prosim o kontrolu logu, laptop mi nekdy uplne zamrzne, ze jej musim nasilne vypnout a znovu zapnout. vrele dekuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-05-10 20:36:52
Microsoft Windows 7 Ultimate
System drive C: has 12 GB (8%) free of 153 GB
Total RAM: 2038 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:47, on 10/05/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Common Files\Lingea Shared\luc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Telia mobile broadband\Telia mobile broadband.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\prevhost.exe
C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE
C:\Users\Admin\Downloads\RSIT(1).exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://eic.lgservice.com/DjvuViewer/DjV ... -6.1.4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6D40066-737D-4CAE-BD3B-7ECD1475643E}: NameServer = 195.67.199.18 195.67.199.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6483 bytes
======Scheduled tasks folder======
C:\Windows\tasks\PCConfidential.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default
prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.bbc.com"
prefs.js - "extensions.enabledItems" - "anttoolbar@ant.com:2.3.0, engine@conduit.com:3.3.3.2, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://www.google.com/search?q="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@se.nexus/Personal]
"Description"=
"Path"=C:\Program Files\Personal\bin\np_prsnl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=Software602 Form Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
amazon-en-GB.xml
bing.xml
chambers-en-GB.xml
eBay-en-GB.xml
google.xml
twitter.xml
wikipedia.xml
yahoo-en-GB.xml
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\
anttoolbar@ant.com
engine@conduit.com
info@thebflix.com
{EEE6C361-6118-11DC-9C72-001320C79847}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\
icq-search.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin.xml
mapycz.xml
sfd.xml
sweetim.xml
youtube-video-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-27 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-27 42272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2012-03-07 4241512]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BankID Security Application.lnk - C:\Program Files\Personal\bin\Personal.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Lingea Update Center.lnk - C:\Program Files\Common Files\Lingea Shared\luc.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-05-03 21:46:44 ----D---- C:\ProgramData\Mozilla
2012-05-03 21:46:43 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-04-20 09:26:40 ----D---- C:\Program Files\Common Files\Skype
2012-04-17 13:25:11 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-17 13:25:10 ----A---- C:\Windows\system32\iertutil.dll
2012-04-17 13:25:09 ----A---- C:\Windows\system32\jscript9.dll
2012-04-17 13:25:09 ----A---- C:\Windows\system32\jscript.dll
2012-04-17 13:25:07 ----A---- C:\Windows\system32\wininet.dll
2012-04-17 13:25:07 ----A---- C:\Windows\system32\url.dll
2012-04-17 13:25:07 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-17 13:25:06 ----A---- C:\Windows\system32\ieui.dll
2012-04-17 13:25:05 ----A---- C:\Windows\system32\urlmon.dll
2012-04-17 13:25:03 ----A---- C:\Windows\system32\ieframe.dll
2012-04-17 13:25:01 ----A---- C:\Windows\system32\mshtml.dll
2012-04-17 13:23:07 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-17 13:23:06 ----A---- C:\Windows\system32\wmi.dll
2012-04-17 13:23:05 ----A---- C:\Windows\system32\wintrust.dll
2012-04-17 13:23:04 ----A---- C:\Windows\system32\imagehlp.dll
======List of files/folders modified in the last 1 month======
2012-05-10 20:37:09 ----D---- C:\Windows\Prefetch
2012-05-10 20:37:05 ----D---- C:\Windows\Temp
2012-05-10 20:37:01 ----D---- C:\Program Files\trend micro
2012-05-10 20:36:20 ----D---- C:\Windows\System32
2012-05-10 20:36:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-10 20:05:06 ----D---- C:\Windows\tracing
2012-05-10 19:19:45 ----D---- C:\Windows\system32\config
2012-05-10 19:09:23 ----D---- C:\Windows\system32\catroot
2012-05-10 19:09:20 ----D---- C:\Windows\system32\catroot2
2012-05-10 19:09:03 ----D---- C:\Windows\winsxs
2012-05-09 11:30:34 ----SHD---- C:\System Volume Information
2012-05-08 23:42:01 ----D---- C:\Users\Admin\AppData\Roaming\602Installer
2012-05-08 23:14:40 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2012-05-03 21:47:33 ----D---- C:\Program Files\Mozilla Firefox
2012-05-03 21:46:44 ----HD---- C:\ProgramData
2012-05-03 21:46:43 ----RD---- C:\Program Files
2012-04-20 09:27:31 ----SHD---- C:\Windows\Installer
2012-04-20 09:27:29 ----SHD---- C:\Config.Msi
2012-04-20 09:27:21 ----RD---- C:\Program Files\Skype
2012-04-20 09:26:40 ----D---- C:\Program Files\Common Files
2012-04-20 09:26:31 ----D---- C:\ProgramData\Skype
2012-04-17 14:37:04 ----D---- C:\Windows\system32\migration
2012-04-17 14:37:03 ----D---- C:\Windows\system32\drivers
2012-04-17 14:37:03 ----D---- C:\Program Files\Internet Explorer
2012-04-17 13:25:58 ----D---- C:\ProgramData\Microsoft Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-07 44376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-07 103168]
R3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\Windows\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\Windows\system32\DRIVERS\adiusbaw.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393216]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G60I32.sys [2009-07-14 118784]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 Tdsshbecr;Handelsbanken card reader; C:\Windows\system32\DRIVERS\shbecr.sys [2008-09-23 42368]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-03-07 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-27 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe []
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zamrzavani laptopu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Blanka yahoo
- Návštěvník
- Příspěvky: 346
- Registrován: 02 úno 2006 13:03
Re: zamrzavani laptopu
prosim, slo by se mi podivat na log?, dekuji vrele.
Re: zamrzavani laptopu
Zdravim 
Slo by to, ale je treba chvili vydrzet. Tim, ze jste si sama odpovedela, jste si malem pomoc spis oddalila, protoze obvykle hledame temata bez odpovedi
System mate legalni? Windows 7 Ultimate neni zrovna standardni domaci verze
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Vecer to prohlednu
Slo by to, ale je treba chvili vydrzet. Tim, ze jste si sama odpovedela, jste si malem pomoc spis oddalila, protoze obvykle hledame temata bez odpovedi
System mate legalni? Windows 7 Ultimate neni zrovna standardni domaci verze
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Vecer to prohlednu
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Blanka yahoo
- Návštěvník
- Příspěvky: 346
- Registrován: 02 úno 2006 13:03
Re: zamrzavani laptopu
tady je otl1
OTL logfile created on: 11/05/2012 15:10:07 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Admin\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.77% Memory free
3.98 Gb Paging File | 2.57 Gb Available in Paging File | 64.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 12.70 Gb Free Space | 8.53% Space Free | Partition Type: NTFS
Drive E: | 14.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 100.00 Mb Total Space | 69.77 Mb Free Space | 69.77% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/11 15:05:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/05/03 21:46:38 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/12/04 23:32:32 | 001,088,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
PRC - [2011/11/01 12:22:13 | 000,114,688 | ---- | M] () -- C:\Program Files\Telia mobile broadband\Telia mobile broadband.exe
PRC - [2011/03/14 10:59:40 | 000,084,520 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2010/10/18 15:28:09 | 000,275,736 | ---- | M] (Lingea) -- C:\Program Files\Common Files\Lingea Shared\luc.exe
PRC - [2010/03/25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/03 21:46:36 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/29 08:43:37 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/01 12:22:13 | 000,114,688 | ---- | M] () -- C:\Program Files\Telia mobile broadband\Telia mobile broadband.exe
MOD - [2010/04/26 15:37:36 | 000,159,744 | ---- | M] () -- C:\Program Files\Telia mobile broadband\SMSPlugin.dll
MOD - [2010/04/26 15:37:36 | 000,061,440 | ---- | M] () -- C:\Program Files\Telia mobile broadband\XCodec.dll
MOD - [2010/04/26 15:37:34 | 000,155,648 | ---- | M] () -- C:\Program Files\Telia mobile broadband\DetectDev.dll
MOD - [2010/04/26 15:37:34 | 000,139,264 | ---- | M] () -- C:\Program Files\Telia mobile broadband\LocaleMgrPlugin.dll
MOD - [2010/04/26 15:37:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Telia mobile broadband\FileManager.dll
MOD - [2010/04/26 15:37:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Telia mobile broadband\DialUpPlugin.dll
MOD - [2010/04/26 15:37:34 | 000,061,440 | ---- | M] () -- C:\Program Files\Telia mobile broadband\DeviceOperate.dll
MOD - [2010/04/26 15:37:34 | 000,057,344 | ---- | M] () -- C:\Program Files\Telia mobile broadband\ConfigFilePlugin.dll
MOD - [2010/04/26 15:37:34 | 000,032,768 | ---- | M] () -- C:\Program Files\Telia mobile broadband\NotifyServicePlugin.dll
MOD - [2010/04/26 15:37:34 | 000,014,848 | ---- | M] () -- C:\Program Files\Telia mobile broadband\isaputrace.dll
MOD - [2010/04/26 15:37:32 | 000,557,056 | ---- | M] () -- C:\Program Files\Telia mobile broadband\atcomm.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/12/10 12:52:38 | 000,192,512 | ---- | M] () -- C:\Program Files\Telia mobile broadband\DeviceMgrUIPlugin.dll
MOD - [2009/12/10 12:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files\Telia mobile broadband\DeviceMgrPlugin.dll
MOD - [2009/12/10 12:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Telia mobile broadband\NDISAPI.dll
MOD - [2009/09/19 12:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\Telia mobile broadband\NetInfoPlugin.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2012/05/03 21:46:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/14 10:59:40 | 000,084,520 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2010/10/27 17:02:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2012/03/07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/07 20:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/10/12 16:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2008/09/23 01:24:00 | 000,042,368 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\shbecr.sys -- (Tdsshbecr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT1750559
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{3F93FAA4-EAFA-4EA6-A06E-BDC6F86A6379}: "URL" = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT1750559
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.bbc.com"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 21:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/11 09:06:37 | 000,000,000 | ---D | M]
[2012/02/20 22:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012/05/03 21:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions
[2012/02/20 22:55:40 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012/04/26 11:02:31 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2012/05/03 21:47:20 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\anttoolbar@ant.com
[2012/02/20 22:55:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\engine@conduit.com
[2012/02/20 22:55:39 | 000,000,000 | ---D | M] (Bflix) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\info@thebflix.com
[2011/08/18 17:36:10 | 000,002,342 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icq-search.xml
[2011/09/26 12:56:16 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin-1.xml
[2011/07/04 09:45:42 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin-2.xml
[2011/07/04 19:18:16 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin-3.xml
[2011/05/17 23:37:14 | 000,001,056 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin.xml
[2010/11/01 21:12:30 | 000,002,048 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\mapycz.xml
[2010/11/01 21:11:12 | 000,001,692 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\sfd.xml
[2012/02/10 22:12:56 | 000,003,915 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\sweetim.xml
[2010/11/01 20:57:20 | 000,002,057 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\youtube-video-search.xml
[2012/03/02 13:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 09:27:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/10/28 21:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/08/30 14:08:54 | 000,091,556 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1M4MQA5.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2012/05/03 21:46:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/27 00:38:40 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/03 21:46:35 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/03 21:46:35 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/03 21:46:35 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/03 21:46:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/03 21:46:35 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
