Zdravím
Prosím o preventivní kontrolu. A chtělo by to zase trošku pročistit ComboFixem. Díky.
Logfile of random's system information tool 1.09 (written by random/random)
Run by X at 2012-05-08 10:39:35
Microsoft Windows 7 Professional
System drive C: has 42 GB (27%) free of 153 GB
Total RAM: 2048 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:45, on 8.5.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Users\X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\OO Software\Defrag\oodcnt.exe
C:\Users\X\Downloads\\RSIT.exe
C:\Program Files\trend micro\X.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25432;
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: toolbarchrome - (no CLSID) - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
--
End of file - 2381 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2012-03-28 2774352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2011-05-25 491040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-04-04 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe [2012-03-28 2774352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-12-13 11487848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=2
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=247
"NoInstrumentation"=1
"NoDrives"=0
"NoDriveAutoRun"=67108859
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.MKVC"=KMVIDC32.DLL
"VIDC.FFDS"=ff_vfw.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"vidc.tscc"=tsccvid.dll
"msacm.l3codec"=l3codecp.acm
"vidc.MPG4"=MPG4C32.dll
"vidc.MP42"=MPG4C32.dll
"vidc.MP43"=MPG4C32.dll
"VIDC.FPS1"=frapsvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2012-05-08 10:39:37 ----D---- C:\Program Files\trend micro
2012-05-08 10:39:35 ----D---- C:\rsit
2012-05-08 09:49:37 ----D---- C:\ProgramData\Malwarebytes
2012-05-08 09:49:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-05-08 09:41:00 ----D---- C:\Program Files\OO Software
2012-05-06 22:33:55 ----D---- C:\Users\X\AppData\Roaming\GetRightToGo
2012-05-06 15:45:13 ----D---- C:\Users\X\AppData\Roaming\Nitro PDF
2012-05-06 15:44:20 ----D---- C:\ProgramData\Nitro PDF
2012-05-06 12:37:28 ----D---- C:\Users\X\AppData\Roaming\Downloaded Installations
2012-05-06 11:28:21 ----D---- C:\Users\X\AppData\Roaming\Aspell
2012-05-06 10:15:11 ----D---- C:\ProgramData\Zoner
2012-05-06 10:14:09 ----D---- C:\Program Files\Zoner
2012-05-04 18:02:27 ----D---- C:\Program Files\FreeTime
2012-04-28 23:07:27 ----D---- C:\Users\X\AppData\Roaming\CAD-KAS
2012-04-28 22:08:01 ----A---- C:\Windows\reimage.ini
2012-04-28 21:56:40 ----D---- C:\ProgramData\Systweak
2012-04-28 21:47:57 ----D---- C:\Users\X\AppData\Roaming\Systweak
2012-04-28 21:33:30 ----ASH---- C:\Windows\system32\dcbdfc7_g.dll
2012-04-19 15:54:11 ----D---- C:\ProgramData\FLEXnet
2012-04-19 15:42:14 ----N---- C:\Windows\system32\AdobePDF.dll
2012-04-18 20:59:20 ----D---- C:\Users\X\AppData\Roaming\spotmau
2012-04-18 20:59:03 ----D---- C:\ProgramData\TuneUp360
2012-04-16 21:19:47 ----D---- C:\Windows\temp
2012-04-16 21:13:43 ----D---- C:\$RECYCLE.BIN
2012-04-16 20:12:13 ----A---- C:\Windows\zip.exe
2012-04-16 20:12:13 ----A---- C:\Windows\SWSC.exe
2012-04-16 20:12:13 ----A---- C:\Windows\SWREG.exe
2012-04-16 20:12:13 ----A---- C:\Windows\sed.exe
2012-04-16 20:12:13 ----A---- C:\Windows\PEV.exe
2012-04-16 20:12:13 ----A---- C:\Windows\NIRCMD.exe
2012-04-16 20:12:13 ----A---- C:\Windows\MBR.exe
2012-04-16 20:12:13 ----A---- C:\Windows\grep.exe
2012-04-16 20:11:23 ----D---- C:\Qoobox
2012-04-15 18:00:14 ----A---- C:\Windows\Sandboxie.ini
2012-04-15 14:17:41 ----D---- C:\Users\X\AppData\Roaming\NeoSoftTools
2012-04-15 14:17:41 ----D---- C:\ProgramData\NeoSoftTools
======List of files/folders modified in the last 1 month======
2012-05-08 10:39:37 ----RD---- C:\Program Files
2012-05-08 10:37:58 ----SHD---- C:\System Volume Information
2012-05-08 10:30:38 ----D---- C:\Windows\system32\drivers
2012-05-08 10:00:30 ----D---- C:\Windows\inf
2012-05-08 10:00:27 ----AD---- C:\Windows
2012-05-08 09:53:46 ----D---- C:\Program Files\Common Files\Adobe
2012-05-08 09:52:39 ----D---- C:\Program Files\Common Files
2012-05-08 09:51:00 ----D---- C:\Windows\Prefetch
2012-05-08 09:49:37 ----D---- C:\ProgramData
2012-05-08 09:41:24 ----SHD---- C:\Windows\Installer
2012-05-08 09:41:24 ----D---- C:\Config.Msi
2012-05-08 09:41:03 ----D---- C:\Windows\System32
2012-05-08 08:55:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-07 23:24:31 ----RSD---- C:\Windows\assembly
2012-05-07 23:24:29 ----D---- C:\Windows\Microsoft.NET
2012-05-07 23:24:27 ----D---- C:\Windows\system32\en-US
2012-05-07 23:23:38 ----D---- C:\Windows\system32\cs-CZ
2012-05-07 23:22:31 ----D---- C:\Windows\system32\config
2012-05-07 22:26:58 ----A---- C:\Windows\cadkasdeinst01e.exe
2012-05-07 16:50:58 ----D---- C:\Windows\system32\Tasks
2012-05-06 22:15:21 ----AD---- C:\ProgramData\Temp
2012-05-03 09:47:55 ----D---- C:\Windows\system32\catroot2
2012-04-28 22:57:13 ----D---- C:\ProgramData\Adobe
2012-04-28 22:53:49 ----RSD---- C:\Windows\Fonts
2012-04-28 22:03:32 ----D---- C:\Windows\Tasks
2012-04-27 22:44:34 ----D---- C:\Program Files\CCleaner
2012-04-19 15:43:05 ----D---- C:\Windows\winsxs
2012-04-19 15:42:45 ----D---- C:\Users\X\AppData\Roaming\Adobe
2012-04-19 15:42:30 ----D---- C:\Windows\system32\DriverStore
2012-04-19 15:37:17 ----D---- C:\Program Files\Adobe
2012-04-16 21:13:46 ----A---- C:\Windows\system.ini
2012-04-16 21:13:37 ----D---- C:\Windows\system32\drivers\etc
2012-04-16 21:11:29 ----D---- C:\Windows\ERDNT
2012-04-16 21:08:15 ----D---- C:\Windows\AppPatch
2012-04-15 14:50:23 ----D---- C:\Windows\system32\catroot
2012-04-12 20:21:17 ----SD---- C:\Users\X\AppData\Roaming\Microsoft
2012-04-10 22:16:19 ----D---- C:\WinFast WorkArea
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2010-04-08 215656]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-02-11 473656]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-07 44376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [2011-08-11 20392]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-12-13 3921448]
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6232.sys [2010-03-04 296936]
R3 ULCDRHlp;ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 WFLR6654;WinFast DTV1800 H (XC3028); C:\Windows\system32\drivers\wfeaglxt.sys [2009-10-21 433920]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 66632]
R4 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\X\AppData\Local\Temp\catchme.sys []
S3 CFcatchme;CFcatchme; \??\C:\Users\X\AppData\Local\Temp\CFcatchme.sys []
S3 cpuz134;cpuz134; \??\C:\Users\X\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 DrvAgent32;DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [2011-12-10 23456]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 hcdriver;EHCI Compliance Test Tool Device Driver; C:\Windows\system32\DRIVERS\hcdriver.sys [2012-01-27 50688]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-04-04 47360]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 15048]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\system32\NLSSRV32.EXE [2011-03-21 68928]
R2 OODefragAgent;O&O Defrag Agent; C:\Program Files\OO Software\Defrag\oodag.exe [2012-03-28 2500944]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R4 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
S4 NetMsmqActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S4 NetPipeActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S4 NetTcpActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1136448]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu
Zdravim 
Proc to chcete cistit ComboFixem? vy vite co vse umi
Proc to chcete cistit ComboFixem? vy vite co vse umi
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
Milan12300
- Návštěvník
- Příspěvky: 64
- Registrován: 13 led 2012 21:41
Re: Prosím o kontrolu
Nevím co všechno umí, ale včera jsem byl na nějaký stránce, ale to bylo ještě dobrý. Dnes jsem spustil PC a celej PC se chvíli sekal, tak jsem musel vypnout pár procesů ve správci úloh a trochu pročistit PC ccleanerem, ale pořád je ještě takovej, jako když tam něco je. Už jsem ho projel mbam, ale nic nenašel. Napad mě ComboFix proto, že, když mi tady někdo kontroloval log atd... tak řekl, že jsem tam měl nějaké 2 viry, a že je ComboFix smazal. 
