69% Space Free | Partition Type: NTFS
Drive D: | 116,45 Gb Total Space | 106,89 Gb Free Space | 91,80% Space Free | Partition Type: NTFS
Computer Name: ORLOV | User Name: Jozef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- (Crawler.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0FB871A9-C617-4415-BB5D-619A8D946115}" = Microsoft Antimalware Service SK-SK Language Pack
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45212F71-750F-4B98-8931-2F35DBE6B661}" = Paint.NET v3.5.7
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client SK-SK Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 14
"{90140000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2010
"{90140000-0015-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2010
"{90140000-0016-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2010
"{90140000-0018-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2010
"{90140000-0019-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2010
"{90140000-001A-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2010
"{90140000-001B-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}_Office14.PROPLUSR_{2304F942-79D2-46F7-A512-269A7F5B7EFC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-040E-0000-0000000FF1CE}_Office14.PROPLUSR_{71431694-851E-4BC7-92A9-4BB9D196E24F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{A162C5E6-7778-4D5B-9F0A-38F0122DD859}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2010
"{90140000-002C-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{93F2D01D-F7E6-46E5-9A7C-316262461F9F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2010
"{90140000-0044-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2010
"{90140000-006E-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{56405E5D-9583-4644-B183-AFB3E19D80B3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2010
"{90140000-00A1-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2010
"{90140000-00BA-041B-0000-0000000FF1CE}_Office14.PROPLUSR_{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1051-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Slovak
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DualCoreCenter_is1" = DualCoreCenter
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.5 (Full)
"Liveupdate5_is1" = Liveupdate5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 sk)" = Mozilla Firefox 8.0 (x86 sk)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Prism" = Prism Video File Converter
"Spyware Terminator_is1" = Spyware Terminator
"Super-Charger_is1" = Super-Charger
"Switch" = Switch Sound File Converter
"Totalcmd" = Total Commander (Remove or Repair)
"WavePad" = WavePad Sound Editor
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3.9.2011 14:05:49 | Computer Name = ORLOV | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 9.9.2011 23:44:53 | Computer Name = ORLOV | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia firefox.exe, verzia 1.9.2.4259, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 30.9.2011 23:50:38 | Computer Name = ORLOV | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia firefox.exe, verzia 1.9.2.4280, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 30.9.2011 23:50:38 | Computer Name = ORLOV | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia firefox.exe, verzia 1.9.2.4280, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 11.10.2011 13:17:55 | Computer Name = ORLOV | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie skype.exe, verzia 5.6.59.105, zlyhanie modulu unknown,
verzia 0.0.0.0, adresa zlyhania 0x07c7c638.
Error - 13.10.2011 10:07:53 | Computer Name = ORLOV | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd,
P4 10.3.1781.0, P5 mpsigstub.exe, P6 3.0.8402.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.
Error - 23.10.2011 1:22:16 | Computer Name = ORLOV | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie dualcorecenter.exe, verzia 2.0.6.7, zlyhanie modulu
ntdll.dll, verzia 5.1.2600.6055, adresa zlyhania 0x0000120e.
Error - 31.10.2011 15:11:12 | Computer Name = ORLOV | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie dualcorecenter.exe, verzia 2.0.6.7, zlyhanie modulu
ntdll.dll, verzia 5.1.2600.6055, adresa zlyhania 0x0000120e.
[ System Events ]
Error - 16.11.2011 11:08:20 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:20 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:20 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:20 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
Error - 16.11.2011 11:08:21 | Computer Name = ORLOV | Source = Service Control Manager | ID = 7023
Description = Služba Application Management bola ukončená s nasledujúcou chybou:
%%126
< End of report >
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: prosim o kontrolu logu PC tuhne
Znovu spusť OTL.
- Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
- Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
- Do spodního okénka Vlastní skenování/opravy vlož tento skript:
Kód: Vybrat vše
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 0B A5 17 0C 55 CC 01 [binary data]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.8
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.127
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=3ccd09d00000000000000019dbf62e50&tlver=1.4.31.2&instlRef=sst&affID=100370&q="
[2011.08.07 08:33:35 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
:Services
gupdate
gupdatem
NAUpdate
:Files
C:\Program Files\Ask.com
C:\Documents and Settings\Jozef\Application Data\Babylon
C:\WINDOWS\tasks\expressburnShakeIcon.job
C:\WINDOWS\tasks\expressripDowngrade.job
C:\WINDOWS\tasks\expressripShakeIcon.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\prismDowngrade.job
C:\WINDOWS\tasks\prismShakeIcon.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\switchDowngrade.job
C:\WINDOWS\tasks\switchShakeIcon.job
C:\WINDOWS\tasks\wavepadSevenDays.job
C:\WINDOWS\tasks\wavepadShakeIcon.job
%windir%\*.tmp /s
%windir%\system32\SET*.tmp /s
%windir%\system32\*.tmp.dll /s
:Commands
[emptytemp]
[emptyflash]
[resethosts]
[purity]
[clearallrestorepoints]- Klikni na tlačítko [Opravit].
- Po dokončení skenu se objeví log, ten mi sem vlož.
- Pokud se log nevejde do jednoho příspěvku, rozděl jej na více částí.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: prosim o kontrolu logu PC tuhne
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: ffxtlbr@babylon.com:1.1.8 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.6.9.127 removed from extensions.enabledItems
Prefs.js: "http://search.babylon.com/?babsrc=SP_ss ... =100370&q=" removed from keyword.URL
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\WINDOWS\002594_.tmp deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP106.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP139.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E7.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP222.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C5.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP301.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP32E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP336.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP403.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP414.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4A9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4EB.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP537.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6EF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP70F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP853.tmp\UIAutomationClient.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP853.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI57A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI5C8.tmp deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\SET6B1.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_3D8C5.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_3D8C5.tmp folder deleted successfully.