O1 HOSTS File: ([2010/11/23 13:22:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe (Lingea)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://eic.lgservice.com/DjvuViewer/DjV ... -6.1.4.cab (DjVuCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9155CE4E-0C30-4F6E-A4EC-18101DD71C23}: DhcpNameServer = 10.15.66.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6D40066-737D-4CAE-BD3B-7ECD1475643E}: NameServer = 195.67.199.18 195.67.199.19
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/22 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/18 11:12:34 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{253cba5b-0473-11e1-80be-001f3c06a0e4}\Shell - "" = AutoRun
O33 - MountPoints2\{253cba5b-0473-11e1-80be-001f3c06a0e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{253cba67-0473-11e1-80be-001f3c06a0e4}\Shell - "" = AutoRun
O33 - MountPoints2\{253cba67-0473-11e1-80be-001f3c06a0e4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/22 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{90301f2d-0aa4-11e1-8351-001e3713c601}\Shell - "" = AutoRun
O33 - MountPoints2\{90301f2d-0aa4-11e1-8351-001e3713c601}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/22 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9c81c9f2-3ed6-11e1-8d01-001e330246eb}\Shell - "" = AutoRun
O33 - MountPoints2\{9c81c9f2-3ed6-11e1-8d01-001e330246eb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/22 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2012/05/11 15:05:35 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/05/03 21:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 21:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/20 09:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/20 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/17 13:25:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/17 13:25:09 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/17 13:25:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/17 13:25:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/17 13:25:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/17 13:25:05 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[1 C:\Users\Admin\Desktop\*.tmp files -> C:\Users\Admin\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/11 15:17:19 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/05/11 15:08:02 | 006,887,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/11 15:08:02 | 003,292,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/11 15:05:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/05/11 15:00:18 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 15:00:18 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 15:00:14 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012/05/11 15:00:05 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/05/11 14:59:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/11 14:59:49 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/08 23:41:54 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Software602 Form Filler.lnk
[2012/04/26 10:07:51 | 000,007,598 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2012/04/20 09:26:41 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Users\Admin\Desktop\*.tmp files -> C:\Users\Admin\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/11 15:17:19 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/05/08 23:41:54 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Software602 Form Filler.lnk
[2012/04/20 09:26:41 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/02 21:39:18 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini
[2011/03/30 10:02:52 | 000,000,185 | ---- | C] () -- C:\Windows\pdf2word.INI
[2011/02/02 10:29:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/02 09:24:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/01 22:42:28 | 000,000,074 | ---- | C] () -- C:\Windows\hpsjbmgr.ini
[2010/10/28 17:27:34 | 000,007,598 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2010/10/28 12:51:56 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
========== LOP Check ==========
[2012/05/08 23:42:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\602Installer
[2011/05/20 15:34:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\602XML
[2010/10/28 22:07:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BSplayer
[2010/10/28 14:41:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BSplayer Pro
[2011/12/16 11:20:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EuroTalk
[2010/10/28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FinalTorrent
[2011/04/19 11:03:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2010/10/28 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IObit
[2011/12/04 23:43:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Personal
[2012/03/03 23:39:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2012/02/05 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\YCanPDF
[2012/01/02 12:05:34 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Personal
[2011/07/21 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
[2012/05/11 15:00:14 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2012/04/20 09:06:12 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: IASTORV.SYS >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
< MD5 for: LSASS.EXE >
[2011/11/17 09:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\System32\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2011/11/17 07:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
< MD5 for: NDIS.SYS >
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010/11/20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SMSS.EXE >
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/06/21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011/09/29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2011/09/29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\System32\drivers\tcpip.sys
[2011/09/29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011/09/29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2011/06/21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010/06/14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011/06/21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011/06/21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0f0907625638e61779c31afa67d997dc\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0f0907625638e61779c31afa67d997dc\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\3323b540e4639164992fa12a58f00025\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3323b540e4639164992fa12a58f00025\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\441a08a5516e761cd9a27185f73b14cf\*.tmp files -> C:\Windows\SoftwareDistribution\Download\441a08a5516e761cd9a27185f73b14cf\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\48fd941a3baa949be28788d37c174362\*.tmp files -> C:\Windows\SoftwareDistribution\Download\48fd941a3baa949be28788d37c174362\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\4cf68b12978147d8b47a4efb89a7d89a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\4cf68b12978147d8b47a4efb89a7d89a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp files -> C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\7b629ad3647df5110e89f679b1d63b9a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7b629ad3647df5110e89f679b1d63b9a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a1c4ee866dff66d4490cf8967773ad9a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a1c4ee866dff66d4490cf8967773ad9a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\c06625499f70ca87c201d2feed6e1fde\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c06625499f70ca87c201d2feed6e1fde\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp -> ]
[1 C:\Windows\Temp\_avast_\*.tmp files -> C:\Windows\Temp\_avast_\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012/05/08 23:42:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\602Installer
[2011/05/20 15:34:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\602XML
[2010/10/31 19:39:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2010/10/28 22:07:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BSplayer
[2010/10/28 14:41:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BSplayer Pro
[2012/01/15 21:05:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dvdcss
[2011/12/16 11:20:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EuroTalk
[2010/10/28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FinalTorrent
[2011/04/19 11:03:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2010/10/27 16:51:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2010/10/28 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IObit
[2010/10/28 09:26:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2011/12/03 16:05:47 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2012/02/20 22:46:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2010/11/21 17:25:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nero
[2011/12/04 23:43:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Personal
[2010/11/21 14:34:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Real
[2012/05/08 23:14:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2011/06/22 12:21:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM
[2012/03/03 23:39:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2012/03/18 22:38:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc
[2010/10/28 09:57:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2012/02/05 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\YCanPDF
< %APPDATA%\*.exe /s >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012/05/11 16:30:22 | 000,019,792 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 16:30:22 | 000,019,792 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 15:00:05 | 000,065,536 | ---- | M] () -- C:\Windows\system32\Ikeext.etl
[2012/05/11 15:08:02 | 003,292,012 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012/05/11 15:08:02 | 006,887,748 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012/05/11 15:08:02 | 000,004,706 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012/05/11 15:17:19 | 000,000,512 | ---- | M] () MD5=739D0ADC2D18F3263851AECB48A903F6 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2002/04/02 09:35:16 | 007,662,068 | ---- | M] () -- \Users\Admin\Downloads\sierra leone music\04 bone crack.MP3
< *keygen* /s >
[2010/11/21 16:53:17 | 000,012,656 | ---- | M] () -- \Users\Admin\AppData\Roaming\uTorrent\Nero 10.0 + Serials en Keygen - DivXNL-Team.torrent
[2010/10/28 17:12:51 | 000,017,228 | ---- | M] () -- \Users\Admin\AppData\Roaming\uTorrent\Nero 9.4.26.0+keygen [GR420].torrent
[2010/11/21 16:54:21 | 000,655,872 | ---- | M] () -- \Users\Admin\Downloads\SW\Nero 10.0 + Serials en Keygen - DivXNL-Team\Nero Multimedia Suite 10 - Keygen.exe
< *loader* /s >
[2006/10/26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2009/02/03 00:54:04 | 000,002,352 | ---- | M] () -- \Program Files\SubDownloader2\locale\bg\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,089,102 | ---- | M] () -- \Program Files\SubDownloader2\locale\bg\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,019,778 | ---- | M] () -- \Program Files\SubDownloader2\locale\cs\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,100,066 | ---- | M] () -- \Program Files\SubDownloader2\locale\cs\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,008,555 | ---- | M] () -- \Program Files\SubDownloader2\locale\da\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,095,752 | ---- | M] () -- \Program Files\SubDownloader2\locale\da\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,231 | ---- | M] () -- \Program Files\SubDownloader2\locale\de\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,100,286 | ---- | M] () -- \Program Files\SubDownloader2\locale\de\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,010,215 | ---- | M] () -- \Program Files\SubDownloader2\locale\el\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,099,279 | ---- | M] () -- \Program Files\SubDownloader2\locale\el\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,000,464 | ---- | M] () -- \Program Files\SubDownloader2\locale\en\LC_MESSAGES\subdownloader.mo
[2008/12/09 00:04:34 | 000,078,240 | ---- | M] () -- \Program Files\SubDownloader2\locale\en\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,420 | ---- | M] () -- \Program Files\SubDownloader2\locale\es\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,098,965 | ---- | M] () -- \Program Files\SubDownloader2\locale\es\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,002,061 | ---- | M] () -- \Program Files\SubDownloader2\locale\et\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,093,457 | ---- | M] () -- \Program Files\SubDownloader2\locale\et\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,019,979 | ---- | M] () -- \Program Files\SubDownloader2\locale\eu\LC_MESSAGES\subdownloader.mo
