Dobrý den, chtěla jsem poprosit o kontrolu a pomoc. V počítači na mě vyskočilo okno falešného antiviru Windows 7 Antivir 2012. Nleze se připojit k internetu.
přikládám log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Acer2 at 2011-08-03 15:08:21
Microsoft Windows 7 Home Premium
System drive C: has 33 GB (33%) free of 100 GB
Total RAM: 3067 MB (70% free)
HijackThis download failed
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000570
\??\C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Activ Software\Activdriver\ActivControl2x64.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
C:\Users\Acer2\AppData\Local\tvg.exe -dtm -a
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
"C:\Users\Acer2\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
=========Mozilla firefox=========
ProfilePath - C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT17505 ... hSource=13"
prefs.js - "extensions.enabledItems" - "{3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1, engine@conduit.com:3.3.3.2, {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2, {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.3.3.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... 1750559&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeploytk.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\
engine@conduit.com
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
{3d7eb24f-2740-49df-8937-200b1cc08f8a}
{800b5000-a755-47e1-992b-48a1c1357f07}
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
winamp-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-05 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-28 16334880]
"ActivControl"=C:\Program Files\Activ Software\Activdriver\ActivControl2x64.exe [2007-11-09 1240576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-07-14 9728]
"3566268812"=C:\Users\Acer2\AppData\Local\tvg.exe [2011-08-03 380928]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2010-02-13 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2011-06-07 40376]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-09-22 640440]
"Adobe_ID0ENQBO"=C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2010-03-05 149280]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-03-28 281768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideSCAHealth"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Acer2\Downloads\n11975310_09.JPG-www.facebook.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.exe - open - "C:\Users\Acer2\AppData\Local\tvg.exe" -a "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-08-03 15:08:21 ----D---- C:\rsit
2011-08-03 15:08:21 ----D---- C:\Program Files\trend micro
2011-08-03 14:36:48 ----A---- C:\Windows\ntbtlog.txt
2011-08-01 00:13:39 ----RA---- C:\Windows\system32\AdobePDFUI.dll
======List of files/folders modified in the last 1 month======
2011-08-03 15:08:22 ----D---- C:\Windows\Prefetch
2011-08-03 15:08:21 ----RD---- C:\Program Files
2011-08-03 15:05:07 ----D---- C:\Windows\System32
2011-08-03 15:05:07 ----D---- C:\Windows\inf
2011-08-03 15:05:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-03 14:36:48 ----D---- C:\Windows
2011-08-03 14:28:59 ----HD---- C:\ProgramData
2011-08-03 13:39:02 ----D---- C:\Windows\Temp
2011-08-01 00:13:57 ----SHD---- C:\Windows\Installer
2011-08-01 00:10:53 ----D---- C:\Windows\SysWOW64
2011-07-31 21:27:25 ----D---- C:\Windows\system32\config
2011-07-31 21:16:38 ----SHD---- C:\System Volume Information
2011-07-28 07:56:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-07-25 19:08:29 ----AD---- C:\ProgramData\TEMP
2011-07-25 18:52:41 ----D---- C:\Users\Acer2\AppData\Roaming\Adobe
2011-07-14 22:11:29 ----D---- C:\Windows\system32\catroot2
2011-07-09 12:15:32 ----D---- C:\Windows\system32\catroot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-07-09 123784]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2010-02-13 86584]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-07-09 88288]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
S3 ActivHidSerMini;Promethean Serial Board Driver; C:\Windows\system32\DRIVERS\activhidsermini.sys [2007-11-09 62720]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-19 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-19 27136]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-19 33792]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-07-09 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-28 382496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-02-13 288112]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-13 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-13 655624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-29 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Windows 7 antivir 2012
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows 7 antivir 2012
Zdravím 
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.scr na plochu
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.scr na plochu
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 - Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: Windows 7 antivir 2012
první log
OTL logfile created on: 3.8.2011 15:47:52 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Acer2\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 69,83% Memory free
5,99 Gb Paging File | 4,95 Gb Available in Paging File | 82,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 31,82 Gb Free Space | 32,61% Space Free | Partition Type: NTFS
Drive D: | 150,32 Gb Total Space | 144,41 Gb Free Space | 96,06% Space Free | Partition Type: NTFS
Drive E: | 3,77 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1,83 Gb Total Space | 1,83 Gb Free Space | 99,88% Space Free | Partition Type: FAT
Drive Z: | 50,11 Gb Total Space | 50,00 Gb Free Space | 99,79% Space Free | Partition Type: NTFS
Computer Name: ACER2-PC | User Name: Acer2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.08.03 15:43:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer2\Desktop\OTL.scr
PRC - [2011.08.03 14:28:54 | 000,380,928 | ---- | M] () -- C:\Users\Acer2\AppData\Local\tvg.exe
PRC - [2011.07.09 12:15:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
========== Modules (SafeList) ==========
MOD - [2011.08.03 15:43:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer2\Desktop\OTL.scr
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.02.13 21:50:22 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.07.09 12:15:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.13 23:11:42 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010.02.13 21:48:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.07.09 12:15:11 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.09 12:15:11 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.12.15 14:05:42 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.15 14:05:42 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.12.15 14:05:42 | 000,029,696 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewdcsc.sys -- (Huawei)
DRV:64bit: - [2009.09.29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009.09.29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009.09.29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009.07.27 16:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.19 18:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.19 18:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.19 18:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007.11.09 11:29:56 | 000,062,720 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2010.02.13 23:06:45 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC E3 C1 B3 31 AB CA 01 [binary data]
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT17505 ... hSource=13"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... 1750559&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Acer2\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.28 07:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.01 00:12:11 | 000,000,000 | ---D | M]
[2010.02.11 21:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Extensions
[2011.07.28 12:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions
[2011.01.08 18:35:44 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.06.09 00:24:16 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011.06.09 00:24:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.09 00:24:13 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011.06.09 00:23:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.06.09 00:24:12 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2011.06.09 00:24:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\engine@conduit.com
[2010.12.15 16:48:16 | 000,000,921 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\conduit.xml
[2011.07.25 10:50:32 | 000,000,950 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin-1.xml
[2010.10.28 20:15:17 | 000,000,950 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin-2.xml
[2010.11.18 01:20:27 | 000,000,950 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin-3.xml
[2011.01.30 15:33:26 | 000,000,950 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin-4.xml
[2011.07.28 07:57:02 | 000,000,950 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin-5.xml
[2011.02.20 11:21:20 | 000,000,168 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin.gif
[2011.02.20 11:21:20 | 000,000,618 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin.src
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin.xml
[2011.01.08 18:42:36 | 000,001,246 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\winamp-search.xml
[2011.07.28 09:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.07.28 07:56:46 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.07.28 07:56:46 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2011.07.28 07:56:46 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2011.07.28 07:56:46 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.07.28 07:56:46 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2x64.exe (Promethean Technologies Group Ltd)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000..\Run: [3566268812] C:\Users\Acer2\AppData\Local\tvg.exe ()
O4 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06781259-e4d9-11df-9b90-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{06781259-e4d9-11df-9b90-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0678125c-e4d9-11df-9b90-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{0678125c-e4d9-11df-9b90-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5865029f-10f6-11e0-9d62-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{5865029f-10f6-11e0-9d62-00269e52e176}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe
O33 - MountPoints2\{ae698783-44ca-11e0-b4e9-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{ae698783-44ca-11e0-b4e9-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bcb7ff8c-e377-11df-bf0f-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{bcb7ff8c-e377-11df-bf0f-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bcb7ff8f-e377-11df-bf0f-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{bcb7ff8f-e377-11df-bf0f-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ed80bbd7-e29c-11df-b06a-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{ed80bbd7-e29c-11df-b06a-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ed80bbdc-e29c-11df-b06a-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{ed80bbdc-e29c-11df-b06a-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000..exefile [open] -- "C:\Users\Acer2\AppData\Local\tvg.exe" -a "%1" %* ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\...exe [@ = exefile] -- "C:\Users\Acer2\AppData\Local\tvg.exe" -a "%1" %* ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2011.08.03 15:46:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Acer2\Desktop\OTL.scr
[2011.08.03 15:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.03 15:08:21 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.01 13:46:03 | 000,000,000 | ---D | C] -- C:\Users\Acer2\Desktop\konečná sedmička
[2011.08.01 00:13:39 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2011.07.25 19:07:52 | 000,000,000 | ---D | C] -- C:\Users\Acer2\Desktop\images
[2011.07.25 18:52:43 | 000,000,000 | ---D | C] -- C:\Users\Acer2\Documents\Adobe Scripts
[2011.07.25 08:30:58 | 000,000,000 | ---D | C] -- C:\Users\Acer2\Library
========== Files - Modified Within 30 Days ==========
[2011.08.03 15:49:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.03 15:47:00 | 001,478,586 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.03 15:47:00 | 000,634,546 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.08.03 15:47:00 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.03 15:47:00 | 000,123,104 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.08.03 15:47:00 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.03 15:43:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer2\Desktop\OTL.scr
[2011.08.03 15:08:31 | 000,017,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.03 15:08:31 | 000,017,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.03 15:01:23 | 000,010,608 | -HS- | M] () -- C:\ProgramData\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp
[2011.08.03 15:01:22 | 000,010,608 | -HS- | M] () -- C:\Users\Acer2\AppData\Local\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp
[2011.08.03 15:00:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.03 15:00:41 | 2411,925,504 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.03 14:48:16 | 000,935,175 | ---- | M] () -- C:\Users\Acer2\Desktop\RSITx64.exe
[2011.08.03 14:28:54 | 000,380,928 | ---- | M] () -- C:\Users\Acer2\AppData\Local\tvg.exe
[2011.08.01 13:59:19 | 168,811,780 | ---- | M] () -- C:\Users\Acer2\Desktop\Konečná poslední verze 7.ročník.pdf
[2011.07.25 19:17:15 | 000,019,728 | ---- | M] () -- C:\Users\Acer2\Desktop\nnn.swf
[2011.07.25 19:17:15 | 000,010,058 | ---- | M] () -- C:\Users\Acer2\Desktop\nnn.html
[2011.07.25 08:40:52 | 001,036,277 | ---- | M] () -- C:\Users\Acer2\Documents\Desert.swf
[2011.07.12 00:24:01 | 001,185,969 | ---- | M] () -- C:\Users\Acer2\Documents\MOUCNIKY_Ali.pdf
[2011.07.11 16:29:36 | 000,009,109 | ---- | M] () -- C:\Users\Acer2\Documents\příjmy červenec.csv
[2011.07.09 12:15:11 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.09 12:15:11 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
========== Files Created - No Company Name ==========
[2011.08.03 15:49:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.03 15:07:48 | 000,935,175 | ---- | C] () -- C:\Users\Acer2\Desktop\RSITx64.exe
[2011.08.03 14:28:59 | 000,010,608 | -HS- | C] () -- C:\Users\Acer2\AppData\Local\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp
[2011.08.03 14:28:59 | 000,010,608 | -HS- | C] () -- C:\ProgramData\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp
[2011.08.03 14:28:54 | 000,380,928 | ---- | C] () -- C:\Users\Acer2\AppData\Local\tvg.exe
[2011.08.01 13:59:17 | 168,811,780 | ---- | C] () -- C:\Users\Acer2\Desktop\Konečná poslední verze 7.ročník.pdf
[2011.07.25 19:17:15 | 000,019,728 | ---- | C] () -- C:\Users\Acer2\Desktop\nnn.swf
[2011.07.25 19:17:15 | 000,010,058 | ---- | C] () -- C:\Users\Acer2\Desktop\nnn.html
[2011.07.25 08:40:51 | 001,036,277 | ---- | C] () -- C:\Users\Acer2\Documents\Desert.swf
[2011.07.12 00:23:58 | 001,185,969 | ---- | C] () -- C:\Users\Acer2\Documents\MOUCNIKY_Ali.pdf
[2011.07.11 16:29:35 | 000,009,109 | ---- | C] () -- C:\Users\Acer2\Documents\příjmy červenec.csv
[2010.12.29 13:06:07 | 000,000,155 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.10.29 09:13:04 | 001,471,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.02 23:16:43 | 000,103,624 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.02.25 18:53:13 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
[2010.02.25 18:53:13 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2010.02.11 21:35:00 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.02.11 21:35:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.02.11 21:34:58 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.02.11 21:34:58 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.02.11 21:34:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.11.09 11:27:58 | 000,167,936 | ---- | C] () -- C:\Windows\libactivboardex.dll
[2007.11.09 11:24:14 | 000,196,608 | ---- | C] () -- C:\Windows\ActivDRV.dll