Log již vypadá čistý. Kromě RK byly v systému ještě 2 rootkity a nějaký ten trojan.
Re: Prosím o kontrolu
Nebezpeci CFka
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
CREATERESTOREPOINT netsvcs drivers32 savembr:0 /md5start atapi.sys autochk.exe cdrom.sys explorer.exe hal.dll scecli.dll svchost.exe tcpip.sys userinit.exe winlogon.exe /md5stop %systemroot%*.* /U /s %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 %SYSTEMDRIVE%\*.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 %PROGRAMFILES%\Opera\opera.exe /md5 %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 %SystemDrive%\PhysicalMBR.bin /md5 *crack* /s *keygen* /s *loader* /s- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
Milan12300
- Návštěvník
- Příspěvky: 64
- Registrován: 13 led 2012 21:41
Re: Prosím o kontrolu
Tak tohle jsem teda nevědl co dokáže.. No nic tady jsou ty logy
OTL logfile created on: 10.5.2012 15:45:00 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\X\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,47% Memory free
5,00 Gb Paging File | 4,25 Gb Available in Paging File | 85,12% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 42,09 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
Computer Name: X-PC | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.05.10 15:35:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
PRC - [2012.03.28 18:01:02 | 002,774,352 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe
PRC - [2012.03.28 18:00:46 | 002,500,944 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.05.25 10:00:02 | 000,491,040 | ---- | M] () -- C:\Program Files\Seznam.cz\postak.exe
PRC - [2011.03.21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2012.02.17 20:55:36 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011.05.25 10:00:02 | 000,491,040 | ---- | M] () -- C:\Program Files\Seznam.cz\postak.exe
MOD - [2011.05.25 09:59:56 | 000,821,792 | ---- | M] () -- C:\Program Files\Seznam.cz\email.3.dll
MOD - [2011.05.25 09:59:40 | 001,145,888 | ---- | M] () -- C:\Program Files\Seznam.cz\core.3.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.29 21:54:03 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.28 18:00:46 | 002,500,944 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.03.21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.07.14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\X\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\X\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\X\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.02.11 23:26:33 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012.01.27 15:44:34 | 000,050,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcdriver.sys -- (hcdriver)
DRV - [2011.12.10 00:08:54 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.08.17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 10:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.08.11 09:57:38 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2010.04.27 17:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010.04.27 17:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010.04.27 17:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010.04.08 16:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2010.03.04 19:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.10.21 19:30:32 | 000,433,920 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wfeaglxt.sys -- (WFLR6654) WinFast DTV1800 H (XC3028)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2004.12.23 18:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&app ... earchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2481032
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 8A 8F 6E C2 A4 CA 01 [binary data]
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TF = http://www.seznam.cz/
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\..\SearchScopes,DefaultScope = {B0825210-9000-4A87-91FC-9502C8BED4FA}
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\..\SearchScopes\{B0825210-9000-4A87-91FC-9502C8BED4FA}: "URL" = http://www.google.cz/search?q={searchTe ... 1I7GGLS_cs
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25432;
========== FireFox ==========
FF - prefs.js - File not found
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\X\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\X\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\X\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
O1 HOSTS File: ([2012.05.08 18:39:53 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000..\Run: [Seznam Postak] C:\Program Files\Seznam.cz\postak.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 247
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108859
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78F6F2C-21A0-4298-B319-FE13293A36BA}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\toolbarchrome - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mjpg - C:\Windows\System32\bdmjpeg.dll ()
Drivers32: VIDC.MKVC - C:\Windows\System32\KMVIDC32.DLL ()
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.05.10 15:35:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
[2012.05.09 18:33:04 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\BANDISOFT
[2012.05.09 18:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[2012.05.09 18:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bandicam
[2012.05.09 18:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2012.05.09 18:00:43 | 000,000,000 | ---D | C] -- C:\Users\X\Desktop\záloha iwisoft
[2012.05.09 17:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2012.05.09 17:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Resource Hacker
[2012.05.08 18:31:37 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\PhotoScape
[2012.05.08 17:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012.05.08 16:19:56 | 000,000,000 | ---D | C] -- C:\Users\X\Documents\iWisoft Free Video Converter
[2012.05.08 16:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWisoft Free Video Converter
[2012.05.08 16:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\iWisoft Free Video Converter
[2012.05.08 16:15:33 | 000,000,000 | ---D | C] -- C:\Users\X\Documents\FFOutput
[2012.05.08 10:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.05.08 09:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.08 09:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2012.05.08 09:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2012.05.07 23:05:37 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\PDF24
[2012.05.06 22:33:55 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\GetRightToGo
[2012.05.06 15:45:13 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Nitro PDF
[2012.05.06 15:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012.05.06 12:37:28 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Downloaded Installations
[2012.05.06 11:28:21 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Aspell
[2012.05.06 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\Iceni
[2012.05.06 11:27:17 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\Aspell
[2012.05.06 10:15:12 | 000,000,000 | ---D | C] -- C:\Users\X\Documents\ZPS14
[2012.05.06 10:15:11 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\Zoner
[2012.05.06 10:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoner
[2012.05.06 10:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 14
[2012.05.06 10:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Zoner
[2012.05.04 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2012.05.04 18:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
========== Files - Modified Within 7 Days ==========
[2012.05.10 15:47:14 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.05.10 15:35:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
[2012.05.10 15:31:00 | 000,295,746 | ---- | M] () -- C:\Users\X\Desktop\2012-05-10_152112.jpg
[2012.05.10 15:17:44 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.10 15:17:44 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.10 15:14:46 | 005,128,276 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.05.10 15:14:46 | 002,323,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.10 15:14:46 | 001,682,444 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.05.10 15:14:46 | 001,604,168 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.10 15:09:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.10 15:09:47 | 000,862,909 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2012.05.09 18:32:51 | 000,000,950 | ---- | M] () -- C:\Users\X\Desktop\Bandicam.lnk
[2012.05.09 18:10:21 | 000,001,454 | ---- | M] () -- C:\Users\X\Desktop\ResHacker.lnk
[2012.05.08 16:19:46 | 000,001,047 | ---- | M] () -- C:\Users\X\Desktop\iWisoft Free Video Converter.lnk
[2012.05.08 09:41:04 | 000,002,687 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2012.05.07 22:26:58 | 000,075,776 | ---- | M] () -- C:\Windows\cadkasdeinst01e.exe
[2012.05.06 10:14:36 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Zoner Photo Studio 14.lnk
[2012.05.04 18:02:45 | 000,001,160 | ---- | M] () -- C:\Users\X\Desktop\Format Factory.lnk