[2008/12/29 16:43:24 | 000,085,703 | ---- | M] () -- \Program Files\SubDownloader2\locale\eu\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,019,960 | ---- | M] () -- \Program Files\SubDownloader2\locale\fi\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,100,808 | ---- | M] () -- \Program Files\SubDownloader2\locale\fi\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,945 | ---- | M] () -- \Program Files\SubDownloader2\locale\fr\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,101,907 | ---- | M] () -- \Program Files\SubDownloader2\locale\fr\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,002,095 | ---- | M] () -- \Program Files\SubDownloader2\locale\gl\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,094,519 | ---- | M] () -- \Program Files\SubDownloader2\locale\gl\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,557 | ---- | M] () -- \Program Files\SubDownloader2\locale\he\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,102,120 | ---- | M] () -- \Program Files\SubDownloader2\locale\he\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,002,058 | ---- | M] () -- \Program Files\SubDownloader2\locale\hr\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,093,955 | ---- | M] () -- \Program Files\SubDownloader2\locale\hr\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,020,277 | ---- | M] () -- \Program Files\SubDownloader2\locale\hu\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,101,464 | ---- | M] () -- \Program Files\SubDownloader2\locale\hu\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,007,714 | ---- | M] () -- \Program Files\SubDownloader2\locale\id\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,094,992 | ---- | M] () -- \Program Files\SubDownloader2\locale\id\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,253 | ---- | M] () -- \Program Files\SubDownloader2\locale\it\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,101,043 | ---- | M] () -- \Program Files\SubDownloader2\locale\it\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,001,560 | ---- | M] () -- \Program Files\SubDownloader2\locale\ja\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,085,662 | ---- | M] () -- \Program Files\SubDownloader2\locale\ja\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,011,179 | ---- | M] () -- \Program Files\SubDownloader2\locale\ko\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,098,248 | ---- | M] () -- \Program Files\SubDownloader2\locale\ko\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,002,459 | ---- | M] () -- \Program Files\SubDownloader2\locale\mk\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,098,455 | ---- | M] () -- \Program Files\SubDownloader2\locale\mk\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,582 | ---- | M] () -- \Program Files\SubDownloader2\locale\nl\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,101,872 | ---- | M] () -- \Program Files\SubDownloader2\locale\nl\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,018,583 | ---- | M] () -- \Program Files\SubDownloader2\locale\pl\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,100,103 | ---- | M] () -- \Program Files\SubDownloader2\locale\pl\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,019,888 | ---- | M] () -- \Program Files\SubDownloader2\locale\pt\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,098,583 | ---- | M] () -- \Program Files\SubDownloader2\locale\pt\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,020,274 | ---- | M] () -- \Program Files\SubDownloader2\locale\pt_BR\LC_MESSAGES\subdownloader.mo
[2008/12/29 16:43:08 | 000,101,196 | ---- | M] () -- \Program Files\SubDownloader2\locale\pt_BR\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,020,390 | ---- | M] () -- \Program Files\SubDownloader2\locale\ro\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,099,436 | ---- | M] () -- \Program Files\SubDownloader2\locale\ro\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,943 | ---- | M] () -- \Program Files\SubDownloader2\locale\ru\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,097,042 | ---- | M] () -- \Program Files\SubDownloader2\locale\ru\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,019,989 | ---- | M] () -- \Program Files\SubDownloader2\locale\sk\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,100,510 | ---- | M] () -- \Program Files\SubDownloader2\locale\sk\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,002,052 | ---- | M] () -- \Program Files\SubDownloader2\locale\sq\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,094,014 | ---- | M] () -- \Program Files\SubDownloader2\locale\sq\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,009,169 | ---- | M] () -- \Program Files\SubDownloader2\locale\sr\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:04 | 000,096,838 | ---- | M] () -- \Program Files\SubDownloader2\locale\sr\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,014,063 | ---- | M] () -- \Program Files\SubDownloader2\locale\sv\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:04 | 000,097,762 | ---- | M] () -- \Program Files\SubDownloader2\locale\sv\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,019,747 | ---- | M] () -- \Program Files\SubDownloader2\locale\vi\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:04 | 000,102,777 | ---- | M] () -- \Program Files\SubDownloader2\locale\vi\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,001,986 | ---- | M] () -- \Program Files\SubDownloader2\locale\zh_TW\LC_MESSAGES\subdownloader.mo
[2008/12/29 16:07:18 | 000,092,714 | ---- | M] () -- \Program Files\SubDownloader2\locale\zh_TW\LC_MESSAGES\subdownloader.po
[2010/03/15 11:28:23 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2010/10/31 00:21:32 | 000,001,862 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\SubDownloader2\SubDownloader2.lnk
[2012/02/29 08:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012/02/29 08:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012/02/23 00:21:39 | 000,001,765 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\adloader.min[1].js
[2012/02/22 12:27:33 | 000,015,520 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\gloader.0.1.6[1].js
[2012/03/01 09:14:09 | 000,004,242 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\uploaderapi2[1].swf
[2012/02/22 13:09:20 | 000,002,067 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\vbulletin_post_loader[1].js
[2012/02/23 00:25:05 | 000,002,037 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\vbulletin_post_loader[2].js
[2012/02/23 00:31:10 | 000,002,081 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\vbulletin_post_loader[3].js
[2012/05/05 23:39:04 | 000,004,240 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DL58CV9V\uploaderapi2[1].swf
[2012/05/05 23:53:51 | 000,008,288 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECBDJ7YT\loader[1].gif
[2010/10/31 01:32:46 | 000,000,158 | ---- | M] () -- \Users\Admin\AppData\Local\VirtualStore\Program Files\SubDownloader2\subdownloader.log
[2012/04/25 00:43:48 | 000,010,145 | ---- | M] () -- \Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\modules\ExternalLibraryLoader.jsm
[2010/10/30 23:45:00 | 000,004,161 | ---- | M] () -- \Users\Admin\AppData\Roaming\uTorrent\SubDownloader v.2.0.7.0-Full-multilanguage by BabyBoy.rar.torrent
[2006/09/19 14:42:57 | 000,010,102 | ---- | M] () -- \Users\Admin\Documents\Work\fs codes\carepack\e-CarePack\Staré\Skrivanek_DLT_LTO Autoloader.htm
[2008/08/14 12:15:50 | 000,008,248 | ---- | M] () -- \Users\Admin\Documents\Work\fs codes\carepack\e-CarePack\Staré\TBWA_UA701PE_LTO-autoloader.htm
[2008/08/18 09:56:05 | 000,001,208 | ---- | M] () -- \Users\Admin\Documents\Work\fs codes\carepack\e-CarePack\Staré\TBWA_UA701PE_LTO-autoloader.txt
[2009/07/10 09:16:34 | 010,861,954 | ---- | M] () -- \Users\Admin\Downloads\SW\SubDownloader-2.0.7.0 Full\SubDownloader-2.0.9.3.exe
[2010/10/31 00:21:32 | 000,001,862 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\SubDownloader2\SubDownloader2.lnk
[2012/02/29 08:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012/02/29 08:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2010/10/27 17:11:17 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2010/11/20 07:28:20 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_178685823786d34d.manifest
[2010/11/20 07:38:52 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_d8268e5f2967c990.manifest
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2009/11/11 07:42:09 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/11/11 07:42:09 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2009/11/11 07:42:09 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010/11/20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/02 07:45:50 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:47:28 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:15:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 08:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
OTL logfile created on: 11/05/2012 15:10:07 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Admin\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.77% Memory free
3.98 Gb Paging File | 2.57 Gb Available in Paging File | 64.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 12.70 Gb Free Space | 8.53% Space Free | Partition Type: NTFS
Drive E: | 14.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 100.00 Mb Total Space | 69.77 Mb Free Space | 69.77% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/11 15:05:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/05/03 21:46:38 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/12/04 23:32:32 | 001,088,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
PRC - [2011/11/01 12:22:13 | 000,114,688 | ---- | M] () -- C:\Program Files\Telia mobile broadband\Telia mobile broadband.exe
PRC - [2011/03/14 10:59:40 | 000,084,520 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2010/10/18 15:28:09 | 000,275,736 | ---- | M] (Lingea) -- C:\Program Files\Common Files\Lingea Shared\luc.exe
PRC - [2010/03/25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/03 21:46:36 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/29 08:43:37 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/01 12:22:13 | 000,114,688 | ---- | M] () -- C:\Program Files\Telia mobile broadband\Telia mobile broadband.exe
MOD - [2010/04/26 15:37:36 | 000,159,744 | ---- | M] () -- C:\Program Files\Telia mobile broadband\SMSPlugin.dll
MOD - [2010/04/26 15:37:36 | 000,061,440 | ---- | M] () -- C:\Program Files\Telia mobile broadband\XCodec.dll
MOD - [2010/04/26 15:37:34 | 000,155,648 | ---- | M] () -- C:\Program Files\Telia mobile broadband\DetectDev.dll
MOD - [2010/04/26 15:37:34 | 000,139,264 | ---- | M] () -- C:\Program Files\Telia mobile broadband\LocaleMgrPlugin.dll
MOD - [2010/04/26 15:37:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Telia mobile broadband\FileManager.dll
MOD - [2010/04/26 15:37:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Telia mobile broadband\DialUpPlugin.dll
MOD - [2010/04/26 15:37:34 | 000,061,440 | ---- | M] () -- C:\Program Files\Telia mobile broadband\DeviceOperate.dll
MOD - [2010/04/26 15:37:34 | 000,057,344 | ---- | M] () -- C:\Program Files\Telia mobile broadband\ConfigFilePlugin.dll
MOD - [2010/04/26 15:37:34 | 000,032,768 | ---- | M] () -- C:\Program Files\Telia mobile broadband\NotifyServicePlugin.dll
MOD - [2010/04/26 15:37:34 | 000,014,848 | ---- | M] () -- C:\Program Files\Telia mobile broadband\isaputrace.dll
MOD - [2010/04/26 15:37:32 | 000,557,056 | ---- | M] () -- C:\Program Files\Telia mobile broadband\atcomm.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/12/10 12:52:38 | 000,192,512 | ---- | M] () -- C:\Program Files\Telia mobile broadband\DeviceMgrUIPlugin.dll
MOD - [2009/12/10 12:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files\Telia mobile broadband\DeviceMgrPlugin.dll
MOD - [2009/12/10 12:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Telia mobile broadband\NDISAPI.dll
MOD - [2009/09/19 12:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\Telia mobile broadband\NetInfoPlugin.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2012/05/03 21:46:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/14 10:59:40 | 000,084,520 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2010/10/27 17:02:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2012/03/07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/07 20:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/10/12 16:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2008/09/23 01:24:00 | 000,042,368 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\shbecr.sys -- (Tdsshbecr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT1750559