C:\WINDOWS\Temp\GUR1.tmp deleted successfully.
C:\WINDOWS\Temp\GUR2.tmp deleted successfully.
C:\WINDOWS\Temp\GUR272.tmp deleted successfully.
C:\WINDOWS\Temp\GUR3.tmp deleted successfully.
C:\WINDOWS\Temp\~DF38C6.tmp deleted successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service NAUpdate stopped successfully!
Service NAUpdate deleted successfully!
========== FILES ==========
File\Folder C:\Program Files\Ask.com not found.
C:\Documents and Settings\Jozef\Application Data\Babylon folder moved successfully.
C:\WINDOWS\tasks\expressburnShakeIcon.job moved successfully.
C:\WINDOWS\tasks\expressripDowngrade.job moved successfully.
C:\WINDOWS\tasks\expressripShakeIcon.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully.
C:\WINDOWS\tasks\prismDowngrade.job moved successfully.
C:\WINDOWS\tasks\prismShakeIcon.job moved successfully.
File\Folder C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.
C:\WINDOWS\tasks\switchDowngrade.job moved successfully.
C:\WINDOWS\tasks\switchShakeIcon.job moved successfully.
C:\WINDOWS\tasks\wavepadSevenDays.job moved successfully.
C:\WINDOWS\tasks\wavepadShakeIcon.job moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Jozef
->Temp folder emptied: 1254501898 bytes
->Temporary Internet Files folder emptied: 2752465649 bytes
->FireFox cache emptied: 42549301 bytes
->Google Chrome cache emptied: 6850727 bytes
->Flash cache emptied: 110244 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 2503490 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17797153 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 99389115 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 101763136 bytes
Total Files Cleaned = 4 080,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Jozef
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.31.0 log created on 11162011_170358
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: ffxtlbr@babylon.com:1.1.8 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.6.9.127 removed from extensions.enabledItems
Prefs.js: "http://search.babylon.com/?babsrc=SP_ss ... =100370&q=" removed from keyword.URL
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\WINDOWS\002594_.tmp deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP106.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP139.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E7.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP222.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C5.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP301.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP32E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP336.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP403.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP414.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4A9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4EB.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP537.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6EF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP70F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP853.tmp\UIAutomationClient.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP853.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI57A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI5C8.tmp deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\SET6B1.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_3D8C5.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_3D8C5.tmp folder deleted successfully.
C:\WINDOWS\Temp\GUR1.tmp deleted successfully.
C:\WINDOWS\Temp\GUR2.tmp deleted successfully.
C:\WINDOWS\Temp\GUR272.tmp deleted successfully.
C:\WINDOWS\Temp\GUR3.tmp deleted successfully.
C:\WINDOWS\Temp\~DF38C6.tmp deleted successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service NAUpdate stopped successfully!
Service NAUpdate deleted successfully!
========== FILES ==========
File\Folder C:\Program Files\Ask.com not found.
C:\Documents and Settings\Jozef\Application Data\Babylon folder moved successfully.
C:\WINDOWS\tasks\expressburnShakeIcon.job moved successfully.
C:\WINDOWS\tasks\expressripDowngrade.job moved successfully.
C:\WINDOWS\tasks\expressripShakeIcon.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully.
C:\WINDOWS\tasks\prismDowngrade.job moved successfully.
C:\WINDOWS\tasks\prismShakeIcon.job moved successfully.
File\Folder C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.
C:\WINDOWS\tasks\switchDowngrade.job moved successfully.
C:\WINDOWS\tasks\switchShakeIcon.job moved successfully.
C:\WINDOWS\tasks\wavepadSevenDays.job moved successfully.
C:\WINDOWS\tasks\wavepadShakeIcon.job moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Jozef
->Temp folder emptied: 1254501898 bytes
->Temporary Internet Files folder emptied: 2752465649 bytes
->FireFox cache emptied: 42549301 bytes
->Google Chrome cache emptied: 6850727 bytes
->Flash cache emptied: 110244 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 2503490 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17797153 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 99389115 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 101763136 bytes
Total Files Cleaned = 4 080,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Jozef
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.31.0 log created on 11162011_170358
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: prosim o kontrolu logu PC tuhne
OK, OTL provedlo, co mělo, takže jen dočistíme a máme hotovo. 
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Pokud nemáš, stáhni CCleaner z tohoto odkazu.
CCleaner doporučuji používat cca jednou za týden.
... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stáhni a spusť.
- Klikni na CleanUp a potvrď YES.
- Program uklidí a může (nemusí) restartovat PC.
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stáhni a spusť.
- Klikni na Start a potvrď OK.
- Program uklidí a může (nemusí) restartovat PC.
- Po použití utilitu smaž.
Pokud nemáš, stáhni CCleaner z tohoto odkazu.
- Panel čistič
- Vše nech jak je, jen dej Analyzovat a poté Spustit CCleaner.
- Panel registry
- Klikni na Hledej problémy.
- Následně na Opravit problémy - zálohu registrů doporučuji udělat, oprav všechny problémy.
- Postup opakuj, dokud nebude bez problémů - většinou cca 3x.
- Panel nástroje
- Zde můžeš odinstalovat nepotřebné programy.
CCleaner doporučuji používat cca jednou za týden.... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: prosim o kontrolu logu PC tuhne
velmi pekne dakujem, celková odozva systému sa výrazne zlepšila
s pozdravom
s pozdravom
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: prosim o kontrolu logu PC tuhne
A proto tu jsme. 
Jinak není vůbec zač a rádo se stalo.
Přeji pěkný den. 
Jinak není vůbec zač a rádo se stalo.
Přeji pěkný den. --- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Přispějete na provoz fóra?