========== Files Created - No Company Name ==========
[2012.05.10 15:47:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.05.10 15:21:13 | 000,295,746 | ---- | C] () -- C:\Users\X\Desktop\2012-05-10_152112.jpg
[2012.05.09 18:32:51 | 000,000,950 | ---- | C] () -- C:\Users\X\Desktop\Bandicam.lnk
[2012.05.09 18:10:21 | 000,001,454 | ---- | C] () -- C:\Users\X\Desktop\ResHacker.lnk
[2012.05.08 16:19:46 | 000,001,047 | ---- | C] () -- C:\Users\X\Desktop\iWisoft Free Video Converter.lnk
[2012.05.08 16:19:44 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.05.08 09:41:04 | 000,002,687 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2012.05.06 10:14:36 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Zoner Photo Studio 14.lnk
[2012.05.04 18:02:45 | 000,001,160 | ---- | C] () -- C:\Users\X\Desktop\Format Factory.lnk
[2012.04.28 22:08:01 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012.04.28 21:33:30 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\dcbdfc7_g.dll
[2012.04.18 20:59:15 | 000,061,903 | ---- | C] () -- C:\Users\X\AppData\Roaming\userenv.xml.urlencode
[2012.04.18 20:59:14 | 000,045,291 | ---- | C] () -- C:\Users\X\AppData\Roaming\userenv.xml
[2012.04.16 20:12:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.16 20:12:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.16 20:12:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.16 20:12:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.16 20:12:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.15 18:00:14 | 000,001,568 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.03.18 16:07:19 | 000,000,022 | -HS- | C] () -- C:\Users\X\AppData\Roaming\Sys2662.Config.Repository.bin
[2012.03.17 23:04:10 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012.02.03 13:40:45 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.01.08 20:52:13 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2012.01.05 13:50:50 | 000,000,000 | ---- | C] () -- C:\Users\X\AppData\Local\{1516ADB7-E396-4C6C-AC8F-46E40F5C290B}
[2011.12.04 15:52:52 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.11.17 22:46:07 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011.11.13 20:50:49 | 000,000,070 | ---- | C] () -- C:\Windows\systems.dat
[2011.11.13 12:13:20 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2011.10.24 15:32:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.09.05 22:01:56 | 000,028,672 | ---- | C] () -- C:\Windows\lmunin2.exe
[2011.09.02 20:29:15 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.09.01 15:26:55 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.08.21 23:18:56 | 000,004,096 | -H-- | C] () -- C:\Users\X\AppData\Local\keyfile3.drm
[2011.08.16 19:56:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.06.01 20:42:47 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2011.06.01 20:42:47 | 000,090,784 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2011.05.31 22:11:45 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2011.05.31 22:09:16 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011.02.23 18:48:17 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
[2011.02.19 19:20:25 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.10.20 18:57:55 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2010.10.06 15:54:13 | 000,000,543 | ---- | C] () -- C:\Windows\Sonic3K.INI
[2010.10.02 19:39:14 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2010.09.23 19:58:29 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2010.09.10 17:21:54 | 000,000,024 | ---- | C] () -- C:\Users\X\AppData\Local\Images.fl
[2010.09.05 20:16:04 | 000,081,920 | ---- | C] () -- C:\Users\X\AppData\Roaming\ezpinst.exe
[2010.09.05 19:47:04 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.09.01 17:22:23 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2010.08.26 17:00:40 | 000,000,455 | ---- | C] () -- C:\ProgramData\V2SData.data
[2010.08.10 13:30:10 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.10 13:30:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010.07.26 20:16:12 | 000,000,035 | ---- | C] () -- C:\Windows\Worldbuilder.INI
[2010.07.16 20:35:18 | 000,299,008 | ---- | C] () -- C:\Windows\Uninstall_tkexe.exe
[2010.07.14 15:57:56 | 000,023,056 | ---- | C] () -- C:\Windows\System32\Pkwdcl.dll
[2010.07.09 23:23:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.05.29 21:10:26 | 000,000,164 | ---- | C] () -- C:\Windows\spidla.INI
[2010.05.27 21:29:38 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.05.22 22:58:47 | 000,000,443 | ---- | C] () -- C:\Users\X\AppData\Roaming\ImageTuner.ini
========== LOP Check ==========
[2012.05.08 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Ashampoo
[2011.12.16 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Audacity
[2011.12.21 21:31:47 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\AVG
[2011.07.14 09:23:54 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\AVG10
[2011.11.06 10:08:43 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\avidemux
[2012.05.09 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\BANDISOFT
[2012.04.28 23:07:27 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\CAD-KAS
[2012.03.19 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Canneverbe Limited
[2012.05.06 12:37:28 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Downloaded Installations
[2012.04.02 17:04:18 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\f-secure
[2012.05.06 22:34:35 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\GetRightToGo
[2012.03.17 22:25:17 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\My Battle for Middle-earth Files
[2012.04.15 14:17:41 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\NeoSoftTools
[2012.05.06 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Nitro PDF
[2012.05.08 18:31:49 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PhotoScape
[2011.12.04 20:59:20 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Product_PT
[2011.11.28 21:43:05 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Product_RM
[2010.08.07 22:02:09 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ProgSense
[2012.03.19 20:34:50 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\QuickScan
[2011.04.02 21:32:30 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Shape games
[2011.11.14 22:20:18 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\SoftGrid Client
[2012.04.18 20:59:20 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\spotmau
[2012.04.28 22:03:35 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Systweak
[2011.12.04 21:20:36 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\TestApp
[2012.05.09 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\TP
[2011.09.11 11:06:47 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\VitySoft
[2012.01.31 23:24:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Vso
[2010.08.25 07:43:59 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\XMedia Recode
[2012.04.17 12:38:41 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.08.05 23:27:15 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\ERDNT\cache\tcpip.sys
[2011.08.05 23:27:15 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\System32\drivers\tcpip.sys
[2011.08.05 23:27:15 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.08.05 23:27:15 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.04.09 09:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2010.04.09 09:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
[2011.08.05 23:27:15 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011.08.05 23:27:15 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2011.06.21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2011.06.21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011.06.21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0b30e03e0b28039a1089fe220cf3cedd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0b30e03e0b28039a1089fe220cf3cedd\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.04.19 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Adobe
[2012.02.02 18:19:25 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ArcSoft
[2012.05.08 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Ashampoo
[2012.05.06 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Aspell
[2011.12.16 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Audacity
[2011.12.21 21:31:47 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\AVG
[2011.07.14 09:23:54 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\AVG10
[2011.11.06 10:08:43 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\avidemux
[2012.05.09 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\BANDISOFT
[2012.04.28 23:07:27 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\CAD-KAS
[2012.03.19 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Canneverbe Limited
[2012.05.06 12:37:28 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Downloaded Installations
[2012.04.02 17:04:18 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\f-secure
[2010.07.13 22:12:25 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\FastStone