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{3F93FAA4-EAFA-4EA6-A06E-BDC6F86A6379}: "URL" = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT1750559
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.bbc.com"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 21:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/11 09:06:37 | 000,000,000 | ---D | M]
[2012/02/20 22:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012/05/03 21:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions
[2012/02/20 22:55:40 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012/04/26 11:02:31 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2012/05/03 21:47:20 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\anttoolbar@ant.com
[2012/02/20 22:55:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\engine@conduit.com
[2012/02/20 22:55:39 | 000,000,000 | ---D | M] (Bflix) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\info@thebflix.com
[2011/08/18 17:36:10 | 000,002,342 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icq-search.xml
[2011/09/26 12:56:16 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin-1.xml
[2011/07/04 09:45:42 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin-2.xml
[2011/07/04 19:18:16 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin-3.xml
[2011/05/17 23:37:14 | 000,001,056 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin.xml
[2010/11/01 21:12:30 | 000,002,048 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\mapycz.xml
[2010/11/01 21:11:12 | 000,001,692 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\sfd.xml
[2012/02/10 22:12:56 | 000,003,915 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\sweetim.xml
[2010/11/01 20:57:20 | 000,002,057 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\youtube-video-search.xml
[2012/03/02 13:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 09:27:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/10/28 21:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/08/30 14:08:54 | 000,091,556 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1M4MQA5.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2012/05/03 21:46:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/27 00:38:40 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/03 21:46:35 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/03 21:46:35 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/03 21:46:35 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/03 21:46:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/03 21:46:35 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
O1 HOSTS File: ([2010/11/23 13:22:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe (Lingea)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://eic.lgservice.com/DjvuViewer/DjV ... -6.1.4.cab (DjVuCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9155CE4E-0C30-4F6E-A4EC-18101DD71C23}: DhcpNameServer = 10.15.66.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6D40066-737D-4CAE-BD3B-7ECD1475643E}: NameServer = 195.67.199.18 195.67.199.19
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/22 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/18 11:12:34 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{253cba5b-0473-11e1-80be-001f3c06a0e4}\Shell - "" = AutoRun
O33 - MountPoints2\{253cba5b-0473-11e1-80be-001f3c06a0e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{253cba67-0473-11e1-80be-001f3c06a0e4}\Shell - "" = AutoRun
O33 - MountPoints2\{253cba67-0473-11e1-80be-001f3c06a0e4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/22 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{90301f2d-0aa4-11e1-8351-001e3713c601}\Shell - "" = AutoRun
O33 - MountPoints2\{90301f2d-0aa4-11e1-8351-001e3713c601}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/22 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9c81c9f2-3ed6-11e1-8d01-001e330246eb}\Shell - "" = AutoRun
O33 - MountPoints2\{9c81c9f2-3ed6-11e1-8d01-001e330246eb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/22 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2012/05/11 15:05:35 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/05/03 21:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 21:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/20 09:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/20 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/17 13:25:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/17 13:25:09 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/17 13:25:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/17 13:25:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/17 13:25:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/17 13:25:05 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[1 C:\Users\Admin\Desktop\*.tmp files -> C:\Users\Admin\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/11 15:17:19 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/05/11 15:08:02 | 006,887,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/11 15:08:02 | 003,292,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/11 15:05:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/05/11 15:00:18 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 15:00:18 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 15:00:14 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012/05/11 15:00:05 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/05/11 14:59:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/11 14:59:49 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/08 23:41:54 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Software602 Form Filler.lnk
[2012/04/26 10:07:51 | 000,007,598 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2012/04/20 09:26:41 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Users\Admin\Desktop\*.tmp files -> C:\Users\Admin\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/11 15:17:19 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/05/08 23:41:54 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Software602 Form Filler.lnk
[2012/04/20 09:26:41 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/02 21:39:18 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini
[2011/03/30 10:02:52 | 000,000,185 | ---- | C] () -- C:\Windows\pdf2word.INI
[2011/02/02 10:29:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/02 09:24:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/01 22:42:28 | 000,000,074 | ---- | C] () -- C:\Windows\hpsjbmgr.ini
[2010/10/28 17:27:34 | 000,007,598 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2010/10/28 12:51:56 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
========== LOP Check ==========
[2012/05/08 23:42:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\602Installer
[2011/05/20 15:34:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\602XML
[2010/10/28 22:07:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BSplayer
[2010/10/28 14:41:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BSplayer Pro
[2011/12/16 11:20:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EuroTalk
[2010/10/28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FinalTorrent
[2011/04/19 11:03:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2010/10/28 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IObit
[2011/12/04 23:43:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Personal
[2012/03/03 23:39:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2012/02/05 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\YCanPDF
[2012/01/02 12:05:34 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Personal
[2011/07/21 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
[2012/05/11 15:00:14 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2012/04/20 09:06:12 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: IASTORV.SYS >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
< MD5 for: LSASS.EXE >
[2011/11/17 09:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\System32\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2011/11/17 07:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
< MD5 for: NDIS.SYS >
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010/11/20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SMSS.EXE >
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/06/21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011/09/29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2011/09/29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\System32\drivers\tcpip.sys
[2011/09/29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011/09/29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2011/06/21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010/06/14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011/06/21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011/06/21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0f0907625638e61779c31afa67d997dc\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0f0907625638e61779c31afa67d997dc\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\3323b540e4639164992fa12a58f00025\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3323b540e4639164992fa12a58f00025\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\441a08a5516e761cd9a27185f73b14cf\*.tmp files -> C:\Windows\SoftwareDistribution\Download\441a08a5516e761cd9a27185f73b14cf\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\48fd941a3baa949be28788d37c174362\*.tmp files -> C:\Windows\SoftwareDistribution\Download\48fd941a3baa949be28788d37c174362\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\4cf68b12978147d8b47a4efb89a7d89a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\4cf68b12978147d8b47a4efb89a7d89a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp files -> C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\7b629ad3647df5110e89f679b1d63b9a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7b629ad3647df5110e89f679b1d63b9a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a1c4ee866dff66d4490cf8967773ad9a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a1c4ee866dff66d4490cf8967773ad9a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\c06625499f70ca87c201d2feed6e1fde\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c06625499f70ca87c201d2feed6e1fde\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp -> ]
[1 C:\Windows\Temp\_avast_\*.tmp files -> C:\Windows\Temp\_avast_\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012/05/08 23:42:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\602Installer
[2011/05/20 15:34:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\602XML
[2010/10/31 19:39:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2010/10/28 22:07:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BSplayer
[2010/10/28 14:41:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BSplayer Pro
[2012/01/15 21:05:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dvdcss
[2011/12/16 11:20:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EuroTalk
[2010/10/28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FinalTorrent
[2011/04/19 11:03:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2010/10/27 16:51:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2010/10/28 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IObit
[2010/10/28 09:26:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2011/12/03 16:05:47 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2012/02/20 22:46:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2010/11/21 17:25:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nero
[2011/12/04 23:43:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Personal
[2010/11/21 14:34:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Real
[2012/05/08 23:14:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2011/06/22 12:21:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM
[2012/03/03 23:39:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2012/03/18 22:38:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc
[2010/10/28 09:57:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2012/02/05 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\YCanPDF
< %APPDATA%\*.exe /s >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012/05/11 16:30:22 | 000,019,792 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 16:30:22 | 000,019,792 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 15:00:05 | 000,065,536 | ---- | M] () -- C:\Windows\system32\Ikeext.etl
[2012/05/11 15:08:02 | 003,292,012 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012/05/11 15:08:02 | 006,887,748 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012/05/11 15:08:02 | 000,004,706 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012/05/11 15:17:19 | 000,000,512 | ---- | M] () MD5=739D0ADC2D18F3263851AECB48A903F6 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2002/04/02 09:35:16 | 007,662,068 | ---- | M] () -- \Users\Admin\Downloads\sierra leone music\04 bone crack.MP3