[2006.09.12 11:08:38 | 006,172,672 | ---- | C] () -- C:\Windows\SysWow64\HwRecogK.dll
[2006.08.14 09:56:52 | 007,946,240 | ---- | C] () -- C:\Windows\SysWow64\HWRecogT.dll
[2006.08.13 17:48:58 | 015,147,008 | ---- | C] () -- C:\Windows\SysWow64\HWRecog.dll
[2006.03.29 09:43:38 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\ALZZip.BIN
[2006.03.29 09:43:36 | 000,062,464 | ---- | C] () -- C:\Windows\SysWow64\ALZALZ.BIN
[2003.08.07 16:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2003.03.24 06:03:00 | 000,279,552 | ---- | C] () -- C:\Windows\SysWow64\FGWVB32.DLL
[1998.03.26 01:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
========== LOP Check ==========
[2011.02.21 20:30:16 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\BSplayer
[2011.02.21 20:17:27 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\BSplayer Pro
[2010.02.25 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\GHISLER
[2010.12.26 20:32:42 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\LG Electronics
[2011.03.02 14:47:07 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Telefónica Móviles
[2010.12.26 20:32:42 | 000,000,000 | -H-D | M] -- C:\Users\Acer2\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2011.06.05 13:16:20 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AdobeBridge" =
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2009.07.14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation)
"3566268812" = C:\Users\Acer2\AppData\Local\tvg.exe -- [2011.08.03 14:28:54 | 000,380,928 | ---- | M] ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: CSRSS.EXE >
[2009.07.14 03:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009.07.14 03:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: FASTFAT.SYS >
[2009.07.14 01:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\SysNative\drivers\fastfat.sys
[2009.07.14 01:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NTFS.SYS >
[2009.07.14 03:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\SysNative\drivers\ntfs.sys
[2009.07.14 03:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys
< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\drivers\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010.08.20 07:38:12 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[2009.07.14 03:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[2010.08.21 08:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\SysNative\spoolsv.exe
[2010.08.21 08:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2009.07.14 03:41:12 | 000,027,648 | ---- | M] (Microsoft Corporation) --
[2009.07.14 03:41:56 | 000,039,424 | ---- | M] (Microsoft Corporation) --
[2009.07.14 17:17:26 | 000,003,584 | ---- | M] (Lexmark International Inc.) --
< %systemroot%\system32\drivers\*.sys /5 >
< %systemroot%\system32\drivers\*.sys /X >
[2009.06.10 23:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2009.06.10 23:14:29 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.* /5 >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\config\*.sav >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
< %systemroot%\*. /mp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >
< %APPDATA%\*. >
[2011.07.25 18:52:41 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Adobe
[2010.12.29 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Ahead
[2010.05.02 23:17:03 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Apple Computer
[2011.06.14 19:34:01 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Avira
[2011.02.21 20:30:16 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\BSplayer
[2011.02.21 20:17:27 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\BSplayer Pro
[2010.02.11 21:30:02 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\ESTsoft
[2010.02.25 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\GHISLER
[2010.11.16 09:44:59 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Google
[2010.02.11 17:35:24 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Identities
[2010.12.26 20:32:42 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\LG Electronics
[2010.02.28 21:49:09 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Macromedia
[2009.07.14 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Media Center Programs
[2011.06.14 19:10:01 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Media Player Classic
[2011.06.14 19:45:05 | 000,000,000 | --SD | M] -- C:\Users\Acer2\AppData\Roaming\Microsoft
[2010.02.11 21:32:25 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Mozilla
[2011.03.02 14:47:07 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Telefónica Móviles
[2010.12.26 20:32:42 | 000,000,000 | -H-D | M] -- C:\Users\Acer2\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
< %APPDATA%\*.* >
< %APPDATA%\*.exe /s >
[2010.04.01 15:51:28 | 000,032,768 | ---- | M] ((주)테크노니아) -- C:\Users\Acer2\AppData\Roaming\LG Electronics\LG PC Suite III\UpdateHelper.exe
[2009.06.18 08:21:32 | 001,413,256 | R--- | M] () -- C:\Users\Acer2\AppData\Roaming\Microsoft\Windows\Templates\H\USBAutoRun.exe
[2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\Acer2\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
[2009.06.18 08:21:32 | 001,413,256 | R--- | M] () -- C:\Users\Acer2\AppData\Roaming\Microsoft\Windows\Templates\I\USBAutoRun.exe
[2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\Acer2\AppData\Roaming\Microsoft\Windows\Templates\I\tools\LGSetCDROMAutoRun.exe
< %SYSTEMDRIVE%\*.exe >
< >
< >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
< >
< type c:\boot.ini >> test.txt /c >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.03 15:49:15 | 000,000,512 | ---- | M] () MD5=F333060A93FE0D380469551C9F0F4907 -- C:\PhysicalMBR.bin
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60466E88
< End of report >
OTL logfile created on: 3.8.2011 15:47:52 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Acer2\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 69,83% Memory free
5,99 Gb Paging File | 4,95 Gb Available in Paging File | 82,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 31,82 Gb Free Space | 32,61% Space Free | Partition Type: NTFS
Drive D: | 150,32 Gb Total Space | 144,41 Gb Free Space | 96,06% Space Free | Partition Type: NTFS
Drive E: | 3,77 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1,83 Gb Total Space | 1,83 Gb Free Space | 99,88% Space Free | Partition Type: FAT
Drive Z: | 50,11 Gb Total Space | 50,00 Gb Free Space | 99,79% Space Free | Partition Type: NTFS
Computer Name: ACER2-PC | User Name: Acer2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.08.03 15:43:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer2\Desktop\OTL.scr
PRC - [2011.08.03 14:28:54 | 000,380,928 | ---- | M] () -- C:\Users\Acer2\AppData\Local\tvg.exe
PRC - [2011.07.09 12:15:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
========== Modules (SafeList) ==========
MOD - [2011.08.03 15:43:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer2\Desktop\OTL.scr
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.02.13 21:50:22 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.07.09 12:15:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.13 23:11:42 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010.02.13 21:48:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.07.09 12:15:11 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.09 12:15:11 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.12.15 14:05:42 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.15 14:05:42 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.12.15 14:05:42 | 000,029,696 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewdcsc.sys -- (Huawei)
DRV:64bit: - [2009.09.29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009.09.29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009.09.29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009.07.27 16:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.19 18:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.19 18:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.19 18:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007.11.09 11:29:56 | 000,062,720 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2010.02.13 23:06:45 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC E3 C1 B3 31 AB CA 01 [binary data]
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT17505 ... hSource=13"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... 1750559&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Acer2\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.28 07:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.01 00:12:11 | 000,000,000 | ---D | M]
[2010.02.11 21:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Extensions
[2011.07.28 12:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions
[2011.01.08 18:35:44 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.06.09 00:24:16 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011.06.09 00:24:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.09 00:24:13 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011.06.09 00:23:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.06.09 00:24:12 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2011.06.09 00:24:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\engine@conduit.com
[2010.12.15 16:48:16 | 000,000,921 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\conduit.xml
[2011.07.25 10:50:32 | 000,000,950 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin-1.xml
[2010.10.28 20:15:17 | 000,000,950 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin-2.xml
[2010.11.18 01:20:27 | 000,000,950 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin-3.xml
[2011.01.30 15:33:26 | 000,000,950 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin-4.xml
[2011.07.28 07:57:02 | 000,000,950 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin-5.xml
[2011.02.20 11:21:20 | 000,000,168 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin.gif
[2011.02.20 11:21:20 | 000,000,618 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin.src
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\icqplugin.xml
[2011.01.08 18:42:36 | 000,001,246 | ---- | M] () -- C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\winamp-search.xml
[2011.07.28 09:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.07.28 07:56:46 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.07.28 07:56:46 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2011.07.28 07:56:46 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2011.07.28 07:56:46 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.07.28 07:56:46 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2x64.exe (Promethean Technologies Group Ltd)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000..\Run: [3566268812] C:\Users\Acer2\AppData\Local\tvg.exe ()
O4 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06781259-e4d9-11df-9b90-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{06781259-e4d9-11df-9b90-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0678125c-e4d9-11df-9b90-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{0678125c-e4d9-11df-9b90-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5865029f-10f6-11e0-9d62-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{5865029f-10f6-11e0-9d62-00269e52e176}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe
O33 - MountPoints2\{ae698783-44ca-11e0-b4e9-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{ae698783-44ca-11e0-b4e9-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bcb7ff8c-e377-11df-bf0f-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{bcb7ff8c-e377-11df-bf0f-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bcb7ff8f-e377-11df-bf0f-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{bcb7ff8f-e377-11df-bf0f-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ed80bbd7-e29c-11df-b06a-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{ed80bbd7-e29c-11df-b06a-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ed80bbdc-e29c-11df-b06a-00269e52e176}\Shell - "" = AutoRun
O33 - MountPoints2\{ed80bbdc-e29c-11df-b06a-00269e52e176}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000..exefile [open] -- "C:\Users\Acer2\AppData\Local\tvg.exe" -a "%1" %* ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\...exe [@ = exefile] -- "C:\Users\Acer2\AppData\Local\tvg.exe" -a "%1" %* ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2011.08.03 15:46:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Acer2\Desktop\OTL.scr
[2011.08.03 15:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.03 15:08:21 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.01 13:46:03 | 000,000,000 | ---D | C] -- C:\Users\Acer2\Desktop\konečná sedmička
[2011.08.01 00:13:39 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2011.07.25 19:07:52 | 000,000,000 | ---D | C] -- C:\Users\Acer2\Desktop\images
[2011.07.25 18:52:43 | 000,000,000 | ---D | C] -- C:\Users\Acer2\Documents\Adobe Scripts
[2011.07.25 08:30:58 | 000,000,000 | ---D | C] -- C:\Users\Acer2\Library
========== Files - Modified Within 30 Days ==========
[2011.08.03 15:49:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.03 15:47:00 | 001,478,586 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.03 15:47:00 | 000,634,546 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.08.03 15:47:00 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.03 15:47:00 | 000,123,104 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.08.03 15:47:00 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.03 15:43:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer2\Desktop\OTL.scr
[2011.08.03 15:08:31 | 000,017,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.03 15:08:31 | 000,017,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.03 15:01:23 | 000,010,608 | -HS- | M] () -- C:\ProgramData\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp
[2011.08.03 15:01:22 | 000,010,608 | -HS- | M] () -- C:\Users\Acer2\AppData\Local\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp
[2011.08.03 15:00:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.03 15:00:41 | 2411,925,504 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.03 14:48:16 | 000,935,175 | ---- | M] () -- C:\Users\Acer2\Desktop\RSITx64.exe
[2011.08.03 14:28:54 | 000,380,928 | ---- | M] () -- C:\Users\Acer2\AppData\Local\tvg.exe
[2011.08.01 13:59:19 | 168,811,780 | ---- | M] () -- C:\Users\Acer2\Desktop\Konečná poslední verze 7.ročník.pdf
[2011.07.25 19:17:15 | 000,019,728 | ---- | M] () -- C:\Users\Acer2\Desktop\nnn.swf
[2011.07.25 19:17:15 | 000,010,058 | ---- | M] () -- C:\Users\Acer2\Desktop\nnn.html
[2011.07.25 08:40:52 | 001,036,277 | ---- | M] () -- C:\Users\Acer2\Documents\Desert.swf
[2011.07.12 00:24:01 | 001,185,969 | ---- | M] () -- C:\Users\Acer2\Documents\MOUCNIKY_Ali.pdf
[2011.07.11 16:29:36 | 000,009,109 | ---- | M] () -- C:\Users\Acer2\Documents\příjmy červenec.csv
[2011.07.09 12:15:11 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.09 12:15:11 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
========== Files Created - No Company Name ==========
[2011.08.03 15:49:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.03 15:07:48 | 000,935,175 | ---- | C] () -- C:\Users\Acer2\Desktop\RSITx64.exe
[2011.08.03 14:28:59 | 000,010,608 | -HS- | C] () -- C:\Users\Acer2\AppData\Local\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp
[2011.08.03 14:28:59 | 000,010,608 | -HS- | C] () -- C:\ProgramData\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp
[2011.08.03 14:28:54 | 000,380,928 | ---- | C] () -- C:\Users\Acer2\AppData\Local\tvg.exe
[2011.08.01 13:59:17 | 168,811,780 | ---- | C] () -- C:\Users\Acer2\Desktop\Konečná poslední verze 7.ročník.pdf
[2011.07.25 19:17:15 | 000,019,728 | ---- | C] () -- C:\Users\Acer2\Desktop\nnn.swf
[2011.07.25 19:17:15 | 000,010,058 | ---- | C] () -- C:\Users\Acer2\Desktop\nnn.html
[2011.07.25 08:40:51 | 001,036,277 | ---- | C] () -- C:\Users\Acer2\Documents\Desert.swf
[2011.07.12 00:23:58 | 001,185,969 | ---- | C] () -- C:\Users\Acer2\Documents\MOUCNIKY_Ali.pdf
[2011.07.11 16:29:35 | 000,009,109 | ---- | C] () -- C:\Users\Acer2\Documents\příjmy červenec.csv
[2010.12.29 13:06:07 | 000,000,155 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.10.29 09:13:04 | 001,471,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.02 23:16:43 | 000,103,624 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.02.25 18:53:13 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