[2012.05.06 22:34:35 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\GetRightToGo
[2012.02.26 17:09:33 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Macromedia
[2012.03.25 20:50:44 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Malwarebytes
[2012.04.12 20:21:17 | 000,000,000 | --SD | M] -- C:\Users\X\AppData\Roaming\Microsoft
[2012.03.17 22:25:17 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\My Battle for Middle-earth Files
[2012.04.15 14:17:41 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\NeoSoftTools
[2012.02.04 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Nero
[2012.05.06 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Nitro PDF
[2011.08.22 23:50:13 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\NVIDIA
[2012.05.08 18:31:49 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PhotoScape
[2011.12.04 20:59:20 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Product_PT
[2011.11.28 21:43:05 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Product_RM
[2010.08.07 22:02:09 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ProgSense
[2012.03.19 20:34:50 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\QuickScan
[2011.04.02 21:32:30 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Shape games
[2011.11.14 22:20:18 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\SoftGrid Client
[2012.04.18 20:59:20 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\spotmau
[2012.04.28 22:03:35 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Systweak
[2011.12.04 21:20:36 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\TestApp
[2012.05.09 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\TP
[2011.09.11 11:06:47 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\VitySoft
[2012.01.31 23:24:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Vso
[2011.09.13 17:50:37 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\WinRAR
[2010.08.25 07:43:59 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\XMedia Recode
< %APPDATA%\*.exe /s >
[2010.09.05 20:16:14 | 000,081,920 | ---- | M] () -- C:\Users\X\AppData\Roaming\ezpinst.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
< %systemroot%\Tasks\*.job >
[2012.04.06 12:53:39 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.05.10 15:17:44 | 000,014,032 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.10 15:17:44 | 000,014,032 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.10 15:09:47 | 000,862,909 | ---- | M] () -- C:\Windows\system32\oodbs.lor
[2012.05.10 15:14:46 | 001,682,444 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.05.10 15:14:46 | 001,604,168 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.05.10 15:14:46 | 005,128,276 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.05.10 15:14:46 | 002,323,152 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.05.10 15:14:46 | 000,005,240 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
"Seznam Postak" = "C:\Program Files\Seznam.cz\postak.exe" -s -- [2011.05.25 10:00:02 | 000,491,040 | ---- | M] ()
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.05.10 15:47:14 | 000,000,512 | ---- | M] () MD5=C049C033301B2C8AAD8F77D6C93D79AD -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
[2012.05.08 10:28:46 | 000,001,210 | ---- | M] () -- \Users\X\AppData\Roaming\Microsoft\Windows\Recent\O&O.Software.2012.All.Product.keygen-AoRE (2).lnk
[2012.05.08 10:21:47 | 000,001,312 | ---- | M] () -- \Users\X\AppData\Roaming\Microsoft\Windows\Recent\O&O.Software.2012.All.Product.keygen-AoRE.lnk
[2012.05.08 10:07:33 | 000,000,777 | ---- | M] () -- \Users\X\AppData\Roaming\Microsoft\Windows\Recent\[www.indowebster.com]-O-amp-O_Defrag_Pro_Keygen__by_AntaAlz.lnk
< *loader* /s >
[2009.05.31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2012.03.30 16:03:44 | 000,430,080 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Facebook\ZPSPluginLoader.exe
[2012.03.30 16:14:22 | 000,444,416 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 15:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Flickr\ZPSPluginLoader.exe
[2011.03.08 18:09:04 | 000,194,048 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Picasa\ZPSPluginLoader.exe
[2012.03.26 16:05:34 | 000,102,792 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Program32\8bfLoader.exe
[2012.03.26 16:05:48 | 000,016,776 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Program32\WICLoader.exe
[2012.05.09 08:36:34 | 000,002,364 | ---- | M] () -- \Users\X\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FX5CLXX4\loader[1].gif
[2012.05.10 10:47:34 | 000,003,783 | ---- | M] () -- \Users\X\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FX5CLXX4\loader[1].js
[2012.05.10 10:50:53 | 000,000,673 | ---- | M] () -- \Users\X\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J221TG2V\loader.white[1].gif
[2012.05.09 19:09:02 | 000,002,475 | ---- | M] () -- \Users\X\AppData\Roaming\Microsoft\Windows\Recent\iWisoft Free Video Downloader.lnk
[2009.07.14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2011.08.05 23:24:16 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011.12.10 20:01:54 | 000,003,530 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 10:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 10:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 10:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2010.02.03 13:30:09 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2010.02.03 13:30:09 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2010.02.03 13:30:09 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 10:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:39 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:16 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:42D9E231
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:6020C786
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:58D8F144
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:56E2E879
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:890CC2F3
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:ECF54A0E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:661DFA1C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:553CA6CA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:0D786AE3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
OTL logfile created on: 10.5.2012 15:45:00 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\X\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,47% Memory free
5,00 Gb Paging File | 4,25 Gb Available in Paging File | 85,12% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 42,09 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
Computer Name: X-PC | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.05.10 15:35:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
PRC - [2012.03.28 18:01:02 | 002,774,352 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe
PRC - [2012.03.28 18:00:46 | 002,500,944 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.05.25 10:00:02 | 000,491,040 | ---- | M] () -- C:\Program Files\Seznam.cz\postak.exe
PRC - [2011.03.21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2012.02.17 20:55:36 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011.05.25 10:00:02 | 000,491,040 | ---- | M] () -- C:\Program Files\Seznam.cz\postak.exe
MOD - [2011.05.25 09:59:56 | 000,821,792 | ---- | M] () -- C:\Program Files\Seznam.cz\email.3.dll
MOD - [2011.05.25 09:59:40 | 001,145,888 | ---- | M] () -- C:\Program Files\Seznam.cz\core.3.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.29 21:54:03 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.28 18:00:46 | 002,500,944 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.03.21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.07.14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\X\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\X\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\X\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.02.11 23:26:33 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012.01.27 15:44:34 | 000,050,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcdriver.sys -- (hcdriver)
DRV - [2011.12.10 00:08:54 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.08.17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 10:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.08.11 09:57:38 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2010.04.27 17:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010.04.27 17:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010.04.27 17:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010.04.08 16:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2010.03.04 19:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.10.21 19:30:32 | 000,433,920 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wfeaglxt.sys -- (WFLR6654) WinFast DTV1800 H (XC3028)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2004.12.23 18:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&app ... earchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2481032