< *keygen* /s >
[2010/11/21 16:53:17 | 000,012,656 | ---- | M] () -- \Users\Admin\AppData\Roaming\uTorrent\Nero 10.0 + Serials en Keygen - DivXNL-Team.torrent
[2010/10/28 17:12:51 | 000,017,228 | ---- | M] () -- \Users\Admin\AppData\Roaming\uTorrent\Nero 9.4.26.0+keygen [GR420].torrent
[2010/11/21 16:54:21 | 000,655,872 | ---- | M] () -- \Users\Admin\Downloads\SW\Nero 10.0 + Serials en Keygen - DivXNL-Team\Nero Multimedia Suite 10 - Keygen.exe
< *loader* /s >
[2006/10/26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2009/02/03 00:54:04 | 000,002,352 | ---- | M] () -- \Program Files\SubDownloader2\locale\bg\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,089,102 | ---- | M] () -- \Program Files\SubDownloader2\locale\bg\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,019,778 | ---- | M] () -- \Program Files\SubDownloader2\locale\cs\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,100,066 | ---- | M] () -- \Program Files\SubDownloader2\locale\cs\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,008,555 | ---- | M] () -- \Program Files\SubDownloader2\locale\da\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,095,752 | ---- | M] () -- \Program Files\SubDownloader2\locale\da\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,231 | ---- | M] () -- \Program Files\SubDownloader2\locale\de\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,100,286 | ---- | M] () -- \Program Files\SubDownloader2\locale\de\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,010,215 | ---- | M] () -- \Program Files\SubDownloader2\locale\el\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,099,279 | ---- | M] () -- \Program Files\SubDownloader2\locale\el\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,000,464 | ---- | M] () -- \Program Files\SubDownloader2\locale\en\LC_MESSAGES\subdownloader.mo
[2008/12/09 00:04:34 | 000,078,240 | ---- | M] () -- \Program Files\SubDownloader2\locale\en\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,420 | ---- | M] () -- \Program Files\SubDownloader2\locale\es\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,098,965 | ---- | M] () -- \Program Files\SubDownloader2\locale\es\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,002,061 | ---- | M] () -- \Program Files\SubDownloader2\locale\et\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,093,457 | ---- | M] () -- \Program Files\SubDownloader2\locale\et\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,019,979 | ---- | M] () -- \Program Files\SubDownloader2\locale\eu\LC_MESSAGES\subdownloader.mo
[2008/12/29 16:43:24 | 000,085,703 | ---- | M] () -- \Program Files\SubDownloader2\locale\eu\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,019,960 | ---- | M] () -- \Program Files\SubDownloader2\locale\fi\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,100,808 | ---- | M] () -- \Program Files\SubDownloader2\locale\fi\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,945 | ---- | M] () -- \Program Files\SubDownloader2\locale\fr\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,101,907 | ---- | M] () -- \Program Files\SubDownloader2\locale\fr\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,002,095 | ---- | M] () -- \Program Files\SubDownloader2\locale\gl\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,094,519 | ---- | M] () -- \Program Files\SubDownloader2\locale\gl\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,557 | ---- | M] () -- \Program Files\SubDownloader2\locale\he\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,102,120 | ---- | M] () -- \Program Files\SubDownloader2\locale\he\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,002,058 | ---- | M] () -- \Program Files\SubDownloader2\locale\hr\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,093,955 | ---- | M] () -- \Program Files\SubDownloader2\locale\hr\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,020,277 | ---- | M] () -- \Program Files\SubDownloader2\locale\hu\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,101,464 | ---- | M] () -- \Program Files\SubDownloader2\locale\hu\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,007,714 | ---- | M] () -- \Program Files\SubDownloader2\locale\id\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,094,992 | ---- | M] () -- \Program Files\SubDownloader2\locale\id\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,253 | ---- | M] () -- \Program Files\SubDownloader2\locale\it\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,101,043 | ---- | M] () -- \Program Files\SubDownloader2\locale\it\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,001,560 | ---- | M] () -- \Program Files\SubDownloader2\locale\ja\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,085,662 | ---- | M] () -- \Program Files\SubDownloader2\locale\ja\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,011,179 | ---- | M] () -- \Program Files\SubDownloader2\locale\ko\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,098,248 | ---- | M] () -- \Program Files\SubDownloader2\locale\ko\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,002,459 | ---- | M] () -- \Program Files\SubDownloader2\locale\mk\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,098,455 | ---- | M] () -- \Program Files\SubDownloader2\locale\mk\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,582 | ---- | M] () -- \Program Files\SubDownloader2\locale\nl\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,101,872 | ---- | M] () -- \Program Files\SubDownloader2\locale\nl\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,018,583 | ---- | M] () -- \Program Files\SubDownloader2\locale\pl\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,100,103 | ---- | M] () -- \Program Files\SubDownloader2\locale\pl\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,019,888 | ---- | M] () -- \Program Files\SubDownloader2\locale\pt\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,098,583 | ---- | M] () -- \Program Files\SubDownloader2\locale\pt\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,020,274 | ---- | M] () -- \Program Files\SubDownloader2\locale\pt_BR\LC_MESSAGES\subdownloader.mo
[2008/12/29 16:43:08 | 000,101,196 | ---- | M] () -- \Program Files\SubDownloader2\locale\pt_BR\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,020,390 | ---- | M] () -- \Program Files\SubDownloader2\locale\ro\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,099,436 | ---- | M] () -- \Program Files\SubDownloader2\locale\ro\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,020,943 | ---- | M] () -- \Program Files\SubDownloader2\locale\ru\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,097,042 | ---- | M] () -- \Program Files\SubDownloader2\locale\ru\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,019,989 | ---- | M] () -- \Program Files\SubDownloader2\locale\sk\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,100,510 | ---- | M] () -- \Program Files\SubDownloader2\locale\sk\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,002,052 | ---- | M] () -- \Program Files\SubDownloader2\locale\sq\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:02 | 000,094,014 | ---- | M] () -- \Program Files\SubDownloader2\locale\sq\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,009,169 | ---- | M] () -- \Program Files\SubDownloader2\locale\sr\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:04 | 000,096,838 | ---- | M] () -- \Program Files\SubDownloader2\locale\sr\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,014,063 | ---- | M] () -- \Program Files\SubDownloader2\locale\sv\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:04 | 000,097,762 | ---- | M] () -- \Program Files\SubDownloader2\locale\sv\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:04 | 000,019,747 | ---- | M] () -- \Program Files\SubDownloader2\locale\vi\LC_MESSAGES\subdownloader.mo
[2009/02/03 00:54:04 | 000,102,777 | ---- | M] () -- \Program Files\SubDownloader2\locale\vi\LC_MESSAGES\subdownloader.po
[2009/02/03 00:54:06 | 000,001,986 | ---- | M] () -- \Program Files\SubDownloader2\locale\zh_TW\LC_MESSAGES\subdownloader.mo
[2008/12/29 16:07:18 | 000,092,714 | ---- | M] () -- \Program Files\SubDownloader2\locale\zh_TW\LC_MESSAGES\subdownloader.po
[2010/03/15 11:28:23 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2010/10/31 00:21:32 | 000,001,862 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\SubDownloader2\SubDownloader2.lnk
[2012/02/29 08:49:32 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012/02/29 08:49:32 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012/02/23 00:21:39 | 000,001,765 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\adloader.min[1].js
[2012/02/22 12:27:33 | 000,015,520 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\gloader.0.1.6[1].js
[2012/03/01 09:14:09 | 000,004,242 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\uploaderapi2[1].swf
[2012/02/22 13:09:20 | 000,002,067 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\vbulletin_post_loader[1].js
[2012/02/23 00:25:05 | 000,002,037 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\vbulletin_post_loader[2].js
[2012/02/23 00:31:10 | 000,002,081 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BI7LTM7\vbulletin_post_loader[3].js
[2012/05/05 23:39:04 | 000,004,240 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DL58CV9V\uploaderapi2[1].swf
[2012/05/05 23:53:51 | 000,008,288 | ---- | M] () -- \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECBDJ7YT\loader[1].gif
[2010/10/31 01:32:46 | 000,000,158 | ---- | M] () -- \Users\Admin\AppData\Local\VirtualStore\Program Files\SubDownloader2\subdownloader.log
[2012/04/25 00:43:48 | 000,010,145 | ---- | M] () -- \Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\modules\ExternalLibraryLoader.jsm
[2010/10/30 23:45:00 | 000,004,161 | ---- | M] () -- \Users\Admin\AppData\Roaming\uTorrent\SubDownloader v.2.0.7.0-Full-multilanguage by BabyBoy.rar.torrent
[2006/09/19 14:42:57 | 000,010,102 | ---- | M] () -- \Users\Admin\Documents\Work\fs codes\carepack\e-CarePack\Staré\Skrivanek_DLT_LTO Autoloader.htm
[2008/08/14 12:15:50 | 000,008,248 | ---- | M] () -- \Users\Admin\Documents\Work\fs codes\carepack\e-CarePack\Staré\TBWA_UA701PE_LTO-autoloader.htm
[2008/08/18 09:56:05 | 000,001,208 | ---- | M] () -- \Users\Admin\Documents\Work\fs codes\carepack\e-CarePack\Staré\TBWA_UA701PE_LTO-autoloader.txt
[2009/07/10 09:16:34 | 010,861,954 | ---- | M] () -- \Users\Admin\Downloads\SW\SubDownloader-2.0.7.0 Full\SubDownloader-2.0.9.3.exe
[2010/10/31 00:21:32 | 000,001,862 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\SubDownloader2\SubDownloader2.lnk
[2012/02/29 08:49:32 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012/02/29 08:49:32 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2010/10/27 17:11:17 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2010/11/20 07:28:20 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_178685823786d34d.manifest
[2010/11/20 07:38:52 | 000,002,838 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_d8268e5f2967c990.manifest
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2009/11/11 07:42:09 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/11/11 07:42:09 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2009/11/11 07:42:09 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010/11/20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/02 07:45:50 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:47:28 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:15:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 08:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
-
Blanka yahoo
- Návštěvník
- Příspěvky: 346
- Registrován: 02 úno 2006 13:03
Re: zamrzavani laptopu
tady je otl2
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011/12/27 15:46:34 | 000,000,024 | ---- | M] () -- \Users\Admin\AppData\Local\Google\Picasa2\cache\cacheindex_serial.pmp
[2010/11/21 16:53:17 | 000,012,656 | ---- | M] () -- \Users\Admin\AppData\Roaming\uTorrent\Nero 10.0 + Serials en Keygen - DivXNL-Team.torrent
[2010/10/19 23:50:20 | 000,000,059 | ---- | M] () -- \Users\Admin\Downloads\SW\Advanced SystemCare Pro 3.7.2.733\serial.txt
[2010/11/21 16:54:21 | 000,000,801 | ---- | M] () -- \Users\Admin\Downloads\SW\Nero 10.0 + Serials en Keygen - DivXNL-Team\Instructies +Serial.txt
[2009/12/21 19:26:24 | 000,000,128 | ---- | M] () -- \Users\Admin\Downloads\SW\PDF-XChange Viewer Pro v.2.042.10\serial.txt
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2011/10/13 03:26:45 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8dba8803fad87c39c0afbdce6c19fdd0\System.Runtime.Serialization.ni.dll
[2012/02/16 09:01:33 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a221123a83601a4a964218b3bd3f4fa6\System.Runtime.Serialization.ni.dll