[2010.02.25 18:53:13 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2010.02.11 21:35:00 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.02.11 21:35:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.02.11 21:34:58 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.02.11 21:34:58 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.02.11 21:34:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.11.09 11:27:58 | 000,167,936 | ---- | C] () -- C:\Windows\libactivboardex.dll
[2007.11.09 11:24:14 | 000,196,608 | ---- | C] () -- C:\Windows\ActivDRV.dll
[2006.09.12 11:08:38 | 006,172,672 | ---- | C] () -- C:\Windows\SysWow64\HwRecogK.dll
[2006.08.14 09:56:52 | 007,946,240 | ---- | C] () -- C:\Windows\SysWow64\HWRecogT.dll
[2006.08.13 17:48:58 | 015,147,008 | ---- | C] () -- C:\Windows\SysWow64\HWRecog.dll
[2006.03.29 09:43:38 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\ALZZip.BIN
[2006.03.29 09:43:36 | 000,062,464 | ---- | C] () -- C:\Windows\SysWow64\ALZALZ.BIN
[2003.08.07 16:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2003.03.24 06:03:00 | 000,279,552 | ---- | C] () -- C:\Windows\SysWow64\FGWVB32.DLL
[1998.03.26 01:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
========== LOP Check ==========
[2011.02.21 20:30:16 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\BSplayer
[2011.02.21 20:17:27 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\BSplayer Pro
[2010.02.25 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\GHISLER
[2010.12.26 20:32:42 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\LG Electronics
[2011.03.02 14:47:07 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Telefónica Móviles
[2010.12.26 20:32:42 | 000,000,000 | -H-D | M] -- C:\Users\Acer2\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2011.06.05 13:16:20 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AdobeBridge" =
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2009.07.14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation)
"3566268812" = C:\Users\Acer2\AppData\Local\tvg.exe -- [2011.08.03 14:28:54 | 000,380,928 | ---- | M] ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: CSRSS.EXE >
[2009.07.14 03:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009.07.14 03:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: FASTFAT.SYS >
[2009.07.14 01:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\SysNative\drivers\fastfat.sys
[2009.07.14 01:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NTFS.SYS >
[2009.07.14 03:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\SysNative\drivers\ntfs.sys
[2009.07.14 03:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys
< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\drivers\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010.08.20 07:38:12 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[2009.07.14 03:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[2010.08.21 08:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\SysNative\spoolsv.exe
[2010.08.21 08:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2009.07.14 03:41:12 | 000,027,648 | ---- | M] (Microsoft Corporation) --
[2009.07.14 03:41:56 | 000,039,424 | ---- | M] (Microsoft Corporation) --
[2009.07.14 17:17:26 | 000,003,584 | ---- | M] (Lexmark International Inc.) --
< %systemroot%\system32\drivers\*.sys /5 >
< %systemroot%\system32\drivers\*.sys /X >
[2009.06.10 23:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2009.06.10 23:14:29 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.* /5 >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\config\*.sav >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
< %systemroot%\*. /mp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >
< %APPDATA%\*. >
[2011.07.25 18:52:41 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Adobe
[2010.12.29 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Ahead
[2010.05.02 23:17:03 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Apple Computer
[2011.06.14 19:34:01 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Avira
[2011.02.21 20:30:16 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\BSplayer
[2011.02.21 20:17:27 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\BSplayer Pro
[2010.02.11 21:30:02 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\ESTsoft
[2010.02.25 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\GHISLER
[2010.11.16 09:44:59 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Google
[2010.02.11 17:35:24 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Identities
[2010.12.26 20:32:42 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\LG Electronics
[2010.02.28 21:49:09 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Macromedia
[2009.07.14 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Media Center Programs
[2011.06.14 19:10:01 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Media Player Classic
[2011.06.14 19:45:05 | 000,000,000 | --SD | M] -- C:\Users\Acer2\AppData\Roaming\Microsoft
[2010.02.11 21:32:25 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Mozilla
[2011.03.02 14:47:07 | 000,000,000 | ---D | M] -- C:\Users\Acer2\AppData\Roaming\Telefónica Móviles
[2010.12.26 20:32:42 | 000,000,000 | -H-D | M] -- C:\Users\Acer2\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
< %APPDATA%\*.* >
< %APPDATA%\*.exe /s >
[2010.04.01 15:51:28 | 000,032,768 | ---- | M] ((주)테크노니아) -- C:\Users\Acer2\AppData\Roaming\LG Electronics\LG PC Suite III\UpdateHelper.exe
[2009.06.18 08:21:32 | 001,413,256 | R--- | M] () -- C:\Users\Acer2\AppData\Roaming\Microsoft\Windows\Templates\H\USBAutoRun.exe
[2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\Acer2\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
[2009.06.18 08:21:32 | 001,413,256 | R--- | M] () -- C:\Users\Acer2\AppData\Roaming\Microsoft\Windows\Templates\I\USBAutoRun.exe
[2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\Acer2\AppData\Roaming\Microsoft\Windows\Templates\I\tools\LGSetCDROMAutoRun.exe
< %SYSTEMDRIVE%\*.exe >
< >
< >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
< >
< type c:\boot.ini >> test.txt /c >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.03 15:49:15 | 000,000,512 | ---- | M] () MD5=F333060A93FE0D380469551C9F0F4907 -- C:\PhysicalMBR.bin
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60466E88
< End of report >
Re: Windows 7 antivir 2012
a extras
OTL Extras logfile created on: 3.8.2011 15:47:52 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Acer2\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 69,83% Memory free
5,99 Gb Paging File | 4,95 Gb Available in Paging File | 82,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 31,82 Gb Free Space | 32,61% Space Free | Partition Type: NTFS
Drive D: | 150,32 Gb Total Space | 144,41 Gb Free Space | 96,06% Space Free | Partition Type: NTFS
Drive E: | 3,77 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1,83 Gb Total Space | 1,83 Gb Free Space | 99,88% Space Free | Partition Type: FAT
Drive Z: | 50,11 Gb Total Space | 50,00 Gb Free Space | 99,79% Space Free | Partition Type: NTFS
Computer Name: ACER2-PC | User Name: Acer2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Users\Acer2\AppData\Local\tvg.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Acer2\Downloads\n11975310_09.JPG-www.facebook.exe" = c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor
"C:\Users\Acer2\Downloads\n11975310_09.JPG-www.facebook.exe" = c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{77988B10-3865-4A77-BE68-9D769C2D9946}" = Activdriver x64 v4.1.13
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F63356-1672-47FC-AFA0-78E78B933966}" = Adobe Setup
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_STANDARD_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_STANDARD_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_STANDARD_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_STANDARD_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_STANDARD_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_STANDARD_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_STANDARD_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_STANDARD_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{929B1254-D7F9-403A-8234-EE348E448820}" = Activstudio Professional Edition v3.6
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{A2A7AF1E-C152-47F1-9884-F7DF9BE4295A}" = Activstudio Docs (CZE) v3.6.1
"{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AC76BA86-1029-4770-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1029-4770-7760-000000000004}{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CA7DB8C0-9F34-412F-9030-ED37F04E39C4}" = Adobe Creative Suite 4 Design Standard
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2376B44-8C25-43B8-B842-82548D95A64D}" = Nápověda pro aplikaci Activstudio (CZE) v3.6.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_42380bb3dbe2c878a54fd6d9a982fdb" = Adobe Creative Suite 4 Design Standard
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"greenstreet Picture Browser" = greenstreet Picture Browser
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.8 (Full) BETA
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"O2CZ" = O2
"STANDARD" = Microsoft Office Standard 2007
"SWF & FLV Toolbox 4_is1" = SWF & FLV Toolbox 4.0 (build 4.0.479)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.7.2011 2:39:58 | Computer Name = Acer2-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: DeviceCentral.exe, verze: 2.1.0.0, časové
razítko: 0x490af0d4 Název chybujícího modulu: QuickTime.qts_unloaded, verze: 0.0.0.0,
časové razítko: 0x4ba1b0eb Kód výjimky: 0xc0000005 Posun chyby: 0x6d6ebb69 ID chybujícího
procesu: 0xb8c Čas spuštění chybující aplikace: 0x01cc4a959732b497 Cesta k chybující
aplikaci: C:\Program Files (x86)\Adobe\Adobe Device Central CS4\DeviceCentral.exe
Cesta
k chybujícímu modulu: QuickTime.qts ID zprávy: e97da252-b688-11e0-aecf-00269e52e176
Error - 25.7.2011 12:51:55 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 25.7.2011 12:51:55 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 28.7.2011 2:13:02 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 28.7.2011 6:37:11 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku
3. Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu
version v prvku assemblyIdentity je neplatná.
Error - 28.7.2011 6:37:44 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 30.7.2011 3:11:09 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 31.7.2011 19:18:49 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 2.8.2011 1:45:26 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 3.8.2011 8:51:24 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
[ Media Center Events ]
Error - 14.3.2011 10:43:58 | Computer Name = Acer2-PC | Source = MCUpdate | ID = 0
Description = 15:43:58 - Chyba při připojování k Internetu 15:43:58 - Nelze kontaktovat
server..
Error - 14.3.2011 11:44:07 | Computer Name = Acer2-PC | Source = MCUpdate | ID = 0
Description = 16:44:07 - Chyba při připojování k Internetu 16:44:07 - Nelze kontaktovat
server..
Error - 15.3.2011 10:48:30 | Computer Name = Acer2-PC | Source = MCUpdate | ID = 0
Description = 15:48:30 - Chyba při připojování k Internetu 15:48:30 - Nelze kontaktovat
server..
Error - 15.3.2011 11:48:36 | Computer Name = Acer2-PC | Source = MCUpdate | ID = 0
Description = 16:48:36 - Chyba při připojování k Internetu 16:48:36 - Nelze kontaktovat
server..
Error - 17.3.2011 5:41:40 | Computer Name = Acer2-PC | Source = MCUpdate | ID = 0
Description = 10:41:40 - Chyba při připojování k Internetu 10:41:40 - Nelze kontaktovat
server..
[ System Events ]
Error - 3.8.2011 8:46:31 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:51:31 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:51:31 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:51:31 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:53:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:53:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:53:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:54:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:54:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:54:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
< End of report >
OTL Extras logfile created on: 3.8.2011 15:47:52 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Acer2\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 69,83% Memory free
5,99 Gb Paging File | 4,95 Gb Available in Paging File | 82,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 31,82 Gb Free Space | 32,61% Space Free | Partition Type: NTFS
Drive D: | 150,32 Gb Total Space | 144,41 Gb Free Space | 96,06% Space Free | Partition Type: NTFS
Drive E: | 3,77 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1,83 Gb Total Space | 1,83 Gb Free Space | 99,88% Space Free | Partition Type: FAT
Drive Z: | 50,11 Gb Total Space | 50,00 Gb Free Space | 99,79% Space Free | Partition Type: NTFS
Computer Name: ACER2-PC | User Name: Acer2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Users\Acer2\AppData\Local\tvg.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Acer2\Downloads\n11975310_09.JPG-www.facebook.exe" = c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor
"C:\Users\Acer2\Downloads\n11975310_09.JPG-www.facebook.exe" = c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{77988B10-3865-4A77-BE68-9D769C2D9946}" = Activdriver x64 v4.1.13
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F63356-1672-47FC-AFA0-78E78B933966}" = Adobe Setup
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_STANDARD_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_STANDARD_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_STANDARD_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_STANDARD_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_STANDARD_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_STANDARD_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_STANDARD_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_STANDARD_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{929B1254-D7F9-403A-8234-EE348E448820}" = Activstudio Professional Edition v3.6
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{A2A7AF1E-C152-47F1-9884-F7DF9BE4295A}" = Activstudio Docs (CZE) v3.6.1
"{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AC76BA86-1029-4770-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1029-4770-7760-000000000004}{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CA7DB8C0-9F34-412F-9030-ED37F04E39C4}" = Adobe Creative Suite 4 Design Standard
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2376B44-8C25-43B8-B842-82548D95A64D}" = Nápověda pro aplikaci Activstudio (CZE) v3.6.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_42380bb3dbe2c878a54fd6d9a982fdb" = Adobe Creative Suite 4 Design Standard
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"greenstreet Picture Browser" = greenstreet Picture Browser
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.8 (Full) BETA
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"O2CZ" = O2
"STANDARD" = Microsoft Office Standard 2007
"SWF & FLV Toolbox 4_is1" = SWF & FLV Toolbox 4.0 (build 4.0.479)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.7.2011 2:39:58 | Computer Name = Acer2-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: DeviceCentral.exe, verze: 2.1.0.0, časové
razítko: 0x490af0d4 Název chybujícího modulu: QuickTime.qts_unloaded, verze: 0.0.0.0,
časové razítko: 0x4ba1b0eb Kód výjimky: 0xc0000005 Posun chyby: 0x6d6ebb69 ID chybujícího
procesu: 0xb8c Čas spuštění chybující aplikace: 0x01cc4a959732b497 Cesta k chybující
aplikaci: C:\Program Files (x86)\Adobe\Adobe Device Central CS4\DeviceCentral.exe
Cesta
k chybujícímu modulu: QuickTime.qts ID zprávy: e97da252-b688-11e0-aecf-00269e52e176
Error - 25.7.2011 12:51:55 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 25.7.2011 12:51:55 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 28.7.2011 2:13:02 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 28.7.2011 6:37:11 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku
3. Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu
version v prvku assemblyIdentity je neplatná.