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 8A 8F 6E C2 A4 CA 01 [binary data]
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TF = http://www.seznam.cz/
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\..\SearchScopes,DefaultScope = {B0825210-9000-4A87-91FC-9502C8BED4FA}
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\..\SearchScopes\{B0825210-9000-4A87-91FC-9502C8BED4FA}: "URL" = http://www.google.cz/search?q={searchTe ... 1I7GGLS_cs
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25432;
========== FireFox ==========
FF - prefs.js - File not found
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\X\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\X\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\X\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
O1 HOSTS File: ([2012.05.08 18:39:53 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000..\Run: [Seznam Postak] C:\Program Files\Seznam.cz\postak.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 247
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108859
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78F6F2C-21A0-4298-B319-FE13293A36BA}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\toolbarchrome - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mjpg - C:\Windows\System32\bdmjpeg.dll ()
Drivers32: VIDC.MKVC - C:\Windows\System32\KMVIDC32.DLL ()
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.05.10 15:35:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
[2012.05.09 18:33:04 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\BANDISOFT
[2012.05.09 18:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[2012.05.09 18:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bandicam
[2012.05.09 18:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2012.05.09 18:00:43 | 000,000,000 | ---D | C] -- C:\Users\X\Desktop\záloha iwisoft
[2012.05.09 17:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2012.05.09 17:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Resource Hacker
[2012.05.08 18:31:37 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\PhotoScape
[2012.05.08 17:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012.05.08 16:19:56 | 000,000,000 | ---D | C] -- C:\Users\X\Documents\iWisoft Free Video Converter
[2012.05.08 16:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWisoft Free Video Converter
[2012.05.08 16:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\iWisoft Free Video Converter
[2012.05.08 16:15:33 | 000,000,000 | ---D | C] -- C:\Users\X\Documents\FFOutput
[2012.05.08 10:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.05.08 09:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.08 09:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2012.05.08 09:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2012.05.07 23:05:37 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\PDF24
[2012.05.06 22:33:55 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\GetRightToGo
[2012.05.06 15:45:13 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Nitro PDF
[2012.05.06 15:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012.05.06 12:37:28 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Downloaded Installations
[2012.05.06 11:28:21 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Aspell
[2012.05.06 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\Iceni
[2012.05.06 11:27:17 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\Aspell
[2012.05.06 10:15:12 | 000,000,000 | ---D | C] -- C:\Users\X\Documents\ZPS14
[2012.05.06 10:15:11 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\Zoner
[2012.05.06 10:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoner
[2012.05.06 10:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 14
[2012.05.06 10:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Zoner
[2012.05.04 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2012.05.04 18:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
========== Files - Modified Within 7 Days ==========
[2012.05.10 15:47:14 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.05.10 15:35:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
[2012.05.10 15:31:00 | 000,295,746 | ---- | M] () -- C:\Users\X\Desktop\2012-05-10_152112.jpg
[2012.05.10 15:17:44 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.10 15:17:44 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.10 15:14:46 | 005,128,276 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.05.10 15:14:46 | 002,323,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.10 15:14:46 | 001,682,444 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.05.10 15:14:46 | 001,604,168 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.10 15:09:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.10 15:09:47 | 000,862,909 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2012.05.09 18:32:51 | 000,000,950 | ---- | M] () -- C:\Users\X\Desktop\Bandicam.lnk
[2012.05.09 18:10:21 | 000,001,454 | ---- | M] () -- C:\Users\X\Desktop\ResHacker.lnk
[2012.05.08 16:19:46 | 000,001,047 | ---- | M] () -- C:\Users\X\Desktop\iWisoft Free Video Converter.lnk
[2012.05.08 09:41:04 | 000,002,687 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2012.05.07 22:26:58 | 000,075,776 | ---- | M] () -- C:\Windows\cadkasdeinst01e.exe
[2012.05.06 10:14:36 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Zoner Photo Studio 14.lnk
[2012.05.04 18:02:45 | 000,001,160 | ---- | M] () -- C:\Users\X\Desktop\Format Factory.lnk
========== Files Created - No Company Name ==========
[2012.05.10 15:47:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.05.10 15:21:13 | 000,295,746 | ---- | C] () -- C:\Users\X\Desktop\2012-05-10_152112.jpg
[2012.05.09 18:32:51 | 000,000,950 | ---- | C] () -- C:\Users\X\Desktop\Bandicam.lnk
[2012.05.09 18:10:21 | 000,001,454 | ---- | C] () -- C:\Users\X\Desktop\ResHacker.lnk
[2012.05.08 16:19:46 | 000,001,047 | ---- | C] () -- C:\Users\X\Desktop\iWisoft Free Video Converter.lnk
[2012.05.08 16:19:44 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.05.08 09:41:04 | 000,002,687 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2012.05.06 10:14:36 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Zoner Photo Studio 14.lnk
[2012.05.04 18:02:45 | 000,001,160 | ---- | C] () -- C:\Users\X\Desktop\Format Factory.lnk
[2012.04.28 22:08:01 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012.04.28 21:33:30 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\dcbdfc7_g.dll
[2012.04.18 20:59:15 | 000,061,903 | ---- | C] () -- C:\Users\X\AppData\Roaming\userenv.xml.urlencode
[2012.04.18 20:59:14 | 000,045,291 | ---- | C] () -- C:\Users\X\AppData\Roaming\userenv.xml
[2012.04.16 20:12:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.16 20:12:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.16 20:12:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.16 20:12:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.16 20:12:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.15 18:00:14 | 000,001,568 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.03.18 16:07:19 | 000,000,022 | -HS- | C] () -- C:\Users\X\AppData\Roaming\Sys2662.Config.Repository.bin
[2012.03.17 23:04:10 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012.02.03 13:40:45 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.01.08 20:52:13 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2012.01.05 13:50:50 | 000,000,000 | ---- | C] () -- C:\Users\X\AppData\Local\{1516ADB7-E396-4C6C-AC8F-46E40F5C290B}
[2011.12.04 15:52:52 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.11.17 22:46:07 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011.11.13 20:50:49 | 000,000,070 | ---- | C] () -- C:\Windows\systems.dat
[2011.11.13 12:13:20 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2011.10.24 15:32:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.09.05 22:01:56 | 000,028,672 | ---- | C] () -- C:\Windows\lmunin2.exe
[2011.09.02 20:29:15 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.09.01 15:26:55 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.08.21 23:18:56 | 000,004,096 | -H-- | C] () -- C:\Users\X\AppData\Local\keyfile3.drm
[2011.08.16 19:56:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.06.01 20:42:47 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2011.06.01 20:42:47 | 000,090,784 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2011.05.31 22:11:45 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2011.05.31 22:09:16 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011.02.23 18:48:17 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
[2011.02.19 19:20:25 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.10.20 18:57:55 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2010.10.06 15:54:13 | 000,000,543 | ---- | C] () -- C:\Windows\Sonic3K.INI
[2010.10.02 19:39:14 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2010.09.23 19:58:29 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2010.09.10 17:21:54 | 000,000,024 | ---- | C] () -- C:\Users\X\AppData\Local\Images.fl