[2012/02/16 08:51:38 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c9ba9c9f4251a1978433fb8a5b8b0e01\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011/10/13 03:22:42 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa42950143908bea4f88f3b9fd693e94\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010/11/20 05:06:18 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_hu-hu_1778ab4419ab99ad.manifest
[2010/11/20 05:00:14 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_nl-nl_28520112cd09eae9.manifest
[2010/11/20 05:09:30 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_sv-se_0bbde5ad62777806.manifest
[2010/11/20 05:54:04 | 000,001,638 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_zh-cn_493a46a2345c6076.manifest
[2010/11/05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2010/11/05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2010/11/05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009/07/14 04:09:30 | 000,010,240 | ---- | M] () -- \Windows\System32\drivers\en-US\serial.sys.mui
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009/07/14 04:10:04 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009/07/14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009/07/14 06:56:40 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009/07/14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010/11/20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2009/07/14 04:28:14 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2009/07/14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010/11/20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2009/07/14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009/07/14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010/11/20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009/07/14 04:10:04 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009/07/14 04:09:30 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07e2c405948a55f4\serial.sys.mui
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
< *w7lxe* /s >
< End of report >
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011/12/27 15:46:34 | 000,000,024 | ---- | M] () -- \Users\Admin\AppData\Local\Google\Picasa2\cache\cacheindex_serial.pmp
[2010/11/21 16:53:17 | 000,012,656 | ---- | M] () -- \Users\Admin\AppData\Roaming\uTorrent\Nero 10.0 + Serials en Keygen - DivXNL-Team.torrent
[2010/10/19 23:50:20 | 000,000,059 | ---- | M] () -- \Users\Admin\Downloads\SW\Advanced SystemCare Pro 3.7.2.733\serial.txt
[2010/11/21 16:54:21 | 000,000,801 | ---- | M] () -- \Users\Admin\Downloads\SW\Nero 10.0 + Serials en Keygen - DivXNL-Team\Instructies +Serial.txt
[2009/12/21 19:26:24 | 000,000,128 | ---- | M] () -- \Users\Admin\Downloads\SW\PDF-XChange Viewer Pro v.2.042.10\serial.txt
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2011/10/13 03:26:45 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8dba8803fad87c39c0afbdce6c19fdd0\System.Runtime.Serialization.ni.dll
[2012/02/16 09:01:33 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a221123a83601a4a964218b3bd3f4fa6\System.Runtime.Serialization.ni.dll
[2012/02/16 08:51:38 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c9ba9c9f4251a1978433fb8a5b8b0e01\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011/10/13 03:22:42 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa42950143908bea4f88f3b9fd693e94\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010/11/20 05:06:18 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_hu-hu_1778ab4419ab99ad.manifest
[2010/11/20 05:00:14 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_nl-nl_28520112cd09eae9.manifest
[2010/11/20 05:09:30 | 000,001,626 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_sv-se_0bbde5ad62777806.manifest
[2010/11/20 05:54:04 | 000,001,638 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17514_zh-cn_493a46a2345c6076.manifest
[2010/11/05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2010/11/05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2010/11/05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009/07/14 04:09:30 | 000,010,240 | ---- | M] () -- \Windows\System32\drivers\en-US\serial.sys.mui
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009/07/14 04:10:04 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009/07/14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009/07/14 06:56:40 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009/07/14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010/11/20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2009/07/14 04:28:14 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2009/07/14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010/11/20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2009/07/14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009/07/14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010/11/20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009/07/14 04:10:04 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009/07/14 04:09:30 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07e2c405948a55f4\serial.sys.mui
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
< *w7lxe* /s >
< End of report >
-
Blanka yahoo
- Návštěvník
- Příspěvky: 346
- Registrován: 02 úno 2006 13:03
Re: zamrzavani laptopu
tady je extras
OTL Extras logfile created on: 11/05/2012 15:10:07 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Admin\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.77% Memory free
3.98 Gb Paging File | 2.57 Gb Available in Paging File | 64.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 12.70 Gb Free Space | 8.53% Space Free | Partition Type: NTFS
Drive E: | 14.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 100.00 Mb Total Space | 69.77 Mb Free Space | 69.77% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E7DA6C-3392-494D-A52E-33E705A02F49}" = lport=138 | protocol=17 | dir=in | app=system |
"{07415352-74C3-4B95-9CE7-9039FC24353C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0A59FF66-F158-4EC2-8327-5860F1B969D8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E159143-8F8F-431B-BA1F-3516F191A72A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3BE6C4E8-69AA-4CB5-8F7A-F26C136DB266}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CC00449-64D5-4C36-9706-AA290341496E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{409AF2D3-5261-4475-B739-8CF50416988A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4217BC04-58E8-4C72-A4FD-B596DD04E47D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{43D7FBFE-385A-4184-9D3D-4F94621AE7C8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4840AF94-E368-45EF-A868-E1B17AF14E60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A334B10-8D38-4CC8-B5AF-A975A8400618}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54FE65BD-77CE-4AAF-840E-88005E970EBC}" = lport=139 | protocol=6 | dir=in | app=system |
"{5EAE5EEC-1D94-4BB4-A989-7047D19C0CA5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C827649-6A4D-469B-82E5-7E910633D3FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{6CF5AB86-BE15-4A49-A08A-5C55781C9CE1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D92AE7C-12DE-4668-903C-CB27B27DD07F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6DC2151B-3959-4C27-BC10-671446B33633}" = rport=445 | protocol=6 | dir=out | app=system |
"{8DF3BBA9-E130-496C-9006-F9BB878B4119}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FAF0CF7-BBF2-4C0F-8C17-A2E5AC388373}" = rport=139 | protocol=6 | dir=out | app=system |
"{AEBDD9BA-D3D4-4BFC-B2FD-A0998ED8BF43}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B23A5C8B-4D0D-49F4-896E-2E95E1183688}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B4545BC7-F6C0-49FA-A6BA-4E3D4CAABF10}" = rport=137 | protocol=17 | dir=out | app=system |
"{BB50D701-5D41-4AA4-9E8D-D70D1086189B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D005CB59-6182-4AF6-9AC2-6778F1634769}" = lport=445 | protocol=6 | dir=in | app=system |
"{D3F991D6-A91D-4EC1-98AD-586FEFA10E56}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5444D6A-5A50-47D9-9751-7F63BC04302E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1B545E4-FAA2-47FC-858F-08FB3459C0E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E989F142-7ADF-4B3D-AD85-E34AF360E97F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFA02C73-702F-4C57-B2AD-BC27A1800CAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5A3B5C0-5E05-454E-BF2F-FBB4181B398A}" = lport=137 | protocol=17 | dir=in | app=system |
"{F6BC38F8-DCB5-491C-9EC8-CBD5701AE7C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA54F0D5-6834-4674-BB9A-09DAC3F5E7A9}" = rport=2869 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1302A8FE-0D7F-4D18-8586-76D1A7E30E70}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{173AF1F4-3E7E-440A-950E-ACDA4EF754C9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{22FE8015-B612-46F4-A928-FACF14876504}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CE3147F-4E86-4E9B-B9E0-B505CAE0BFF2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{2D5A818D-C425-4B89-83B1-1EF416715661}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35919A7B-F66D-4CF4-84EF-B18556F07104}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3DCDB300-2500-447E-B50F-0626C37B45FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46BB643C-17CA-4E5A-AB23-F57AEED5C6D2}" = protocol=6 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
"{48E8065D-7A3B-4ADE-94BD-6CABB4A01D6B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{531D4271-5362-40A3-8357-FAF4DB5D857C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5AA36445-7F4A-48E2-96B6-2BE2084D357C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{65992E01-269E-4DCA-9D70-D2BDBA6775B9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{67AB9507-D70B-483A-A693-D95A4EC96BA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{81212E66-8991-4B3C-B675-B46A4CAADC0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8546B448-E126-420A-985C-F3366D18B312}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{88F5594F-B0C7-41BF-97EC-891C1FF2B7F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9C587AD4-1473-4ACD-8E5B-41B86867C180}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC41F6D7-BDBF-46C2-8E95-636DAB2FC949}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0D0342E-99DA-4E7F-9E46-95AAD277F133}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BFFE65E5-882C-4902-BABE-1BC7D2B168F7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C52A1D05-D9CF-463E-88F0-6C9BFFE7831E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB0626F7-0B76-4226-AD85-7B025C55E820}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDFDC5F9-E203-4082-9F30-D5F3790802CC}" = protocol=6 | dir=out | app=system |
"{DE799E65-D797-46F7-A4E2-52CDB24B49B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E15DCBE8-744D-4219-9AAC-0F9773F6B665}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6F51191-F0BC-4141-8DCE-D2EE2145B980}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9EEFC66-CCFA-411C-A621-112C1F7BB301}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FA377BD6-F47A-4798-BE86-866421E2A9D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB8BF1E1-8DAB-4039-BD8C-B03A472AFC55}" = protocol=17 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0405-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Czech) 2007
"{90120000-0017-0405-0000-0000000FF1CE}_OMUI.cs-cz_{13E6D9FD-5FE8-43A6-9874-515A50909DEF}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_OMUI.cs-cz_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.cs-cz_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.cs-cz_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_OMUI.cs-cz_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_OMUI.cs-cz_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0405-0000-0000000FF1CE}" = Microsoft Office O MUI (Czech) 2007
"{90120000-0100-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0405-0000-0000000FF1CE}" = Microsoft Office X MUI (Czech) 2007
"{90120000-0101-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D387C31D-971F-4EEC-8734-382B39AD04F0}" = Software602 Form Filler
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Lexicon5" = Lingea Lexicon 5
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.cs-cz" = Microsoft Office Language Pack 2007 - Czech/èeština
"Personal" = BankID Security Application 4.18.3
"Picasa 3" = Picasa 3
"SubDownloader2" = SubDownloader2
"Telia mobile broadband" = Telia mobile broadband
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"VueScan" = VueScan
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08/05/2012 16:18:28 | Computer Name = Admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 08/05/2012 17:41:47 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/m ... ootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 09/05/2012 02:36:37 | Computer Name = Admin-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005
Error - 09/05/2012 02:36:37 | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.