Error - 28.7.2011 6:37:44 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 30.7.2011 3:11:09 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 31.7.2011 19:18:49 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 2.8.2011 1:45:26 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 3.8.2011 8:51:24 | Computer Name = Acer2-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
[ Media Center Events ]
Error - 14.3.2011 10:43:58 | Computer Name = Acer2-PC | Source = MCUpdate | ID = 0
Description = 15:43:58 - Chyba při připojování k Internetu 15:43:58 - Nelze kontaktovat
server..
Error - 14.3.2011 11:44:07 | Computer Name = Acer2-PC | Source = MCUpdate | ID = 0
Description = 16:44:07 - Chyba při připojování k Internetu 16:44:07 - Nelze kontaktovat
server..
Error - 15.3.2011 10:48:30 | Computer Name = Acer2-PC | Source = MCUpdate | ID = 0
Description = 15:48:30 - Chyba při připojování k Internetu 15:48:30 - Nelze kontaktovat
server..
Error - 15.3.2011 11:48:36 | Computer Name = Acer2-PC | Source = MCUpdate | ID = 0
Description = 16:48:36 - Chyba při připojování k Internetu 16:48:36 - Nelze kontaktovat
server..
Error - 17.3.2011 5:41:40 | Computer Name = Acer2-PC | Source = MCUpdate | ID = 0
Description = 10:41:40 - Chyba při připojování k Internetu 10:41:40 - Nelze kontaktovat
server..
[ System Events ]
Error - 3.8.2011 8:46:31 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:51:31 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:51:31 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:51:31 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:53:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:53:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:53:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:54:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:54:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
Error - 3.8.2011 8:54:37 | Computer Name = Acer2-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1068
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows 7 antivir 2012
Znovu spusťte OTL a do spodního bílého okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, výsledný log vložte sem.
Kód: Vybrat vše
:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
:OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1750559&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000..\Run: [3566268812] C:\Users\Acer2\AppData\Local\tvg.exe ()
O4 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O35 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000..exefile [open] -- "C:\Users\Acer2\AppData\Local\tvg.exe" -a "%1" %* ()
O37 - HKU\S-1-5-21-629824649-1934887176-4263982418-1000\...exe [@ = exefile] -- "C:\Users\Acer2\AppData\Local\tvg.exe" -a "%1" %* ()
2011.08.03 14:28:54 | 000,380,928 | ---- | M] () -- C:\Users\Acer2\AppData\Local\tvg.exe
[2011.08.03 14:28:59 | 000,010,608 | -HS- | C] () -- C:\Users\Acer2\AppData\Local\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp
[2011.08.03 14:28:59 | 000,010,608 | -HS- | C] () -- C:\ProgramData\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp
[2011.08.03 14:28:54 | 000,380,928 | ---- | C] () -- C:\Users\Acer2\AppData\Local\tvg.exe
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60466E88
:files
c:\windows\nvsvc32.exe
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"3566268812"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Acer2\Downloads\n11975310_09.JPG-www.facebook.exe"=-
"C:\Users\Acer2\Downloads\n11975310_09.JPG-www.facebook.exe"=-
Re: Windows 7 antivir 2012
tady je nový log
All processes killed
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Acer2
->Temp folder emptied: 20085030 bytes
->Temporary Internet Files folder emptied: 65974009 bytes
->Java cache emptied: 36089985 bytes
->FireFox cache emptied: 92680106 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 11306 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 185256 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85315 bytes
RecycleBin emptied: 7246603155 bytes
Total Files Cleaned = 7 116,00 mb
[EMPTYFLASH]
User: Acer2
->Flash cache emptied: 0 bytes
User: All Users
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "BS Player Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.as ... earchTerms}" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://search.conduit.com/?ctid=CT17505 ... hSource=13" removed from browser.startup.homepage
Prefs.js: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 removed from extensions.enabledItems
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 removed from extensions.enabledItems
Prefs.js: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "http://search.conduit.com/ResultsExt.as ... 1750559&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Windows\CurrentVersion\Run\\3566268812 deleted successfully.
C:\Users\Acer2\AppData\Local\tvg.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000_Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Users\Acer2\AppData\Local\tvg.exe" -a "%1" %* not found.
Registry key HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\Acer2\AppData\Local\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp moved successfully.
C:\ProgramData\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp moved successfully.
File C:\Users\Acer2\AppData\Local\tvg.exe not found.
ADS C:\ProgramData\TEMP:60466E88 deleted successfully.
========== FILES ==========
File\Folder c:\windows\nvsvc32.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\3566268812 not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Acer2\Downloads\n11975310_09.JPG-www.facebook.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Acer2\Downloads\n11975310_09.JPG-www.facebook.exe not found.
OTL by OldTimer - Version 3.2.26.1 log created on 08032011_184159
Files\Folders moved on Reboot...
C:\Users\Acer2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Acer2\AppData\Local\Temp\~DF61AC60DB826DCE2D.TMP not found!
File\Folder C:\Users\Acer2\AppData\Local\Temp\~DF65915C21B6FA5A58.TMP not found!
File\Folder C:\Users\Acer2\AppData\Local\Temp\~DF9603D615728C4D0B.TMP not found!
File\Folder C:\Users\Acer2\AppData\Local\Temp\~DFF2704398FCA9C856.TMP not found!
C:\Users\Acer2\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Acer2
->Temp folder emptied: 20085030 bytes
->Temporary Internet Files folder emptied: 65974009 bytes
->Java cache emptied: 36089985 bytes
->FireFox cache emptied: 92680106 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 11306 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 185256 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85315 bytes
RecycleBin emptied: 7246603155 bytes
Total Files Cleaned = 7 116,00 mb
[EMPTYFLASH]
User: Acer2
->Flash cache emptied: 0 bytes
User: All Users
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "BS Player Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.as ... earchTerms}" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://search.conduit.com/?ctid=CT17505 ... hSource=13" removed from browser.startup.homepage
Prefs.js: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 removed from extensions.enabledItems
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 removed from extensions.enabledItems
Prefs.js: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "http://search.conduit.com/ResultsExt.as ... 1750559&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Windows\CurrentVersion\Run\\3566268812 deleted successfully.
C:\Users\Acer2\AppData\Local\tvg.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000_Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Users\Acer2\AppData\Local\tvg.exe" -a "%1" %* not found.
Registry key HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-629824649-1934887176-4263982418-1000_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\Acer2\AppData\Local\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp moved successfully.
C:\ProgramData\hq01g0s5w55i87u83h06t5wlbps4s5g57jixp moved successfully.
File C:\Users\Acer2\AppData\Local\tvg.exe not found.
ADS C:\ProgramData\TEMP:60466E88 deleted successfully.
========== FILES ==========
File\Folder c:\windows\nvsvc32.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\3566268812 not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Acer2\Downloads\n11975310_09.JPG-www.facebook.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Acer2\Downloads\n11975310_09.JPG-www.facebook.exe not found.
OTL by OldTimer - Version 3.2.26.1 log created on 08032011_184159
Files\Folders moved on Reboot...
C:\Users\Acer2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Acer2\AppData\Local\Temp\~DF61AC60DB826DCE2D.TMP not found!
File\Folder C:\Users\Acer2\AppData\Local\Temp\~DF65915C21B6FA5A58.TMP not found!
File\Folder C:\Users\Acer2\AppData\Local\Temp\~DF9603D615728C4D0B.TMP not found!
File\Folder C:\Users\Acer2\AppData\Local\Temp\~DFF2704398FCA9C856.TMP not found!
C:\Users\Acer2\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows 7 antivir 2012
super, už nic nevyskakuje, dá se připojit na net, všechno vypadá OK
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows 7 antivir 2012
Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe
- Spusťte.
- Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)
Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
- Spusťte.
- Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)
Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478 Záložka Čistič
- Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
Záložka Registry - Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít Dejte nový log z RSIT.Re: Windows 7 antivir 2012
tak, hotovo
Logfile of random's system information tool 1.09 (written by random/random)
Run by Acer2 at 2011-08-03 21:08:48
Microsoft Windows 7 Home Premium
System drive C: has 40 GB (40%) free of 100 GB
Total RAM: 3067 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:58, on 3.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\trend micro\Acer2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8222 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000564
\??\C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Activ Software\Activdriver\ActivControl2x64.exe"
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Acer2\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default
prefs.js - "browser.search.useDBForOrder" - ""
prefs.js - "browser.startup.homepage" - ""
prefs.js - "extensions.enabledItems" - """, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, "", "", "", "", "", {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeploytk.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\
engine@conduit.com
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
{3d7eb24f-2740-49df-8937-200b1cc08f8a}
{800b5000-a755-47e1-992b-48a1c1357f07}
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
winamp-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-05 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-28 16334880]
"ActivControl"=C:\Program Files\Activ Software\Activdriver\ActivControl2x64.exe [2007-11-09 1240576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-07-14 9728]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2010-02-13 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2011-06-07 40376]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-09-22 640440]
"Adobe_ID0ENQBO"=C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2010-03-05 149280]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-03-28 281768]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideSCAHealth"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-08-03 21:08:48 ----D---- C:\rsit
2011-08-03 15:08:21 ----D---- C:\Program Files\trend micro
2011-08-01 00:13:39 ----RA---- C:\Windows\system32\AdobePDFUI.dll
======List of files/folders modified in the last 1 month======
2011-08-03 21:08:58 ----D---- C:\Windows\Prefetch
2011-08-03 21:05:17 ----D---- C:\Windows
2011-08-03 20:46:40 ----D---- C:\Windows\System32
2011-08-03 20:46:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-03 20:46:39 ----D---- C:\Windows\inf
2011-08-03 19:07:33 ----D---- C:\Windows\system32\config
2011-08-03 19:01:58 ----D---- C:\Windows\Temp
2011-08-03 18:43:49 ----HD---- C:\ProgramData
2011-08-03 18:43:40 ----SHD---- C:\System Volume Information
2011-08-03 18:42:00 ----D---- C:\Windows\system32\drivers\etc
2011-08-03 15:08:21 ----RD---- C:\Program Files
2011-08-01 00:13:57 ----SHD---- C:\Windows\Installer
2011-08-01 00:10:53 ----D---- C:\Windows\SysWOW64
2011-07-28 07:56:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-07-25 19:08:29 ----AD---- C:\ProgramData\TEMP
2011-07-25 18:52:41 ----D---- C:\Users\Acer2\AppData\Roaming\Adobe
2011-07-14 22:11:29 ----D---- C:\Windows\system32\catroot2
2011-07-09 12:15:32 ----D---- C:\Windows\system32\catroot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-07-09 123784]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2010-02-13 86584]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-07-09 88288]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
S3 ActivHidSerMini;Promethean Serial Board Driver; C:\Windows\system32\DRIVERS\activhidsermini.sys [2007-11-09 62720]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-19 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-19 27136]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-19 33792]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-07-09 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-28 382496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-02-13 288112]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-13 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-13 655624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-29 1255736]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Acer2 at 2011-08-03 21:08:48
Microsoft Windows 7 Home Premium
System drive C: has 40 GB (40%) free of 100 GB
Total RAM: 3067 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:58, on 3.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\trend micro\Acer2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8222 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000564
\??\C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Activ Software\Activdriver\ActivControl2x64.exe"
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Acer2\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default
prefs.js - "browser.search.useDBForOrder" - ""
prefs.js - "browser.startup.homepage" - ""
prefs.js - "extensions.enabledItems" - """, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, "", "", "", "", "", {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeploytk.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\extensions\
engine@conduit.com
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
{3d7eb24f-2740-49df-8937-200b1cc08f8a}
{800b5000-a755-47e1-992b-48a1c1357f07}
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
C:\Users\Acer2\AppData\Roaming\Mozilla\Firefox\Profiles\ssoow1ou.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
winamp-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-05 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-28 16334880]
"ActivControl"=C:\Program Files\Activ Software\Activdriver\ActivControl2x64.exe [2007-11-09 1240576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-07-14 9728]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2010-02-13 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2011-06-07 40376]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-09-22 640440]
"Adobe_ID0ENQBO"=C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2010-03-05 149280]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-03-28 281768]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideSCAHealth"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-08-03 21:08:48 ----D---- C:\rsit
2011-08-03 15:08:21 ----D---- C:\Program Files\trend micro
2011-08-01 00:13:39 ----RA---- C:\Windows\system32\AdobePDFUI.dll
======List of files/folders modified in the last 1 month======
2011-08-03 21:08:58 ----D---- C:\Windows\Prefetch
2011-08-03 21:05:17 ----D---- C:\Windows
2011-08-03 20:46:40 ----D---- C:\Windows\System32
2011-08-03 20:46:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-03 20:46:39 ----D---- C:\Windows\inf
2011-08-03 19:07:33 ----D---- C:\Windows\system32\config
2011-08-03 19:01:58 ----D---- C:\Windows\Temp
2011-08-03 18:43:49 ----HD---- C:\ProgramData
2011-08-03 18:43:40 ----SHD---- C:\System Volume Information
2011-08-03 18:42:00 ----D---- C:\Windows\system32\drivers\etc
2011-08-03 15:08:21 ----RD---- C:\Program Files
2011-08-01 00:13:57 ----SHD---- C:\Windows\Installer
2011-08-01 00:10:53 ----D---- C:\Windows\SysWOW64
2011-07-28 07:56:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-07-25 19:08:29 ----AD---- C:\ProgramData\TEMP
2011-07-25 18:52:41 ----D---- C:\Users\Acer2\AppData\Roaming\Adobe
2011-07-14 22:11:29 ----D---- C:\Windows\system32\catroot2
2011-07-09 12:15:32 ----D---- C:\Windows\system32\catroot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-07-09 123784]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2010-02-13 86584]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-07-09 88288]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
S3 ActivHidSerMini;Promethean Serial Board Driver; C:\Windows\system32\DRIVERS\activhidsermini.sys [2007-11-09 62720]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-19 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-19 27136]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-19 33792]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-07-09 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-28 382496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-02-13 288112]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-13 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-13 655624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-29 1255736]
-----------------EOF-----------------
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows 7 antivir 2012
Děkuji hrozně moc za pomoc
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows 7 antivir 2012
Zdravim,
zda se, ze me postihlo neco podobneho:( Pomuzete prosim?