[2010.09.05 20:16:04 | 000,081,920 | ---- | C] () -- C:\Users\X\AppData\Roaming\ezpinst.exe
[2010.09.05 19:47:04 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.09.01 17:22:23 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2010.08.26 17:00:40 | 000,000,455 | ---- | C] () -- C:\ProgramData\V2SData.data
[2010.08.10 13:30:10 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.10 13:30:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010.07.26 20:16:12 | 000,000,035 | ---- | C] () -- C:\Windows\Worldbuilder.INI
[2010.07.16 20:35:18 | 000,299,008 | ---- | C] () -- C:\Windows\Uninstall_tkexe.exe
[2010.07.14 15:57:56 | 000,023,056 | ---- | C] () -- C:\Windows\System32\Pkwdcl.dll
[2010.07.09 23:23:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.05.29 21:10:26 | 000,000,164 | ---- | C] () -- C:\Windows\spidla.INI
[2010.05.27 21:29:38 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.05.22 22:58:47 | 000,000,443 | ---- | C] () -- C:\Users\X\AppData\Roaming\ImageTuner.ini
========== LOP Check ==========
[2012.05.08 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Ashampoo
[2011.12.16 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Audacity
[2011.12.21 21:31:47 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\AVG
[2011.07.14 09:23:54 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\AVG10
[2011.11.06 10:08:43 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\avidemux
[2012.05.09 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\BANDISOFT
[2012.04.28 23:07:27 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\CAD-KAS
[2012.03.19 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Canneverbe Limited
[2012.05.06 12:37:28 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Downloaded Installations
[2012.04.02 17:04:18 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\f-secure
[2012.05.06 22:34:35 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\GetRightToGo
[2012.03.17 22:25:17 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\My Battle for Middle-earth Files
[2012.04.15 14:17:41 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\NeoSoftTools
[2012.05.06 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Nitro PDF
[2012.05.08 18:31:49 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PhotoScape
[2011.12.04 20:59:20 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Product_PT
[2011.11.28 21:43:05 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Product_RM
[2010.08.07 22:02:09 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ProgSense
[2012.03.19 20:34:50 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\QuickScan
[2011.04.02 21:32:30 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Shape games
[2011.11.14 22:20:18 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\SoftGrid Client
[2012.04.18 20:59:20 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\spotmau
[2012.04.28 22:03:35 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Systweak
[2011.12.04 21:20:36 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\TestApp
[2012.05.09 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\TP
[2011.09.11 11:06:47 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\VitySoft
[2012.01.31 23:24:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Vso
[2010.08.25 07:43:59 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\XMedia Recode
[2012.04.17 12:38:41 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.08.05 23:27:15 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\ERDNT\cache\tcpip.sys
[2011.08.05 23:27:15 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\System32\drivers\tcpip.sys
[2011.08.05 23:27:15 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.08.05 23:27:15 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.04.09 09:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2010.04.09 09:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
[2011.08.05 23:27:15 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011.08.05 23:27:15 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2011.06.21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2011.06.21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011.06.21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0b30e03e0b28039a1089fe220cf3cedd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0b30e03e0b28039a1089fe220cf3cedd\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.04.19 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Adobe
[2012.02.02 18:19:25 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ArcSoft
[2012.05.08 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Ashampoo
[2012.05.06 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Aspell
[2011.12.16 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Audacity
[2011.12.21 21:31:47 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\AVG
[2011.07.14 09:23:54 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\AVG10
[2011.11.06 10:08:43 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\avidemux
[2012.05.09 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\BANDISOFT
[2012.04.28 23:07:27 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\CAD-KAS
[2012.03.19 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Canneverbe Limited
[2012.05.06 12:37:28 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Downloaded Installations
[2012.04.02 17:04:18 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\f-secure
[2010.07.13 22:12:25 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\FastStone
[2012.05.06 22:34:35 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\GetRightToGo
[2012.02.26 17:09:33 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Macromedia
[2012.03.25 20:50:44 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Malwarebytes
[2012.04.12 20:21:17 | 000,000,000 | --SD | M] -- C:\Users\X\AppData\Roaming\Microsoft
[2012.03.17 22:25:17 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\My Battle for Middle-earth Files
[2012.04.15 14:17:41 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\NeoSoftTools
[2012.02.04 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Nero
[2012.05.06 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Nitro PDF
[2011.08.22 23:50:13 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\NVIDIA
[2012.05.08 18:31:49 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PhotoScape
[2011.12.04 20:59:20 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Product_PT
[2011.11.28 21:43:05 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Product_RM
[2010.08.07 22:02:09 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ProgSense
[2012.03.19 20:34:50 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\QuickScan
[2011.04.02 21:32:30 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Shape games
[2011.11.14 22:20:18 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\SoftGrid Client
[2012.04.18 20:59:20 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\spotmau
[2012.04.28 22:03:35 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Systweak
[2011.12.04 21:20:36 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\TestApp
[2012.05.09 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\TP
[2011.09.11 11:06:47 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\VitySoft
[2012.01.31 23:24:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Vso
[2011.09.13 17:50:37 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\WinRAR
[2010.08.25 07:43:59 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\XMedia Recode
< %APPDATA%\*.exe /s >
[2010.09.05 20:16:14 | 000,081,920 | ---- | M] () -- C:\Users\X\AppData\Roaming\ezpinst.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
< %systemroot%\Tasks\*.job >
[2012.04.06 12:53:39 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.05.10 15:17:44 | 000,014,032 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.10 15:17:44 | 000,014,032 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.10 15:09:47 | 000,862,909 | ---- | M] () -- C:\Windows\system32\oodbs.lor
[2012.05.10 15:14:46 | 001,682,444 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.05.10 15:14:46 | 001,604,168 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.05.10 15:14:46 | 005,128,276 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.05.10 15:14:46 | 002,323,152 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.05.10 15:14:46 | 000,005,240 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
"Seznam Postak" = "C:\Program Files\Seznam.cz\postak.exe" -s -- [2011.05.25 10:00:02 | 000,491,040 | ---- | M] ()
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.05.10 15:47:14 | 000,000,512 | ---- | M] () MD5=C049C033301B2C8AAD8F77D6C93D79AD -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
[2012.05.08 10:28:46 | 000,001,210 | ---- | M] () -- \Users\X\AppData\Roaming\Microsoft\Windows\Recent\O&O.Software.2012.All.Product.keygen-AoRE (2).lnk
[2012.05.08 10:21:47 | 000,001,312 | ---- | M] () -- \Users\X\AppData\Roaming\Microsoft\Windows\Recent\O&O.Software.2012.All.Product.keygen-AoRE.lnk