Error - 09/05/2012 02:45:52 | Computer Name = Admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 09/05/2012 02:45:52 | Computer Name = Admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 09/05/2012 05:25:47 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\VueScan\dpinst64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 09/05/2012 14:04:43 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PhotoScreensaver.scr, version: 6.1.7600.16385,
time stamp: 0x4a5bcd1d Faulting module name: SHELL32.dll, version: 6.1.7600.16644,
time stamp: 0x4c4ee5ad Exception code: 0xc0000005 Fault offset: 0x000e9d83 Faulting
process id: 0x8a8 Faulting application start time: 0x01cd2e0af8dd2f4b Faulting application
path: C:\Windows\system32\PhotoScreensaver.scr Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: 739b4a90-9a01-11e1-b6e8-001e330246eb
Error - 10/05/2012 02:41:22 | Computer Name = Admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 10/05/2012 02:41:22 | Computer Name = Admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
[ System Events ]
Error - 11/05/2012 02:22:33 | Computer Name = Admin-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 11/05/2012 02:22:38 | Computer Name = Admin-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 11/05/2012 02:22:40 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2
Error - 11/05/2012 04:55:07 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description =
Error - 11/05/2012 06:26:09 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
Error - 11/05/2012 08:59:47 | Computer Name = Admin-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 11/05/2012 08:59:53 | Computer Name = Admin-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 11/05/2012 08:59:59 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2
Error - 11/05/2012 09:01:17 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description =
Error - 11/05/2012 09:01:17 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
OTL Extras logfile created on: 11/05/2012 15:10:07 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Admin\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.77% Memory free
3.98 Gb Paging File | 2.57 Gb Available in Paging File | 64.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 12.70 Gb Free Space | 8.53% Space Free | Partition Type: NTFS
Drive E: | 14.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 100.00 Mb Total Space | 69.77 Mb Free Space | 69.77% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3383073544-1549760780-763741289-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E7DA6C-3392-494D-A52E-33E705A02F49}" = lport=138 | protocol=17 | dir=in | app=system |
"{07415352-74C3-4B95-9CE7-9039FC24353C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0A59FF66-F158-4EC2-8327-5860F1B969D8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E159143-8F8F-431B-BA1F-3516F191A72A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3BE6C4E8-69AA-4CB5-8F7A-F26C136DB266}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CC00449-64D5-4C36-9706-AA290341496E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{409AF2D3-5261-4475-B739-8CF50416988A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4217BC04-58E8-4C72-A4FD-B596DD04E47D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{43D7FBFE-385A-4184-9D3D-4F94621AE7C8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4840AF94-E368-45EF-A868-E1B17AF14E60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A334B10-8D38-4CC8-B5AF-A975A8400618}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54FE65BD-77CE-4AAF-840E-88005E970EBC}" = lport=139 | protocol=6 | dir=in | app=system |
"{5EAE5EEC-1D94-4BB4-A989-7047D19C0CA5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C827649-6A4D-469B-82E5-7E910633D3FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{6CF5AB86-BE15-4A49-A08A-5C55781C9CE1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D92AE7C-12DE-4668-903C-CB27B27DD07F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6DC2151B-3959-4C27-BC10-671446B33633}" = rport=445 | protocol=6 | dir=out | app=system |
"{8DF3BBA9-E130-496C-9006-F9BB878B4119}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FAF0CF7-BBF2-4C0F-8C17-A2E5AC388373}" = rport=139 | protocol=6 | dir=out | app=system |
"{AEBDD9BA-D3D4-4BFC-B2FD-A0998ED8BF43}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B23A5C8B-4D0D-49F4-896E-2E95E1183688}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B4545BC7-F6C0-49FA-A6BA-4E3D4CAABF10}" = rport=137 | protocol=17 | dir=out | app=system |
"{BB50D701-5D41-4AA4-9E8D-D70D1086189B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D005CB59-6182-4AF6-9AC2-6778F1634769}" = lport=445 | protocol=6 | dir=in | app=system |
"{D3F991D6-A91D-4EC1-98AD-586FEFA10E56}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5444D6A-5A50-47D9-9751-7F63BC04302E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1B545E4-FAA2-47FC-858F-08FB3459C0E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E989F142-7ADF-4B3D-AD85-E34AF360E97F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFA02C73-702F-4C57-B2AD-BC27A1800CAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5A3B5C0-5E05-454E-BF2F-FBB4181B398A}" = lport=137 | protocol=17 | dir=in | app=system |
"{F6BC38F8-DCB5-491C-9EC8-CBD5701AE7C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA54F0D5-6834-4674-BB9A-09DAC3F5E7A9}" = rport=2869 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1302A8FE-0D7F-4D18-8586-76D1A7E30E70}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{173AF1F4-3E7E-440A-950E-ACDA4EF754C9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{22FE8015-B612-46F4-A928-FACF14876504}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CE3147F-4E86-4E9B-B9E0-B505CAE0BFF2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{2D5A818D-C425-4B89-83B1-1EF416715661}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35919A7B-F66D-4CF4-84EF-B18556F07104}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3DCDB300-2500-447E-B50F-0626C37B45FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46BB643C-17CA-4E5A-AB23-F57AEED5C6D2}" = protocol=6 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
"{48E8065D-7A3B-4ADE-94BD-6CABB4A01D6B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{531D4271-5362-40A3-8357-FAF4DB5D857C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5AA36445-7F4A-48E2-96B6-2BE2084D357C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{65992E01-269E-4DCA-9D70-D2BDBA6775B9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{67AB9507-D70B-483A-A693-D95A4EC96BA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{81212E66-8991-4B3C-B675-B46A4CAADC0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8546B448-E126-420A-985C-F3366D18B312}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{88F5594F-B0C7-41BF-97EC-891C1FF2B7F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9C587AD4-1473-4ACD-8E5B-41B86867C180}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC41F6D7-BDBF-46C2-8E95-636DAB2FC949}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0D0342E-99DA-4E7F-9E46-95AAD277F133}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BFFE65E5-882C-4902-BABE-1BC7D2B168F7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C52A1D05-D9CF-463E-88F0-6C9BFFE7831E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB0626F7-0B76-4226-AD85-7B025C55E820}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDFDC5F9-E203-4082-9F30-D5F3790802CC}" = protocol=6 | dir=out | app=system |
"{DE799E65-D797-46F7-A4E2-52CDB24B49B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E15DCBE8-744D-4219-9AAC-0F9773F6B665}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6F51191-F0BC-4141-8DCE-D2EE2145B980}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9EEFC66-CCFA-411C-A621-112C1F7BB301}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FA377BD6-F47A-4798-BE86-866421E2A9D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB8BF1E1-8DAB-4039-BD8C-B03A472AFC55}" = protocol=17 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0405-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Czech) 2007
"{90120000-0017-0405-0000-0000000FF1CE}_OMUI.cs-cz_{13E6D9FD-5FE8-43A6-9874-515A50909DEF}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_OMUI.cs-cz_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.cs-cz_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.cs-cz_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_OMUI.cs-cz_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_OMUI.cs-cz_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0405-0000-0000000FF1CE}" = Microsoft Office O MUI (Czech) 2007
"{90120000-0100-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0405-0000-0000000FF1CE}" = Microsoft Office X MUI (Czech) 2007
"{90120000-0101-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D387C31D-971F-4EEC-8734-382B39AD04F0}" = Software602 Form Filler
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Lexicon5" = Lingea Lexicon 5
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.cs-cz" = Microsoft Office Language Pack 2007 - Czech/èeština
"Personal" = BankID Security Application 4.18.3
"Picasa 3" = Picasa 3
"SubDownloader2" = SubDownloader2
"Telia mobile broadband" = Telia mobile broadband
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"VueScan" = VueScan
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08/05/2012 16:18:28 | Computer Name = Admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 08/05/2012 17:41:47 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/m ... ootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 09/05/2012 02:36:37 | Computer Name = Admin-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005
Error - 09/05/2012 02:36:37 | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.
Error - 09/05/2012 02:45:52 | Computer Name = Admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 09/05/2012 02:45:52 | Computer Name = Admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 09/05/2012 05:25:47 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\VueScan\dpinst64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 09/05/2012 14:04:43 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PhotoScreensaver.scr, version: 6.1.7600.16385,
time stamp: 0x4a5bcd1d Faulting module name: SHELL32.dll, version: 6.1.7600.16644,
time stamp: 0x4c4ee5ad Exception code: 0xc0000005 Fault offset: 0x000e9d83 Faulting
process id: 0x8a8 Faulting application start time: 0x01cd2e0af8dd2f4b Faulting application
path: C:\Windows\system32\PhotoScreensaver.scr Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: 739b4a90-9a01-11e1-b6e8-001e330246eb
Error - 10/05/2012 02:41:22 | Computer Name = Admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 10/05/2012 02:41:22 | Computer Name = Admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
[ System Events ]
Error - 11/05/2012 02:22:33 | Computer Name = Admin-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 11/05/2012 02:22:38 | Computer Name = Admin-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 11/05/2012 02:22:40 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2
Error - 11/05/2012 04:55:07 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description =
Error - 11/05/2012 06:26:09 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
Error - 11/05/2012 08:59:47 | Computer Name = Admin-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 11/05/2012 08:59:53 | Computer Name = Admin-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 11/05/2012 08:59:59 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2
Error - 11/05/2012 09:01:17 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description =
Error - 11/05/2012 09:01:17 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
-
Blanka yahoo
- Návštěvník
- Příspěvky: 346
- Registrován: 02 úno 2006 13:03
Re: zamrzavani laptopu
tady je dekuji...
ted vite vse o mem laptopu...
ted vite vse o mem laptopu...
Re: zamrzavani laptopu
A jak je to s tim systemem? Tyto IP adresy znate? 195.67.199.18 , 195.67.199.19 Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne Znovu spustte OTL jako spravceDo spodniho okna vlozte nasledujici text
Kód: Vybrat vše
:otl
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
[2012/02/20 22:55:40 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012/04/26 11:02:31 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2012/05/03 21:47:20 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\anttoolbar@ant.com
[2012/02/20 22:55:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\engine@conduit.com
[2012/02/20 22:55:39 | 000,000,000 | ---D | M] (Bflix) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l1m4mqa5.default\extensions\info@thebflix.com
[2011/08/18 17:36:10 | 000,002,342 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icq-search.xml
[2011/09/26 12:56:16 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin-1.xml
[2011/07/04 09:45:42 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin-2.xml
[2011/07/04 19:18:16 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin-3.xml
[2011/05/17 23:37:14 | 000,001,056 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\icqplugin.xml
[2012/02/10 22:12:56 | 000,003,915 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\sweetim.xml
[2012/04/20 09:27:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
O3 - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-3383073544-1549760780-763741289-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[1 C:\Users\Admin\Desktop\*.tmp files -> C:\Users\Admin\Desktop\*.tmp -> ]
[2010/10/28 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IObit
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0f0907625638e61779c31afa67d997dc\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0f0907625638e61779c31afa67d997dc\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\3323b540e4639164992fa12a58f00025\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3323b540e4639164992fa12a58f00025\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\441a08a5516e761cd9a27185f73b14cf\*.tmp files -> C:\Windows\SoftwareDistribution\Download\441a08a5516e761cd9a27185f73b14cf\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\48fd941a3baa949be28788d37c174362\*.tmp files -> C:\Windows\SoftwareDistribution\Download\48fd941a3baa949be28788d37c174362\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\4cf68b12978147d8b47a4efb89a7d89a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\4cf68b12978147d8b47a4efb89a7d89a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp files -> C:\Windows\SoftwareDistribution\Download\701bdbf802120fa9fcc072759d9a1348\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\7b629ad3647df5110e89f679b1d63b9a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\7b629ad3647df5110e89f679b1d63b9a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\884a79f5faa59aa185d2fcab7375dd0b\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\8a45649f9a29a8940a3f73f1d11a3ec2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a1c4ee866dff66d4490cf8967773ad9a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a1c4ee866dff66d4490cf8967773ad9a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b67467d1719cf8aedf56ad6c161b5b3b\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\c06625499f70ca87c201d2feed6e1fde\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c06625499f70ca87c201d2feed6e1fde\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d8b95da5504ee5ecc5c047a93218966d\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d9d53ed194e5aa284c679fd51607ce5f\*.tmp -> ]
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\PCConfidential.job
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-
"IgfxTray"=-
"Persistence"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
:services
NAUpdate
SkypeUpdate
:commands
[RESETHOSTS]
[EMPTYTEMP]
[Purity]
[EMPTYFLASH]Po restartu se objevi novy log, ten sem dejte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Blanka yahoo
- Návštěvník
- Příspěvky: 346
- Registrován: 02 úno 2006 13:03
Re: zamrzavani laptopu
asi jsem neco neudelala spravne, nebot mi to nenabidlo zadny log
odpovedi na vase otazky:
- laptop jsem koupila jako sekac od kamarada a priznam se, ze nevim, jak je to s tim systemem, asi jsem se mela o to vice zajimat, tak je to moje chyba...