Vysledek po projeti RSITem:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2011-12-07 13:35:22
Microsoft Windows 7 Ultimate
System drive C: has 25 GB (45%) free of 57 GB
Total RAM: 3053 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:35:23, on 7.12.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: CryptoPlus XME Engine Service (xmengine service) - Monet+, a.s. - C:\Windows\SysWOW64\xmesrv.exe
--
End of file - 8081 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-6d4fe9f7-4094-4734-bffa-b183781787ca -SystemEventPortName:HostProcess-215e0440-a088-45a0-8701-055358b377d9 -IoCancelEventPortName:HostProcess-d2f30f4d-525c-457b-b65b-8164941a7815 -NonStateChangingEventPortName:HostProcess-b366d61d-bdd5-4e34-a669-ec04b986e67c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:faf5f0f1-7933-492e-8ab0-87ac73f388ec
/QuitInfo:0000000000000274;0000000000000278; /AddRef;
/QuitInfo:00000000000002AC;00000000000002B0; /AddRef;
/QuitInfo:0000000000000240;00000000000002B8;
C:\Windows\Explorer.EXE
ctfmon.exe
"C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /pendQS
"C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe"
"C:\Program Files (x86)\PC Tools Security\pctsSvc.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2776 CREDAT:79873
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2776 CREDAT:145409
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Admin.Krewski-HP-desk\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\SyncBack D denni.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-28 42272]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2011-11-23 1242448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files (x86)\Ask.com\Updater\Updater.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"ISTray"=C:\Program Files (x86)\PC Tools Security\pctsGui.exe [2011-01-13 1589208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdAuxService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdCoreService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-12-07 13:34:03 ----D---- C:\Program Files\trend micro
2011-12-07 13:34:02 ----D---- C:\rsit
2011-12-07 12:45:46 ----A---- C:\Windows\system32\drivers\pctEFA64.sys
2011-12-07 12:45:46 ----A---- C:\Windows\system32\drivers\pctDS64.sys
2011-12-07 12:45:45 ----A---- C:\Windows\system32\drivers\pctwfpfilter64.sys
2011-12-07 12:45:45 ----A---- C:\Windows\system32\drivers\pctgntdi64.sys
2011-12-07 12:45:45 ----A---- C:\Windows\system32\drivers\PCTCore64.sys
2011-12-07 12:45:43 ----A---- C:\Windows\system32\drivers\pctplsg64.sys
2011-12-07 12:45:36 ----D---- C:\Users\Admin.Krewski-HP-desk\AppData\Roaming\PC Tools
2011-12-07 12:45:36 ----D---- C:\Program Files (x86)\PC Tools Security
2011-12-07 12:33:42 ----D---- C:\ProgramData\AutoKMS
2011-12-07 04:37:25 ----A---- C:\Windows\system32\drivers\Cat.DB
2011-12-07 04:37:02 ----AD---- C:\ProgramData\TEMP
2011-12-07 04:35:30 ----D---- C:\ProgramData\PC Tools
2011-12-07 04:10:04 ----A---- C:\Windows\system32\aswBoot.exe
2011-12-07 04:05:49 ----D---- C:\Windows\SYSWOW64\Wat
2011-12-07 04:05:49 ----D---- C:\Windows\system32\Wat
2011-12-07 03:50:27 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2011-12-07 03:50:27 ----A---- C:\Windows\system32\msv1_0.dll
2011-12-07 03:46:03 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2011-12-07 03:46:03 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2011-12-07 03:46:03 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2011-12-07 03:46:03 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2011-12-07 03:46:02 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2011-12-07 03:46:02 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-12-07 03:46:02 ----A---- C:\Windows\system32\PresentationHost.exe
2011-12-07 03:46:02 ----A---- C:\Windows\system32\netfxperf.dll
2011-12-07 03:46:02 ----A---- C:\Windows\system32\mscoree.dll
2011-12-07 03:46:02 ----A---- C:\Windows\system32\dfshim.dll
2011-12-07 03:45:52 ----A---- C:\Windows\system32\browserchoice.exe
2011-12-07 03:41:56 ----A---- C:\Windows\system32\MRT.exe
2011-12-07 03:41:29 ----A---- C:\Windows\SYSWOW64\CertEnroll.dll
2011-12-07 03:41:29 ----A---- C:\Windows\system32\CertEnroll.dll
2011-12-07 03:41:25 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-07 03:41:25 ----A---- C:\Windows\system32\tzres.dll
2011-12-07 03:41:15 ----A---- C:\Windows\system32\ieframe.dll
2011-12-07 03:41:14 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-07 03:41:13 ----A---- C:\Windows\system32\mshtml.dll
2011-12-07 03:41:12 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-07 03:41:12 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-07 03:41:12 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-07 03:41:12 ----A---- C:\Windows\system32\urlmon.dll
2011-12-07 03:41:12 ----A---- C:\Windows\system32\iertutil.dll
2011-12-07 03:41:11 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-07 03:41:11 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-12-07 03:41:11 ----A---- C:\Windows\system32\wininet.dll
2011-12-07 03:41:11 ----A---- C:\Windows\system32\mstime.dll
2011-12-07 03:41:11 ----A---- C:\Windows\system32\msfeeds.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\url.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\licmgr10.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\ieui.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\iepeers.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\iedkcs32.dll
2011-12-07 03:41:09 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-12-07 03:41:09 ----A---- C:\Windows\system32\msfeedssync.exe
2011-12-07 03:41:03 ----A---- C:\Windows\system32\KernelBase.dll
2011-12-07 03:41:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-12-07 03:41:02 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-12-07 03:41:02 ----A---- C:\Windows\system32\wow64win.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\wow64cpu.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\wow64.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\winsrv.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\ntvdm64.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\kernel32.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\conhost.exe
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-12-07 03:41:01 ----A---- C:\Windows\SYSWOW64\user.exe
2011-12-07 03:41:00 ----A---- C:\Windows\system32\ntdll.dll
2011-12-07 03:40:59 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2011-12-07 03:40:58 ----A---- C:\Windows\system32\mfc42u.dll
2011-12-07 03:40:58 ----A---- C:\Windows\system32\mfc42.dll
2011-12-07 03:40:58 ----A---- C:\Windows\system32\drivers\afd.sys
2011-12-07 03:40:57 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2011-12-07 03:40:57 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2011-12-07 03:40:55 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2011-12-07 03:40:55 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2011-12-07 03:40:55 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2011-12-07 03:40:55 ----A---- C:\Windows\system32\StructuredQuery.dll
2011-12-07 03:40:55 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-12-07 03:40:55 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-12-07 03:40:55 ----A---- C:\Windows\system32\dnsapi.dll
2011-12-07 03:40:54 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-12-07 03:40:54 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-12-07 03:40:54 ----A---- C:\Windows\system32\drivers\srv.sys
2011-12-07 03:40:50 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-07 03:40:50 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2011-12-07 03:40:50 ----A---- C:\Windows\system32\sbe.dll
2011-12-07 03:40:50 ----A---- C:\Windows\system32\EncDec.dll
2011-12-07 03:40:50 ----A---- C:\Windows\system32\CPFilters.dll
2011-12-07 03:40:49 ----A---- C:\Windows\SYSWOW64\sbe.dll
2011-12-07 03:40:47 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2011-12-07 03:40:47 ----A---- C:\Windows\SYSWOW64\secur32.dll
2011-12-07 03:40:47 ----A---- C:\Windows\system32\lsasrv.dll
2011-12-07 03:40:47 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2011-12-07 03:40:45 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2011-12-07 03:40:45 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-12-07 03:40:45 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-12-07 03:40:45 ----A---- C:\Windows\system32\fontsub.dll
2011-12-07 03:40:45 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-12-07 03:40:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-12-07 03:40:45 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-12-07 03:40:45 ----A---- C:\Windows\system32\atmlib.dll
2011-12-07 03:40:45 ----A---- C:\Windows\system32\atmfd.dll
2011-12-07 03:40:43 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2011-12-07 03:40:43 ----A---- C:\Windows\system32\shell32.dll
2011-12-07 03:40:43 ----A---- C:\Windows\system32\poqexec.exe
2011-12-07 03:40:42 ----A---- C:\Windows\SYSWOW64\shell32.dll
2011-12-07 03:40:41 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2011-12-07 03:40:41 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2011-12-07 03:40:41 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2011-12-07 03:40:41 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2011-12-07 03:40:41 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-12-07 03:40:41 ----A---- C:\Windows\system32\taskschd.dll
2011-12-07 03:40:41 ----A---- C:\Windows\system32\taskeng.exe
2011-12-07 03:40:41 ----A---- C:\Windows\system32\taskcomp.dll
2011-12-07 03:40:41 ----A---- C:\Windows\system32\schtasks.exe
2011-12-07 03:40:41 ----A---- C:\Windows\system32\schedsvc.dll
2011-12-07 03:40:40 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-12-07 03:40:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-12-07 03:40:39 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-12-07 03:40:39 ----A---- C:\Windows\system32\vbscript.dll
2011-12-07 03:40:39 ----A---- C:\Windows\system32\jscript.dll
2011-12-07 03:40:37 ----A---- C:\Windows\system32\ole32.dll
2011-12-07 03:40:36 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-12-07 03:40:36 ----A---- C:\Windows\SYSWOW64\ole32.dll
2011-12-07 03:40:36 ----A---- C:\Windows\system32\psisdecd.dll
2011-12-07 03:40:35 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-12-07 03:40:35 ----A---- C:\Windows\system32\kerberos.dll
2011-12-07 03:40:34 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-12-07 03:40:34 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\system32\quartz.dll
2011-12-07 03:40:34 ----A---- C:\Windows\system32\odbctrac.dll
2011-12-07 03:40:34 ----A---- C:\Windows\system32\odbccu32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\system32\odbccr32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\system32\odbccp32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\tsbyuv.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\schannel.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\quartz.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\msyuv.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\msvidc32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\msrle32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\mciavi32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\iyuv_32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\avifil32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\wintrust.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\tsbyuv.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\schannel.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\msyuv.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\msvidc32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\msrle32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\iyuv_32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\asycfilt.dll
2011-12-07 03:40:32 ----A---- C:\Windows\SYSWOW64\explorer.exe
2011-12-07 03:40:32 ----A---- C:\Windows\system32\winlogon.exe
2011-12-07 03:40:32 ----A---- C:\Windows\explorer.exe
2011-12-07 03:40:31 ----A---- C:\Windows\SYSWOW64\mfc40.dll
2011-12-07 03:40:31 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2011-12-07 03:40:31 ----A---- C:\Windows\system32\comctl32.dll
2011-12-07 03:40:30 ----A---- C:\Windows\SYSWOW64\mfc40u.dll
2011-12-07 03:40:30 ----A---- C:\Windows\system32\win32k.sys
2011-12-07 03:40:28 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-12-07 03:40:28 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-12-07 03:40:28 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-12-07 03:40:27 ----A---- C:\Windows\SYSWOW64\webio.dll
2011-12-07 03:40:27 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2011-12-07 03:40:27 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-12-07 03:40:27 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-12-07 03:40:27 ----A---- C:\Windows\SYSWOW64\cabview.dll
2011-12-07 03:40:27 ----A---- C:\Windows\system32\webio.dll
2011-12-07 03:40:27 ----A---- C:\Windows\system32\t2embed.dll
2011-12-07 03:40:27 ----A---- C:\Windows\system32\cabview.dll
2011-12-07 03:40:26 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-12-07 03:40:26 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-12-07 03:40:26 ----A---- C:\Windows\system32\cdd.dll
2011-12-07 03:40:25 ----A---- C:\Windows\system32\wmpmde.dll
2011-12-07 03:40:25 ----A---- C:\Windows\system32\winresume.exe
2011-12-07 03:40:25 ----A---- C:\Windows\system32\winload.exe
2011-12-07 03:40:25 ----A---- C:\Windows\system32\kdusb.dll
2011-12-07 03:40:25 ----A---- C:\Windows\system32\kdcom.dll
2011-12-07 03:40:25 ----A---- C:\Windows\system32\kd1394.dll
2011-12-07 03:40:24 ----A---- C:\Windows\SYSWOW64\wmpmde.dll
2011-12-07 03:40:24 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2011-12-07 03:40:24 ----A---- C:\Windows\SYSWOW64\msasn1.dll
2011-12-07 03:40:24 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2011-12-07 03:40:24 ----A---- C:\Windows\system32\rtutils.dll
2011-12-07 03:40:24 ----A---- C:\Windows\system32\msasn1.dll
2011-12-07 03:40:23 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2011-12-07 03:40:23 ----A---- C:\Windows\system32\spoolsv.exe
2011-12-07 03:40:23 ----A---- C:\Windows\system32\msxml3.dll
2011-12-07 03:40:22 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2011-12-07 03:40:22 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2011-12-07 03:40:22 ----A---- C:\Windows\system32\mstscax.dll
2011-12-07 03:40:22 ----A---- C:\Windows\system32\mstsc.exe
2011-12-07 03:40:21 ----A---- C:\Windows\system32\wmp.dll
2011-12-07 03:40:20 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2011-12-07 03:40:20 ----A---- C:\Windows\SYSWOW64\wmp.dll
2011-12-07 03:40:19 ----A---- C:\Windows\system32\wmploc.DLL
2011-12-07 03:38:53 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-12-07 03:38:53 ----A---- C:\Windows\system32\inetcomm.dll
2011-12-07 03:37:10 ----A---- C:\Windows\SYSWOW64\odbc32.dll
2011-12-07 03:37:10 ----A---- C:\Windows\system32\odbc32.dll
2011-12-07 03:37:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-12-07 03:37:07 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-12-07 03:37:07 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-12-07 03:37:06 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-12-07 03:37:06 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-12-07 03:37:06 ----A---- C:\Windows\system32\oleaut32.dll
2011-12-07 03:37:06 ----A---- C:\Windows\system32\oleacc.dll