[2012.05.08 10:07:33 | 000,000,777 | ---- | M] () -- \Users\X\AppData\Roaming\Microsoft\Windows\Recent\[www.indowebster.com]-O-amp-O_Defrag_Pro_Keygen__by_AntaAlz.lnk
< *loader* /s >
[2009.05.31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2012.03.30 16:03:44 | 000,430,080 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Facebook\ZPSPluginLoader.exe
[2012.03.30 16:14:22 | 000,444,416 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 15:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Flickr\ZPSPluginLoader.exe
[2011.03.08 18:09:04 | 000,194,048 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Plugins\Picasa\ZPSPluginLoader.exe
[2012.03.26 16:05:34 | 000,102,792 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Program32\8bfLoader.exe
[2012.03.26 16:05:48 | 000,016,776 | ---- | M] () -- \Program Files\Zoner\Photo Studio 14\Program32\WICLoader.exe
[2012.05.09 08:36:34 | 000,002,364 | ---- | M] () -- \Users\X\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FX5CLXX4\loader[1].gif
[2012.05.10 10:47:34 | 000,003,783 | ---- | M] () -- \Users\X\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FX5CLXX4\loader[1].js
[2012.05.10 10:50:53 | 000,000,673 | ---- | M] () -- \Users\X\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J221TG2V\loader.white[1].gif
[2012.05.09 19:09:02 | 000,002,475 | ---- | M] () -- \Users\X\AppData\Roaming\Microsoft\Windows\Recent\iWisoft Free Video Downloader.lnk
[2009.07.14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2011.08.05 23:24:16 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011.12.10 20:01:54 | 000,003,530 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 10:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 10:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 10:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2010.02.03 13:30:09 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2010.02.03 13:30:09 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2010.02.03 13:30:09 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 10:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:39 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:16 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.05 23:24:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:42D9E231
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:6020C786
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:58D8F144
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:56E2E879
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:890CC2F3
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:ECF54A0E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:661DFA1C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:553CA6CA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:0D786AE3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
-
Milan12300
- Návštěvník
- Příspěvky: 64
- Registrován: 13 led 2012 21:41
Re: Prosím o kontrolu
OTL Extras logfile created on: 10.5.2012 15:45:00 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\X\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,47% Memory free
5,00 Gb Paging File | 4,25 Gb Available in Paging File | 85,12% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 42,09 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
Computer Name: X-PC | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\WinHlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\WinHlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058399B6-BA6D-4FFC-823C-83A0E06CF052}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07240AC8-DFC0-4EDF-B2A1-4C11CF317157}" = rport=138 | protocol=17 | dir=out | app=system |
"{07BDB3D5-8850-42FA-B2C8-F56904E890B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EA0C8AE-8799-4FFD-8FCF-8C57FA476853}" = lport=54235 | protocol=6 | dir=in | name=akamai netsession interface |
"{24DC56D1-6E61-435A-9E18-5AEE5707DE04}" = rport=137 | protocol=17 | dir=out | app=system |
"{2918AD83-6327-45A4-BFF6-A04920518EDA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2D58EE4F-FC06-48B9-BD86-2B5C462DD30B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F85013B-8E0D-44EE-93D4-55DD2F593E62}" = rport=445 | protocol=6 | dir=out | app=system |
"{5409C9E8-FAC3-4194-9498-8C10A349043F}" = lport=138 | protocol=17 | dir=in | app=system |
"{68C9066B-CAB1-4F04-8D51-B6E7B73733B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BA26581-D6BA-4F2A-B53C-0B942116A3C7}" = lport=137 | protocol=17 | dir=in | app=system |
"{782FC95B-52A6-408B-883E-D4E2E2110264}" = lport=139 | protocol=6 | dir=in | app=system |
"{80667420-B988-4408-AEA9-02A56C77FBFC}" = rport=139 | protocol=6 | dir=out | app=system |
"{8BC520E0-98C2-48D1-A5F2-1615A445ABD4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8DB6E8B0-AE23-4D91-9F48-700616C49F0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9902218F-A657-48F3-AE76-948037D44CCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9097A8F-00C0-42DA-9A28-E8ACA5763C3B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |
"{BC57CCD6-0998-497B-A9E8-2139D7A8E043}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8B21EDD-7353-4103-9C79-34A151A62912}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD96231E-11D0-479C-8C37-7FB97A4C510D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DEA5B1BF-D579-4D4C-9E68-9C0E02271A44}" = lport=445 | protocol=6 | dir=in | app=system |
"{E1B753FF-0CD9-4F60-84D9-CE32B349EF48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E9841B9C-5FA6-4F3D-9D1B-610707BEB66E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB86E670-06DD-4534-9DB7-F8AD89E6250A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F9A3D4A-4FAE-4473-8EC2-3DC81865037F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{29BC56BE-7E3F-4E7E-837A-25B1F3886BD7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{30523847-4CB8-4657-A74C-407C83084191}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50AAD6F7-57C6-4518-8F10-7B6DABFD7719}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{53245E21-2546-4BAA-B2D7-F7AB04281E45}" = protocol=6 | dir=out | app=system |
"{538A5C66-C1EE-4F50-935A-675E92EC3008}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BCD7936-F026-4197-B360-E57618540636}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E6C5810-949D-4C2B-9D88-F22F62568429}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82AE5B80-57AE-4794-AE4E-F7A0CA0B7522}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B0C22BC-E7EC-439B-BBEE-F89766830DE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE7C605B-1C1C-4889-AA8C-F2BB807930EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1A6F537-2DFD-404B-AB6A-3BD702BE7B4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B431BCC0-8297-4653-92FA-07F7762FB3C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C632B98C-174E-4D22-A14C-4EAE426495C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8735E69-6060-4F39-BF5C-747F923D548D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF9C8018-9E2E-462B-80BC-EE9C25A5D5D4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{319A5BF8-706E-4049-A82B-65C1E18A7B22}C:\program files\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files\flatout2\flatout2.exe |
"TCP Query User{350225F1-0A3A-4205-A4AA-9232D2327746}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{3B93226D-23C3-482C-BDD0-EA09894E2331}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{50BED2FA-1939-415D-946F-C4B0E91A5A2A}C:\program files\winfast\wfdtv\liveupdate\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files\winfast\wfdtv\liveupdate\liveupdate.exe |
"TCP Query User{6FEB32D7-2CB4-406F-A8F2-5998D623DADC}C:\Program Files\Java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{55AF3F0B-57AE-473A-8F91-FC2BEA42BE5A}C:\Program Files\Java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{56E723A6-3E70-4D2B-B665-DE1F826BEE7A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A0219DCE-85AF-4721-94D8-1085F0E4E66C}C:\program files\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files\flatout2\flatout2.exe |
"UDP Query User{AD0F4137-06BF-4733-B98E-1791187BD70B}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{C3FF44A6-F104-4AF5-9073-C679D6AA6F4E}C:\program files\winfast\wfdtv\liveupdate\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files\winfast\wfdtv\liveupdate\liveupdate.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24CD85A3-6562-4C24-8257-27826C7CF7FE}" = O&O Defrag Professional
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3F7D5D-8A53-4A7C-B6DA-22DD1212EB55}" = Internet Explorer
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BE802A6E-7F0D-4333-B45E-80F06C4DC59C}}_is1" = MP3Test
"{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1" = FlatOut2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Ashampoo Registry Cleaner_is1" = Ashampoo Registry Cleaner v.1.00
"avast" = avast! Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DVD Shrink_is1" = DVD Shrink 3.2
"FastStone Capture" = FastStone Capture 7.0
"FileHippo.com" = FileHippo.com Update Checker
"FormatFactory" = FormatFactory 2.95
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"szn-software-postak" = Seznam Pošťák (Všichni uživatelé tohoto počítače.)