2011-12-07 03:37:06 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-12-07 03:37:05 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-12-07 03:37:05 ----A---- C:\Windows\system32\consent.exe
2011-12-07 03:37:02 ----A---- C:\Windows\SYSWOW64\sscore.dll
2011-12-07 03:37:02 ----A---- C:\Windows\system32\srvsvc.dll
2011-12-01 15:52:24 ----D---- C:\Program Files (x86)\Inkscape
2011-11-25 05:51:33 ----D---- C:\Program Files (x86)\Adobe
2011-11-23 16:21:50 ----D---- C:\ProgramData\McAfee
2011-11-23 16:21:46 ----D---- C:\Windows\system32\Macromed
2011-11-23 04:31:23 ----D---- C:\Program Files (x86)\Steam
2011-11-23 04:22:15 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-11-23 04:22:15 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-11-23 04:22:14 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-11-23 04:22:14 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2011-11-23 04:22:14 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-11-23 04:22:14 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-11-23 04:22:14 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-11-23 04:22:14 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-11-23 04:22:14 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-11-23 04:22:14 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-11-23 04:22:14 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-11-23 04:22:14 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-11-23 04:22:13 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-11-23 04:22:13 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-11-23 04:22:10 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2011-11-23 04:22:10 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2011-11-23 04:22:10 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2011-11-23 04:22:10 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-11-23 04:22:10 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-11-23 04:22:10 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-11-23 04:22:09 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-11-23 04:22:09 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2011-11-23 04:22:09 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-11-23 04:22:09 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-11-23 04:22:09 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-11-23 04:22:09 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-11-23 04:22:09 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-11-23 04:22:09 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-11-23 04:22:09 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-11-23 04:22:09 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-11-23 04:22:08 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-11-23 04:22:08 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-11-23 04:22:08 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-11-23 04:22:08 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-11-23 04:22:07 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-11-23 04:22:07 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-11-23 04:22:07 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2011-11-23 04:22:07 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-11-23 04:22:07 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-11-23 04:22:07 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-11-23 04:22:06 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-11-23 04:22:06 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-11-23 04:22:06 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-11-23 04:22:06 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-11-23 04:22:06 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-11-23 04:22:06 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-11-23 04:22:06 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-11-23 04:22:06 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-11-23 04:22:06 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-11-23 04:22:06 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-11-23 04:22:05 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-11-23 04:22:05 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-11-23 04:22:05 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-11-23 04:22:05 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-11-23 04:22:05 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-11-23 04:22:05 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-11-23 04:22:03 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2011-11-23 04:22:03 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2011-11-23 04:22:03 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2011-11-23 04:22:03 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-11-23 04:22:03 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-11-23 04:22:03 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-11-23 04:22:03 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-11-23 04:22:03 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-11-23 04:22:02 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2011-11-23 04:22:02 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2011-11-23 04:22:02 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-11-23 04:22:02 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-11-23 04:22:01 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2011-11-23 04:22:01 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2011-11-23 04:22:01 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2011-11-23 04:22:01 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2011-11-23 04:22:01 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-11-23 04:22:01 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-11-23 04:22:01 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-11-23 04:22:01 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-11-23 04:22:00 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2011-11-23 04:22:00 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-11-23 04:21:59 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2011-11-23 04:21:59 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2011-11-23 04:21:59 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-11-23 04:21:59 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-11-23 04:21:59 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-11-23 04:21:59 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-11-23 04:21:59 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-11-23 04:21:59 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-11-23 04:21:58 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2011-11-23 04:21:58 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2011-11-23 04:21:58 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2011-11-23 04:21:58 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2011-11-23 04:21:58 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-11-23 04:21:58 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-11-23 04:21:58 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-11-23 04:21:58 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-11-23 04:21:57 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2011-11-23 04:21:57 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2011-11-23 04:21:57 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2011-11-23 04:21:57 ----A---- C:\Windows\system32\xinput1_3.dll
2011-11-23 04:21:57 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-11-23 04:21:57 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-11-23 04:21:56 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2011-11-23 04:21:56 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2011-11-23 04:21:56 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2011-11-23 04:21:56 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2011-11-23 04:21:56 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2011-11-23 04:21:56 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-11-23 04:21:56 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-11-23 04:21:56 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-11-23 04:21:56 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-11-23 04:21:56 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-11-23 04:21:55 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2011-11-23 04:21:55 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2011-11-23 04:21:55 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2011-11-23 04:21:55 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2011-11-23 04:21:55 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-11-23 04:21:55 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-11-23 04:21:55 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-11-23 04:21:55 ----A---- C:\Windows\system32\d3dx10.dll
2011-11-23 04:21:54 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2011-11-23 04:21:54 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-11-23 04:21:54 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2011-11-23 04:21:54 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-11-23 04:21:54 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2011-11-23 04:21:54 ----A---- C:\Windows\system32\xinput1_2.dll
2011-11-23 04:21:54 ----A---- C:\Windows\system32\xinput1_1.dll
2011-11-23 04:21:54 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-11-23 04:21:54 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-11-23 04:21:54 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-11-23 04:21:53 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-11-23 04:21:53 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-11-23 04:21:51 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-11-23 04:21:51 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-11-23 04:21:51 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-11-23 04:21:51 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-11-23 04:21:51 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-11-23 04:21:51 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-11-23 04:21:50 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-11-23 04:21:50 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-11-23 04:21:50 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-11-23 04:21:50 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-11-23 04:21:50 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-11-23 04:21:50 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-11-23 04:21:49 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-11-23 04:21:49 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-11-23 04:21:49 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-11-23 04:21:49 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-11-23 04:21:48 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-11-23 04:21:48 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-11-23 04:19:30 ----D---- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2011-11-16 01:43:29 ----D---- C:\ProgramData\Grasssoft
2011-11-16 01:43:21 ----D---- C:\Program Files (x86)\GrassSoft
2011-11-14 18:48:26 ----D---- C:\Program Files (x86)\DOSBox-0.74
======List of files/folders modified in the last 1 month======
2011-12-07 13:35:23 ----D---- C:\Windows\Temp
2011-12-07 13:34:03 ----RD---- C:\Program Files
2011-12-07 12:48:37 ----D---- C:\Windows\System32
2011-12-07 12:48:37 ----D---- C:\Windows\inf
2011-12-07 12:48:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-07 12:46:47 ----A---- C:\Windows\ntbtlog.txt
2011-12-07 12:45:46 ----D---- C:\Windows\system32\drivers
2011-12-07 12:45:36 ----RD---- C:\Program Files (x86)
2011-12-07 12:45:36 ----D---- C:\Program Files (x86)\Common Files
2011-12-07 12:41:16 ----D---- C:\ProgramData\Alwil Software
2011-12-07 12:41:15 ----D---- C:\Windows\SysWOW64
2011-12-07 12:41:15 ----D---- C:\Windows
2011-12-07 12:33:42 ----HD---- C:\ProgramData
2011-12-07 12:26:09 ----D---- C:\Windows\system32\config
2011-12-07 12:23:00 ----SHD---- C:\System Volume Information
2011-12-07 04:37:04 ----SHD---- C:\Windows\Installer
2011-12-07 04:37:04 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-12-07 04:28:20 ----SD---- C:\Users\Admin.Krewski-HP-desk\AppData\Roaming\Microsoft
2011-12-07 04:06:57 ----RSD---- C:\Windows\assembly
2011-12-07 04:05:50 ----D---- C:\Windows\winsxs
2011-12-07 04:05:49 ----D---- C:\Windows\system32\catroot
2011-12-07 04:05:47 ----D---- C:\Windows\system32\catroot2
2011-12-07 04:05:39 ----D---- C:\Windows\Microsoft.NET
2011-12-07 04:00:14 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-12-07 04:00:14 ----D---- C:\Windows\system32\cs-CZ
2011-12-07 04:00:14 ----D---- C:\Program Files\Common Files\System
2011-12-07 04:00:13 ----D---- C:\Windows\SYSWOW64\migration
2011-12-07 04:00:13 ----D---- C:\Windows\system32\migration
2011-12-07 04:00:13 ----D---- C:\Windows\ehome
2011-12-07 04:00:13 ----D---- C:\Program Files\Windows Mail
2011-12-07 04:00:13 ----D---- C:\Program Files\Internet Explorer
2011-12-07 04:00:13 ----D---- C:\Program Files (x86)\Windows Mail
2011-12-07 04:00:13 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-07 04:00:12 ----D---- C:\Windows\system32\Boot
2011-12-07 04:00:11 ----D---- C:\Windows\AppPatch
2011-12-07 04:00:11 ----D---- C:\Program Files\Windows Media Player
2011-12-07 04:00:11 ----D---- C:\Program Files (x86)\Windows Media Player
2011-12-07 03:53:59 ----D---- C:\Windows\Logs
2011-12-07 03:41:57 ----D---- C:\Windows\debug
2011-12-07 03:41:44 ----D---- C:\Windows\SoftwareDistribution
2011-11-30 02:13:11 ----D---- C:\Windows\system32\drivers\UMDF
2011-11-25 05:51:34 ----D---- C:\ProgramData\Adobe
2011-11-23 10:15:06 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-11-16 01:43:33 ----RSD---- C:\Windows\Fonts
2011-11-14 18:34:32 ----D---- C:\Windows\system32\NDF
2011-11-11 15:39:25 ----D---- C:\Program Files (x86)\Google
2011-11-10 17:57:47 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2011-11-09 20:58:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-07 254528]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k60x64.sys [2009-06-10 220672]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-07-24 56344]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 WinUsb;Ovladač WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]
S0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore64.sys [2010-12-10 257232]
S0 pctDS;PC Tools Data Store; C:\Windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 497152]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-10-20 6098432]
S3 epmntdrv;epmntdrv; \??\C:\Windows\syswow64\epmntdrv.sys [2011-03-24 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\syswow64\EuGdiDrv.sys [2011-03-24 8456]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 svan_driver;Svan9xx; C:\Windows\System32\Drivers\svan_driver.sys [2011-01-11 24400]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2010-11-19 1150936]
S2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 111616]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-10-20 202752]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-10 136176]
S2 xmengine service;CryptoPlus XME Engine Service; C:\Windows\SysWOW64\xmesrv.exe [2009-10-09 34696]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-08 1030600]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-10 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-11-23 419624]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-07 1255736]
-----------------EOF-----------------
zda se, ze me postihlo neco podobneho:( Pomuzete prosim?
Vysledek po projeti RSITem:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2011-12-07 13:35:22
Microsoft Windows 7 Ultimate
System drive C: has 25 GB (45%) free of 57 GB
Total RAM: 3053 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:35:23, on 7.12.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: CryptoPlus XME Engine Service (xmengine service) - Monet+, a.s. - C:\Windows\SysWOW64\xmesrv.exe
--
End of file - 8081 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-6d4fe9f7-4094-4734-bffa-b183781787ca -SystemEventPortName:HostProcess-215e0440-a088-45a0-8701-055358b377d9 -IoCancelEventPortName:HostProcess-d2f30f4d-525c-457b-b65b-8164941a7815 -NonStateChangingEventPortName:HostProcess-b366d61d-bdd5-4e34-a669-ec04b986e67c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:faf5f0f1-7933-492e-8ab0-87ac73f388ec
/QuitInfo:0000000000000274;0000000000000278; /AddRef;
/QuitInfo:00000000000002AC;00000000000002B0; /AddRef;
/QuitInfo:0000000000000240;00000000000002B8;
C:\Windows\Explorer.EXE
ctfmon.exe
"C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /pendQS
"C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe"
"C:\Program Files (x86)\PC Tools Security\pctsSvc.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2776 CREDAT:79873
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2776 CREDAT:145409
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Admin.Krewski-HP-desk\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\SyncBack D denni.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-28 42272]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2011-11-23 1242448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files (x86)\Ask.com\Updater\Updater.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"ISTray"=C:\Program Files (x86)\PC Tools Security\pctsGui.exe [2011-01-13 1589208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdAuxService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdCoreService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-12-07 13:34:03 ----D---- C:\Program Files\trend micro
2011-12-07 13:34:02 ----D---- C:\rsit
2011-12-07 12:45:46 ----A---- C:\Windows\system32\drivers\pctEFA64.sys
2011-12-07 12:45:46 ----A---- C:\Windows\system32\drivers\pctDS64.sys
2011-12-07 12:45:45 ----A---- C:\Windows\system32\drivers\pctwfpfilter64.sys
2011-12-07 12:45:45 ----A---- C:\Windows\system32\drivers\pctgntdi64.sys
2011-12-07 12:45:45 ----A---- C:\Windows\system32\drivers\PCTCore64.sys
2011-12-07 12:45:43 ----A---- C:\Windows\system32\drivers\pctplsg64.sys
2011-12-07 12:45:36 ----D---- C:\Users\Admin.Krewski-HP-desk\AppData\Roaming\PC Tools
2011-12-07 12:45:36 ----D---- C:\Program Files (x86)\PC Tools Security
2011-12-07 12:33:42 ----D---- C:\ProgramData\AutoKMS
2011-12-07 04:37:25 ----A---- C:\Windows\system32\drivers\Cat.DB
2011-12-07 04:37:02 ----AD---- C:\ProgramData\TEMP
2011-12-07 04:35:30 ----D---- C:\ProgramData\PC Tools
2011-12-07 04:10:04 ----A---- C:\Windows\system32\aswBoot.exe
2011-12-07 04:05:49 ----D---- C:\Windows\SYSWOW64\Wat
2011-12-07 04:05:49 ----D---- C:\Windows\system32\Wat
2011-12-07 03:50:27 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2011-12-07 03:50:27 ----A---- C:\Windows\system32\msv1_0.dll
2011-12-07 03:46:03 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2011-12-07 03:46:03 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2011-12-07 03:46:03 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2011-12-07 03:46:03 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2011-12-07 03:46:02 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2011-12-07 03:46:02 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-12-07 03:46:02 ----A---- C:\Windows\system32\PresentationHost.exe
2011-12-07 03:46:02 ----A---- C:\Windows\system32\netfxperf.dll
2011-12-07 03:46:02 ----A---- C:\Windows\system32\mscoree.dll
2011-12-07 03:46:02 ----A---- C:\Windows\system32\dfshim.dll
2011-12-07 03:45:52 ----A---- C:\Windows\system32\browserchoice.exe
2011-12-07 03:41:56 ----A---- C:\Windows\system32\MRT.exe
2011-12-07 03:41:29 ----A---- C:\Windows\SYSWOW64\CertEnroll.dll
2011-12-07 03:41:29 ----A---- C:\Windows\system32\CertEnroll.dll
2011-12-07 03:41:25 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-07 03:41:25 ----A---- C:\Windows\system32\tzres.dll
2011-12-07 03:41:15 ----A---- C:\Windows\system32\ieframe.dll
2011-12-07 03:41:14 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-07 03:41:13 ----A---- C:\Windows\system32\mshtml.dll
2011-12-07 03:41:12 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-07 03:41:12 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-07 03:41:12 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-07 03:41:12 ----A---- C:\Windows\system32\urlmon.dll
2011-12-07 03:41:12 ----A---- C:\Windows\system32\iertutil.dll
2011-12-07 03:41:11 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-07 03:41:11 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-12-07 03:41:11 ----A---- C:\Windows\system32\wininet.dll
2011-12-07 03:41:11 ----A---- C:\Windows\system32\mstime.dll
2011-12-07 03:41:11 ----A---- C:\Windows\system32\msfeeds.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-12-07 03:41:10 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\url.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\licmgr10.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\ieui.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\iepeers.dll
2011-12-07 03:41:10 ----A---- C:\Windows\system32\iedkcs32.dll
2011-12-07 03:41:09 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-12-07 03:41:09 ----A---- C:\Windows\system32\msfeedssync.exe
2011-12-07 03:41:03 ----A---- C:\Windows\system32\KernelBase.dll
2011-12-07 03:41:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-12-07 03:41:02 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-12-07 03:41:02 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-12-07 03:41:02 ----A---- C:\Windows\system32\wow64win.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\wow64cpu.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\wow64.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\winsrv.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\ntvdm64.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\kernel32.dll
2011-12-07 03:41:02 ----A---- C:\Windows\system32\conhost.exe
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-12-07 03:41:01 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-12-07 03:41:01 ----A---- C:\Windows\SYSWOW64\user.exe
2011-12-07 03:41:00 ----A---- C:\Windows\system32\ntdll.dll
2011-12-07 03:40:59 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2011-12-07 03:40:58 ----A---- C:\Windows\system32\mfc42u.dll
2011-12-07 03:40:58 ----A---- C:\Windows\system32\mfc42.dll
2011-12-07 03:40:58 ----A---- C:\Windows\system32\drivers\afd.sys
2011-12-07 03:40:57 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2011-12-07 03:40:57 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2011-12-07 03:40:55 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2011-12-07 03:40:55 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2011-12-07 03:40:55 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2011-12-07 03:40:55 ----A---- C:\Windows\system32\StructuredQuery.dll
2011-12-07 03:40:55 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-12-07 03:40:55 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-12-07 03:40:55 ----A---- C:\Windows\system32\dnsapi.dll
2011-12-07 03:40:54 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-12-07 03:40:54 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-12-07 03:40:54 ----A---- C:\Windows\system32\drivers\srv.sys
2011-12-07 03:40:50 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-07 03:40:50 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2011-12-07 03:40:50 ----A---- C:\Windows\system32\sbe.dll
2011-12-07 03:40:50 ----A---- C:\Windows\system32\EncDec.dll
2011-12-07 03:40:50 ----A---- C:\Windows\system32\CPFilters.dll
2011-12-07 03:40:49 ----A---- C:\Windows\SYSWOW64\sbe.dll
2011-12-07 03:40:47 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2011-12-07 03:40:47 ----A---- C:\Windows\SYSWOW64\secur32.dll
2011-12-07 03:40:47 ----A---- C:\Windows\system32\lsasrv.dll
2011-12-07 03:40:47 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2011-12-07 03:40:45 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2011-12-07 03:40:45 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-12-07 03:40:45 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-12-07 03:40:45 ----A---- C:\Windows\system32\fontsub.dll
2011-12-07 03:40:45 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-12-07 03:40:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-12-07 03:40:45 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-12-07 03:40:45 ----A---- C:\Windows\system32\atmlib.dll
2011-12-07 03:40:45 ----A---- C:\Windows\system32\atmfd.dll
2011-12-07 03:40:43 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2011-12-07 03:40:43 ----A---- C:\Windows\system32\shell32.dll
2011-12-07 03:40:43 ----A---- C:\Windows\system32\poqexec.exe
2011-12-07 03:40:42 ----A---- C:\Windows\SYSWOW64\shell32.dll
2011-12-07 03:40:41 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2011-12-07 03:40:41 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2011-12-07 03:40:41 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2011-12-07 03:40:41 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2011-12-07 03:40:41 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-12-07 03:40:41 ----A---- C:\Windows\system32\taskschd.dll
2011-12-07 03:40:41 ----A---- C:\Windows\system32\taskeng.exe
2011-12-07 03:40:41 ----A---- C:\Windows\system32\taskcomp.dll
2011-12-07 03:40:41 ----A---- C:\Windows\system32\schtasks.exe
2011-12-07 03:40:41 ----A---- C:\Windows\system32\schedsvc.dll
2011-12-07 03:40:40 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-12-07 03:40:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-12-07 03:40:39 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-12-07 03:40:39 ----A---- C:\Windows\system32\vbscript.dll
2011-12-07 03:40:39 ----A---- C:\Windows\system32\jscript.dll
2011-12-07 03:40:37 ----A---- C:\Windows\system32\ole32.dll
2011-12-07 03:40:36 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-12-07 03:40:36 ----A---- C:\Windows\SYSWOW64\ole32.dll
2011-12-07 03:40:36 ----A---- C:\Windows\system32\psisdecd.dll
2011-12-07 03:40:35 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-12-07 03:40:35 ----A---- C:\Windows\system32\kerberos.dll
2011-12-07 03:40:34 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-12-07 03:40:34 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\system32\quartz.dll
2011-12-07 03:40:34 ----A---- C:\Windows\system32\odbctrac.dll
2011-12-07 03:40:34 ----A---- C:\Windows\system32\odbccu32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\system32\odbccr32.dll
2011-12-07 03:40:34 ----A---- C:\Windows\system32\odbccp32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\tsbyuv.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\schannel.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\quartz.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\msyuv.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\msvidc32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\msrle32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\mciavi32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\iyuv_32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\avifil32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\wintrust.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\tsbyuv.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\schannel.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\msyuv.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\msvidc32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\msrle32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\iyuv_32.dll
2011-12-07 03:40:33 ----A---- C:\Windows\system32\asycfilt.dll
2011-12-07 03:40:32 ----A---- C:\Windows\SYSWOW64\explorer.exe
2011-12-07 03:40:32 ----A---- C:\Windows\system32\winlogon.exe
2011-12-07 03:40:32 ----A---- C:\Windows\explorer.exe
2011-12-07 03:40:31 ----A---- C:\Windows\SYSWOW64\mfc40.dll
2011-12-07 03:40:31 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2011-12-07 03:40:31 ----A---- C:\Windows\system32\comctl32.dll
2011-12-07 03:40:30 ----A---- C:\Windows\SYSWOW64\mfc40u.dll
2011-12-07 03:40:30 ----A---- C:\Windows\system32\win32k.sys
2011-12-07 03:40:28 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-12-07 03:40:28 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-12-07 03:40:28 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-12-07 03:40:27 ----A---- C:\Windows\SYSWOW64\webio.dll
2011-12-07 03:40:27 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2011-12-07 03:40:27 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-12-07 03:40:27 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-12-07 03:40:27 ----A---- C:\Windows\SYSWOW64\cabview.dll
2011-12-07 03:40:27 ----A---- C:\Windows\system32\webio.dll
2011-12-07 03:40:27 ----A---- C:\Windows\system32\t2embed.dll
2011-12-07 03:40:27 ----A---- C:\Windows\system32\cabview.dll
2011-12-07 03:40:26 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-12-07 03:40:26 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-12-07 03:40:26 ----A---- C:\Windows\system32\cdd.dll
2011-12-07 03:40:25 ----A---- C:\Windows\system32\wmpmde.dll
2011-12-07 03:40:25 ----A---- C:\Windows\system32\winresume.exe
2011-12-07 03:40:25 ----A---- C:\Windows\system32\winload.exe
2011-12-07 03:40:25 ----A---- C:\Windows\system32\kdusb.dll
2011-12-07 03:40:25 ----A---- C:\Windows\system32\kdcom.dll
2011-12-07 03:40:25 ----A---- C:\Windows\system32\kd1394.dll
2011-12-07 03:40:24 ----A---- C:\Windows\SYSWOW64\wmpmde.dll
2011-12-07 03:40:24 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2011-12-07 03:40:24 ----A---- C:\Windows\SYSWOW64\msasn1.dll
2011-12-07 03:40:24 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2011-12-07 03:40:24 ----A---- C:\Windows\system32\rtutils.dll
2011-12-07 03:40:24 ----A---- C:\Windows\system32\msasn1.dll
2011-12-07 03:40:23 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2011-12-07 03:40:23 ----A---- C:\Windows\system32\spoolsv.exe
2011-12-07 03:40:23 ----A---- C:\Windows\system32\msxml3.dll
2011-12-07 03:40:22 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2011-12-07 03:40:22 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2011-12-07 03:40:22 ----A---- C:\Windows\system32\mstscax.dll
2011-12-07 03:40:22 ----A---- C:\Windows\system32\mstsc.exe
2011-12-07 03:40:21 ----A---- C:\Windows\system32\wmp.dll
2011-12-07 03:40:20 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2011-12-07 03:40:20 ----A---- C:\Windows\SYSWOW64\wmp.dll
2011-12-07 03:40:19 ----A---- C:\Windows\system32\wmploc.DLL
2011-12-07 03:38:53 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-12-07 03:38:53 ----A---- C:\Windows\system32\inetcomm.dll
2011-12-07 03:37:10 ----A---- C:\Windows\SYSWOW64\odbc32.dll
2011-12-07 03:37:10 ----A---- C:\Windows\system32\odbc32.dll
2011-12-07 03:37:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-12-07 03:37:07 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-12-07 03:37:07 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-12-07 03:37:06 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-12-07 03:37:06 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-12-07 03:37:06 ----A---- C:\Windows\system32\oleaut32.dll
2011-12-07 03:37:06 ----A---- C:\Windows\system32\oleacc.dll
2011-12-07 03:37:06 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-12-07 03:37:05 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-12-07 03:37:05 ----A---- C:\Windows\system32\consent.exe
2011-12-07 03:37:02 ----A---- C:\Windows\SYSWOW64\sscore.dll
2011-12-07 03:37:02 ----A---- C:\Windows\system32\srvsvc.dll