"The KMPlayer" = The KMPlayer (remove only)
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"ZonerPhotoStudio14_CZ_is1" = Zoner Photo Studio 14
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9.5.2012 13:09:04 | Computer Name = X-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10.5.2012 00:39:59 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 00:40:00 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 00:40:00 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
Error - 10.5.2012 03:01:35 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 03:01:36 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 03:01:36 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
Error - 10.5.2012 09:14:42 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 09:14:42 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 09:14:42 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
[ OSession Events ]
Error - 4.8.2010 15:39:40 | Computer Name = X-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 398
seconds with 360 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10.5.2012 00:36:14 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058
Error - 10.5.2012 02:56:27 | Computer Name = X-PC | Source = APPHOSTSVC | ID = 9010
Description =
Error - 10.5.2012 02:56:32 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru,
která neuspěla při spuštění v důsledku následující chyby: %%1058
Error - 10.5.2012 02:57:03 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058
Error - 10.5.2012 02:57:03 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058
Error - 10.5.2012 09:10:16 | Computer Name = X-PC | Source = APPHOSTSVC | ID = 9010
Description =
Error - 10.5.2012 09:10:20 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru,
která neuspěla při spuštění v důsledku následující chyby: %%1058
Error - 10.5.2012 09:11:02 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058
Error - 10.5.2012 09:21:27 | Computer Name = X-PC | Source = DCOM | ID = 10005
Description =
Error - 10.5.2012 09:21:27 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru,
která neuspěla při spuštění v důsledku následující chyby: %%1058
[ TuneUp Events ]
Error - 22.8.2011 18:28:04 | Computer Name = X-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.8.2011 18:53:27 | Computer Name = X-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.8.2011 18:56:15 | Computer Name = X-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 3.9.2011 07:56:16 | Computer Name = X-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\X\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,47% Memory free
5,00 Gb Paging File | 4,25 Gb Available in Paging File | 85,12% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 42,09 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
Computer Name: X-PC | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\WinHlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\WinHlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058399B6-BA6D-4FFC-823C-83A0E06CF052}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07240AC8-DFC0-4EDF-B2A1-4C11CF317157}" = rport=138 | protocol=17 | dir=out | app=system |
"{07BDB3D5-8850-42FA-B2C8-F56904E890B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EA0C8AE-8799-4FFD-8FCF-8C57FA476853}" = lport=54235 | protocol=6 | dir=in | name=akamai netsession interface |
"{24DC56D1-6E61-435A-9E18-5AEE5707DE04}" = rport=137 | protocol=17 | dir=out | app=system |
"{2918AD83-6327-45A4-BFF6-A04920518EDA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2D58EE4F-FC06-48B9-BD86-2B5C462DD30B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F85013B-8E0D-44EE-93D4-55DD2F593E62}" = rport=445 | protocol=6 | dir=out | app=system |
"{5409C9E8-FAC3-4194-9498-8C10A349043F}" = lport=138 | protocol=17 | dir=in | app=system |
"{68C9066B-CAB1-4F04-8D51-B6E7B73733B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BA26581-D6BA-4F2A-B53C-0B942116A3C7}" = lport=137 | protocol=17 | dir=in | app=system |
"{782FC95B-52A6-408B-883E-D4E2E2110264}" = lport=139 | protocol=6 | dir=in | app=system |
"{80667420-B988-4408-AEA9-02A56C77FBFC}" = rport=139 | protocol=6 | dir=out | app=system |
"{8BC520E0-98C2-48D1-A5F2-1615A445ABD4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8DB6E8B0-AE23-4D91-9F48-700616C49F0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9902218F-A657-48F3-AE76-948037D44CCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9097A8F-00C0-42DA-9A28-E8ACA5763C3B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |
"{BC57CCD6-0998-497B-A9E8-2139D7A8E043}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8B21EDD-7353-4103-9C79-34A151A62912}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD96231E-11D0-479C-8C37-7FB97A4C510D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DEA5B1BF-D579-4D4C-9E68-9C0E02271A44}" = lport=445 | protocol=6 | dir=in | app=system |
"{E1B753FF-0CD9-4F60-84D9-CE32B349EF48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E9841B9C-5FA6-4F3D-9D1B-610707BEB66E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB86E670-06DD-4534-9DB7-F8AD89E6250A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F9A3D4A-4FAE-4473-8EC2-3DC81865037F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{29BC56BE-7E3F-4E7E-837A-25B1F3886BD7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{30523847-4CB8-4657-A74C-407C83084191}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50AAD6F7-57C6-4518-8F10-7B6DABFD7719}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{53245E21-2546-4BAA-B2D7-F7AB04281E45}" = protocol=6 | dir=out | app=system |
"{538A5C66-C1EE-4F50-935A-675E92EC3008}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BCD7936-F026-4197-B360-E57618540636}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E6C5810-949D-4C2B-9D88-F22F62568429}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82AE5B80-57AE-4794-AE4E-F7A0CA0B7522}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B0C22BC-E7EC-439B-BBEE-F89766830DE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE7C605B-1C1C-4889-AA8C-F2BB807930EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1A6F537-2DFD-404B-AB6A-3BD702BE7B4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B431BCC0-8297-4653-92FA-07F7762FB3C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C632B98C-174E-4D22-A14C-4EAE426495C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8735E69-6060-4F39-BF5C-747F923D548D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF9C8018-9E2E-462B-80BC-EE9C25A5D5D4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{319A5BF8-706E-4049-A82B-65C1E18A7B22}C:\program files\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files\flatout2\flatout2.exe |
"TCP Query User{350225F1-0A3A-4205-A4AA-9232D2327746}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{3B93226D-23C3-482C-BDD0-EA09894E2331}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{50BED2FA-1939-415D-946F-C4B0E91A5A2A}C:\program files\winfast\wfdtv\liveupdate\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files\winfast\wfdtv\liveupdate\liveupdate.exe |
"TCP Query User{6FEB32D7-2CB4-406F-A8F2-5998D623DADC}C:\Program Files\Java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{55AF3F0B-57AE-473A-8F91-FC2BEA42BE5A}C:\Program Files\Java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{56E723A6-3E70-4D2B-B665-DE1F826BEE7A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A0219DCE-85AF-4721-94D8-1085F0E4E66C}C:\program files\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files\flatout2\flatout2.exe |
"UDP Query User{AD0F4137-06BF-4733-B98E-1791187BD70B}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{C3FF44A6-F104-4AF5-9073-C679D6AA6F4E}C:\program files\winfast\wfdtv\liveupdate\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files\winfast\wfdtv\liveupdate\liveupdate.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24CD85A3-6562-4C24-8257-27826C7CF7FE}" = O&O Defrag Professional
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3F7D5D-8A53-4A7C-B6DA-22DD1212EB55}" = Internet Explorer
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BE802A6E-7F0D-4333-B45E-80F06C4DC59C}}_is1" = MP3Test
"{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1" = FlatOut2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Ashampoo Registry Cleaner_is1" = Ashampoo Registry Cleaner v.1.00
"avast" = avast! Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DVD Shrink_is1" = DVD Shrink 3.2
"FastStone Capture" = FastStone Capture 7.0
"FileHippo.com" = FileHippo.com Update Checker
"FormatFactory" = FormatFactory 2.95
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"szn-software-postak" = Seznam Pošťák (Všichni uživatelé tohoto počítače.)
"The KMPlayer" = The KMPlayer (remove only)
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"ZonerPhotoStudio14_CZ_is1" = Zoner Photo Studio 14
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3887554259-2600576739-1838076180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9.5.2012 13:09:04 | Computer Name = X-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\system32\conhost.exe se
nezdařilo. Závislé sestavení Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10.5.2012 00:39:59 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 00:40:00 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 00:40:00 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
Error - 10.5.2012 03:01:35 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 03:01:36 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 03:01:36 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
Error - 10.5.2012 09:14:42 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 09:14:42 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.
Error - 10.5.2012 09:14:42 | Computer Name = X-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.
[ OSession Events ]
Error - 4.8.2010 15:39:40 | Computer Name = X-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 398
seconds with 360 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10.5.2012 00:36:14 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058
Error - 10.5.2012 02:56:27 | Computer Name = X-PC | Source = APPHOSTSVC | ID = 9010
Description =
Error - 10.5.2012 02:56:32 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru,
která neuspěla při spuštění v důsledku následující chyby: %%1058
Error - 10.5.2012 02:57:03 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058
Error - 10.5.2012 02:57:03 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058
Error - 10.5.2012 09:10:16 | Computer Name = X-PC | Source = APPHOSTSVC | ID = 9010
Description =
Error - 10.5.2012 09:10:20 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru,
která neuspěla při spuštění v důsledku následující chyby: %%1058
Error - 10.5.2012 09:11:02 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Zprostředkovatel domácích skupin závisí na službě Hostitel
poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující
chyby: %%1058
Error - 10.5.2012 09:21:27 | Computer Name = X-PC | Source = DCOM | ID = 10005
Description =
Error - 10.5.2012 09:21:27 | Computer Name = X-PC | Source = Service Control Manager | ID = 7001
Description = Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru,
která neuspěla při spuštění v důsledku následující chyby: %%1058
[ TuneUp Events ]
Error - 22.8.2011 18:28:04 | Computer Name = X-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.8.2011 18:53:27 | Computer Name = X-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.8.2011 18:56:15 | Computer Name = X-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 3.9.2011 07:56:16 | Computer Name = X-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Re: Prosím o kontrolu
Pomoc s vasim PC musim na zaklade platnych pravidel fora odmitnout - nelegalnimi OS se tu nezabyvame...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?