2011-12-01 15:52:24 ----D---- C:\Program Files (x86)\Inkscape
2011-11-25 05:51:33 ----D---- C:\Program Files (x86)\Adobe
2011-11-23 16:21:50 ----D---- C:\ProgramData\McAfee
2011-11-23 16:21:46 ----D---- C:\Windows\system32\Macromed
2011-11-23 04:31:23 ----D---- C:\Program Files (x86)\Steam
2011-11-23 04:22:15 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-11-23 04:22:15 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-11-23 04:22:14 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-11-23 04:22:14 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2011-11-23 04:22:14 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-11-23 04:22:14 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-11-23 04:22:14 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-11-23 04:22:14 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-11-23 04:22:14 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-11-23 04:22:14 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-11-23 04:22:14 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-11-23 04:22:14 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-11-23 04:22:13 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-11-23 04:22:13 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-11-23 04:22:11 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-11-23 04:22:10 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2011-11-23 04:22:10 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2011-11-23 04:22:10 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2011-11-23 04:22:10 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-11-23 04:22:10 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-11-23 04:22:10 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-11-23 04:22:09 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-11-23 04:22:09 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2011-11-23 04:22:09 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-11-23 04:22:09 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-11-23 04:22:09 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-11-23 04:22:09 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-11-23 04:22:09 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-11-23 04:22:09 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-11-23 04:22:09 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-11-23 04:22:09 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-11-23 04:22:08 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-11-23 04:22:08 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-11-23 04:22:08 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-11-23 04:22:08 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-11-23 04:22:07 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-11-23 04:22:07 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-11-23 04:22:07 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2011-11-23 04:22:07 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-11-23 04:22:07 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-11-23 04:22:07 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-11-23 04:22:06 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-11-23 04:22:06 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-11-23 04:22:06 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-11-23 04:22:06 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-11-23 04:22:06 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-11-23 04:22:06 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-11-23 04:22:06 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-11-23 04:22:06 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-11-23 04:22:06 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-11-23 04:22:06 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-11-23 04:22:05 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-11-23 04:22:05 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-11-23 04:22:05 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-11-23 04:22:05 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-11-23 04:22:05 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-11-23 04:22:05 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-11-23 04:22:04 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-11-23 04:22:04 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-11-23 04:22:03 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2011-11-23 04:22:03 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2011-11-23 04:22:03 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2011-11-23 04:22:03 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-11-23 04:22:03 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-11-23 04:22:03 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-11-23 04:22:03 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-11-23 04:22:03 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-11-23 04:22:02 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2011-11-23 04:22:02 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2011-11-23 04:22:02 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-11-23 04:22:02 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-11-23 04:22:01 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2011-11-23 04:22:01 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2011-11-23 04:22:01 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2011-11-23 04:22:01 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2011-11-23 04:22:01 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-11-23 04:22:01 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-11-23 04:22:01 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-11-23 04:22:01 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-11-23 04:22:00 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2011-11-23 04:22:00 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-11-23 04:21:59 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2011-11-23 04:21:59 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2011-11-23 04:21:59 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-11-23 04:21:59 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-11-23 04:21:59 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-11-23 04:21:59 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-11-23 04:21:59 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-11-23 04:21:59 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-11-23 04:21:58 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2011-11-23 04:21:58 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2011-11-23 04:21:58 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2011-11-23 04:21:58 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2011-11-23 04:21:58 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-11-23 04:21:58 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-11-23 04:21:58 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-11-23 04:21:58 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-11-23 04:21:57 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2011-11-23 04:21:57 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2011-11-23 04:21:57 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2011-11-23 04:21:57 ----A---- C:\Windows\system32\xinput1_3.dll
2011-11-23 04:21:57 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-11-23 04:21:57 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-11-23 04:21:56 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2011-11-23 04:21:56 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2011-11-23 04:21:56 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2011-11-23 04:21:56 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2011-11-23 04:21:56 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2011-11-23 04:21:56 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-11-23 04:21:56 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-11-23 04:21:56 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-11-23 04:21:56 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-11-23 04:21:56 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-11-23 04:21:55 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2011-11-23 04:21:55 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2011-11-23 04:21:55 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2011-11-23 04:21:55 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2011-11-23 04:21:55 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-11-23 04:21:55 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-11-23 04:21:55 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-11-23 04:21:55 ----A---- C:\Windows\system32\d3dx10.dll
2011-11-23 04:21:54 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2011-11-23 04:21:54 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-11-23 04:21:54 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2011-11-23 04:21:54 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-11-23 04:21:54 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2011-11-23 04:21:54 ----A---- C:\Windows\system32\xinput1_2.dll
2011-11-23 04:21:54 ----A---- C:\Windows\system32\xinput1_1.dll
2011-11-23 04:21:54 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-11-23 04:21:54 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-11-23 04:21:54 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-11-23 04:21:53 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-11-23 04:21:53 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-11-23 04:21:51 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-11-23 04:21:51 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-11-23 04:21:51 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-11-23 04:21:51 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-11-23 04:21:51 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-11-23 04:21:51 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-11-23 04:21:50 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-11-23 04:21:50 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-11-23 04:21:50 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-11-23 04:21:50 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-11-23 04:21:50 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-11-23 04:21:50 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-11-23 04:21:49 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-11-23 04:21:49 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-11-23 04:21:49 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-11-23 04:21:49 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-11-23 04:21:48 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-11-23 04:21:48 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-11-23 04:19:30 ----D---- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2011-11-16 01:43:29 ----D---- C:\ProgramData\Grasssoft
2011-11-16 01:43:21 ----D---- C:\Program Files (x86)\GrassSoft
2011-11-14 18:48:26 ----D---- C:\Program Files (x86)\DOSBox-0.74
======List of files/folders modified in the last 1 month======
2011-12-07 13:35:23 ----D---- C:\Windows\Temp
2011-12-07 13:34:03 ----RD---- C:\Program Files
2011-12-07 12:48:37 ----D---- C:\Windows\System32
2011-12-07 12:48:37 ----D---- C:\Windows\inf
2011-12-07 12:48:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-07 12:46:47 ----A---- C:\Windows\ntbtlog.txt
2011-12-07 12:45:46 ----D---- C:\Windows\system32\drivers
2011-12-07 12:45:36 ----RD---- C:\Program Files (x86)
2011-12-07 12:45:36 ----D---- C:\Program Files (x86)\Common Files
2011-12-07 12:41:16 ----D---- C:\ProgramData\Alwil Software
2011-12-07 12:41:15 ----D---- C:\Windows\SysWOW64
2011-12-07 12:41:15 ----D---- C:\Windows
2011-12-07 12:33:42 ----HD---- C:\ProgramData
2011-12-07 12:26:09 ----D---- C:\Windows\system32\config
2011-12-07 12:23:00 ----SHD---- C:\System Volume Information
2011-12-07 04:37:04 ----SHD---- C:\Windows\Installer
2011-12-07 04:37:04 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-12-07 04:28:20 ----SD---- C:\Users\Admin.Krewski-HP-desk\AppData\Roaming\Microsoft
2011-12-07 04:06:57 ----RSD---- C:\Windows\assembly
2011-12-07 04:05:50 ----D---- C:\Windows\winsxs
2011-12-07 04:05:49 ----D---- C:\Windows\system32\catroot
2011-12-07 04:05:47 ----D---- C:\Windows\system32\catroot2
2011-12-07 04:05:39 ----D---- C:\Windows\Microsoft.NET
2011-12-07 04:00:14 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-12-07 04:00:14 ----D---- C:\Windows\system32\cs-CZ
2011-12-07 04:00:14 ----D---- C:\Program Files\Common Files\System
2011-12-07 04:00:13 ----D---- C:\Windows\SYSWOW64\migration
2011-12-07 04:00:13 ----D---- C:\Windows\system32\migration
2011-12-07 04:00:13 ----D---- C:\Windows\ehome
2011-12-07 04:00:13 ----D---- C:\Program Files\Windows Mail
2011-12-07 04:00:13 ----D---- C:\Program Files\Internet Explorer
2011-12-07 04:00:13 ----D---- C:\Program Files (x86)\Windows Mail
2011-12-07 04:00:13 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-07 04:00:12 ----D---- C:\Windows\system32\Boot
2011-12-07 04:00:11 ----D---- C:\Windows\AppPatch
2011-12-07 04:00:11 ----D---- C:\Program Files\Windows Media Player
2011-12-07 04:00:11 ----D---- C:\Program Files (x86)\Windows Media Player
2011-12-07 03:53:59 ----D---- C:\Windows\Logs
2011-12-07 03:41:57 ----D---- C:\Windows\debug
2011-12-07 03:41:44 ----D---- C:\Windows\SoftwareDistribution
2011-11-30 02:13:11 ----D---- C:\Windows\system32\drivers\UMDF
2011-11-25 05:51:34 ----D---- C:\ProgramData\Adobe
2011-11-23 10:15:06 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-11-16 01:43:33 ----RSD---- C:\Windows\Fonts
2011-11-14 18:34:32 ----D---- C:\Windows\system32\NDF
2011-11-11 15:39:25 ----D---- C:\Program Files (x86)\Google
2011-11-10 17:57:47 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2011-11-09 20:58:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-07 254528]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k60x64.sys [2009-06-10 220672]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-07-24 56344]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 WinUsb;Ovladač WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]
S0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore64.sys [2010-12-10 257232]
S0 pctDS;PC Tools Data Store; C:\Windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 497152]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-10-20 6098432]
S3 epmntdrv;epmntdrv; \??\C:\Windows\syswow64\epmntdrv.sys [2011-03-24 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\syswow64\EuGdiDrv.sys [2011-03-24 8456]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 svan_driver;Svan9xx; C:\Windows\System32\Drivers\svan_driver.sys [2011-01-11 24400]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2010-11-19 1150936]
S2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 111616]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-10-20 202752]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-10 136176]
S2 xmengine service;CryptoPlus XME Engine Service; C:\Windows\SysWOW64\xmesrv.exe [2009-10-09 34696]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-08 1030600]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-10 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-11-23 419624]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-07 1255736]
-----------------EOF-----------------
Re: Windows 7 antivir 2012
Zdravim Krewski a vitam vas u nas na foru 
Prectete si prosim Pravidla fora
Zalozte si sve nove tema a dejte do nej tento log co jste dal sem
Toto tema patri jinemu uzivateli a je jiz ukonceno, takze jej nyni i zamknu 
Dekuji za pochopeni
Prectete si prosim Pravidla fora Zalozte si sve nove tema a dejte do nej tento log co jste dal sem Toto tema patri jinemu uzivateli a je jiz ukonceno, takze jej nyni i zamknu Dekuji za pochopeni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?