- ip adresy jsou na providera internetu ve svedsku, ktereho nyni pouzivam
odpovedi na vase otazky:
- laptop jsem koupila jako sekac od kamarada a priznam se, ze nevim, jak je to s tim systemem, asi jsem se mela o to vice zajimat, tak je to moje chyba...
- ip adresy jsou na providera internetu ve svedsku, ktereho nyni pouzivam
Re: zamrzavani laptopu
A restartoval se pocitac?
Log by mel byt ve slozce C:\_OTL\MovedFiles Tam by mel byt poznamkovy blok, ktery se bude jmenovat xxxxxxxx_xxxx (misto tech x budou cisla, ktera predstavuji datum a cas spusteni)
Kdyby tam nahodou nebyl, dejte mi sem novy log z RSIT
To jsem chtel vedet, protoze to neni zrovna obvykle, ze by uzivatele meli svedskou IP. Ale kdyz je znate, je to v poradku.
Zajimat jste se urcite mela, ale jelikoz jste to rekla primo, navic jsem nenasel jasny dukaz, budem delat, ze je v poradku, i kdyz o tom dost pochybuju
Log by mel byt ve slozce C:\_OTL\MovedFiles Tam by mel byt poznamkovy blok, ktery se bude jmenovat xxxxxxxx_xxxx (misto tech x budou cisla, ktera predstavuji datum a cas spusteni)
Kdyby tam nahodou nebyl, dejte mi sem novy log z RSIT
To jsem chtel vedet, protoze to neni zrovna obvykle, ze by uzivatele meli svedskou IP. Ale kdyz je znate, je to v poradku.
Zajimat jste se urcite mela, ale jelikoz jste to rekla primo, navic jsem nenasel jasny dukaz, budem delat, ze je v poradku, i kdyz o tom dost pochybuju
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Blanka yahoo
- Návštěvník
- Příspěvky: 346
- Registrován: 02 úno 2006 13:03
Re: zamrzavani laptopu
ano, restartoval, i po hledani na c disku, jsem zadny tx. nenasla
proto vkladam rsit
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-05-11 22:52:38
Microsoft Windows 7 Ultimate
System drive C: has 13 GB (9%) free of 153 GB
Total RAM: 2038 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:58, on 11/05/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Common Files\Lingea Shared\luc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Telia mobile broadband\Telia mobile broadband.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Admin\Downloads\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - Startup: Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://eic.lgservice.com/DjvuViewer/DjV ... -6.1.4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6D40066-737D-4CAE-BD3B-7ECD1475643E}: NameServer = 195.67.199.18 195.67.199.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 5108 bytes
=========Mozilla firefox=========
ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default
prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.bbc.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@se.nexus/Personal]
"Description"=
"Path"=C:\Program Files\Personal\bin\np_prsnl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=Software602 Form Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
amazon-en-GB.xml
bing.xml
chambers-en-GB.xml
eBay-en-GB.xml
google.xml
twitter.xml
wikipedia.xml
yahoo-en-GB.xml
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\
mapycz.xml
sfd.xml
youtube-video-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-27 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-27 42272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2012-03-07 4241512]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BankID Security Application.lnk - C:\Program Files\Personal\bin\Personal.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Lingea Update Center.lnk - C:\Program Files\Common Files\Lingea Shared\luc.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-05-11 22:16:13 ----D---- C:\_OTL
2012-05-03 21:46:44 ----D---- C:\ProgramData\Mozilla
2012-05-03 21:46:43 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-04-20 09:26:40 ----D---- C:\Program Files\Common Files\Skype
2012-04-17 13:25:11 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-17 13:25:10 ----A---- C:\Windows\system32\iertutil.dll
2012-04-17 13:25:09 ----A---- C:\Windows\system32\jscript9.dll
2012-04-17 13:25:09 ----A---- C:\Windows\system32\jscript.dll
2012-04-17 13:25:07 ----A---- C:\Windows\system32\wininet.dll
2012-04-17 13:25:07 ----A---- C:\Windows\system32\url.dll
2012-04-17 13:25:07 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-17 13:25:06 ----A---- C:\Windows\system32\ieui.dll
2012-04-17 13:25:05 ----A---- C:\Windows\system32\urlmon.dll
2012-04-17 13:25:03 ----A---- C:\Windows\system32\ieframe.dll
2012-04-17 13:25:01 ----A---- C:\Windows\system32\mshtml.dll
2012-04-17 13:23:07 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-17 13:23:06 ----A---- C:\Windows\system32\wmi.dll
2012-04-17 13:23:05 ----A---- C:\Windows\system32\wintrust.dll
2012-04-17 13:23:04 ----A---- C:\Windows\system32\imagehlp.dll
======List of files/folders modified in the last 1 month======
2012-05-11 22:52:53 ----D---- C:\Windows\Prefetch
2012-05-11 22:52:45 ----D---- C:\Windows\Temp
2012-05-11 22:52:44 ----D---- C:\Program Files\trend micro
2012-05-11 22:52:39 ----D---- C:\Windows\tracing
2012-05-11 22:26:16 ----D---- C:\Windows\System32
2012-05-11 22:26:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-11 22:17:13 ----D---- C:\Windows\system32\drivers\etc
2012-05-11 22:17:01 ----D---- C:\Windows\Tasks
2012-05-11 15:16:57 ----SHD---- C:\System Volume Information
2012-05-11 15:15:26 ----D---- C:\Windows\system32\config
2012-05-11 12:29:07 ----SHD---- C:\Windows\Installer
2012-05-11 12:29:06 ----SHD---- C:\Config.Msi
2012-05-11 12:28:58 ----D---- C:\ProgramData\Microsoft Help
2012-05-11 12:28:02 ----D---- C:\Windows\system32\catroot
2012-05-11 07:27:48 ----D---- C:\Windows\system32\catroot2
2012-05-11 07:26:48 ----D---- C:\Windows\winsxs
2012-05-08 23:42:01 ----D---- C:\Users\Admin\AppData\Roaming\602Installer
2012-05-08 23:14:40 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2012-05-03 21:47:33 ----D---- C:\Program Files\Mozilla Firefox
2012-05-03 21:46:44 ----HD---- C:\ProgramData
2012-05-03 21:46:43 ----RD---- C:\Program Files
2012-04-20 09:27:21 ----RD---- C:\Program Files\Skype
2012-04-20 09:26:40 ----D---- C:\Program Files\Common Files
2012-04-20 09:26:31 ----D---- C:\ProgramData\Skype
2012-04-17 14:37:04 ----D---- C:\Windows\system32\migration
2012-04-17 14:37:03 ----D---- C:\Windows\system32\drivers
2012-04-17 14:37:03 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-07 44376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-07 103168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\Windows\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\Windows\system32\DRIVERS\adiusbaw.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393216]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G60I32.sys [2009-07-14 118784]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 Tdsshbecr;Handelsbanken card reader; C:\Windows\system32\DRIVERS\shbecr.sys [2008-09-23 42368]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-03-07 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-27 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe []
-----------------EOF-----------------
proto vkladam rsit
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-05-11 22:52:38
Microsoft Windows 7 Ultimate
System drive C: has 13 GB (9%) free of 153 GB
Total RAM: 2038 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:58, on 11/05/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Common Files\Lingea Shared\luc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Telia mobile broadband\Telia mobile broadband.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Admin\Downloads\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - Startup: Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://eic.lgservice.com/DjvuViewer/DjV ... -6.1.4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6D40066-737D-4CAE-BD3B-7ECD1475643E}: NameServer = 195.67.199.18 195.67.199.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 5108 bytes
=========Mozilla firefox=========
ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default
prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.bbc.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@se.nexus/Personal]
"Description"=
"Path"=C:\Program Files\Personal\bin\np_prsnl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=Software602 Form Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
amazon-en-GB.xml
bing.xml
chambers-en-GB.xml
eBay-en-GB.xml
google.xml
twitter.xml
wikipedia.xml
yahoo-en-GB.xml
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l1m4mqa5.default\searchplugins\
mapycz.xml
sfd.xml
youtube-video-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-27 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-27 42272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2012-03-07 4241512]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BankID Security Application.lnk - C:\Program Files\Personal\bin\Personal.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Lingea Update Center.lnk - C:\Program Files\Common Files\Lingea Shared\luc.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-05-11 22:16:13 ----D---- C:\_OTL
2012-05-03 21:46:44 ----D---- C:\ProgramData\Mozilla
2012-05-03 21:46:43 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-04-20 09:26:40 ----D---- C:\Program Files\Common Files\Skype
2012-04-17 13:25:11 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-17 13:25:10 ----A---- C:\Windows\system32\iertutil.dll
2012-04-17 13:25:09 ----A---- C:\Windows\system32\jscript9.dll
2012-04-17 13:25:09 ----A---- C:\Windows\system32\jscript.dll
2012-04-17 13:25:07 ----A---- C:\Windows\system32\wininet.dll
2012-04-17 13:25:07 ----A---- C:\Windows\system32\url.dll
2012-04-17 13:25:07 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-17 13:25:06 ----A---- C:\Windows\system32\ieui.dll
2012-04-17 13:25:05 ----A---- C:\Windows\system32\urlmon.dll
2012-04-17 13:25:03 ----A---- C:\Windows\system32\ieframe.dll
2012-04-17 13:25:01 ----A---- C:\Windows\system32\mshtml.dll
2012-04-17 13:23:07 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-17 13:23:06 ----A---- C:\Windows\system32\wmi.dll
2012-04-17 13:23:05 ----A---- C:\Windows\system32\wintrust.dll
2012-04-17 13:23:04 ----A---- C:\Windows\system32\imagehlp.dll
======List of files/folders modified in the last 1 month======
2012-05-11 22:52:53 ----D---- C:\Windows\Prefetch
2012-05-11 22:52:45 ----D---- C:\Windows\Temp
2012-05-11 22:52:44 ----D---- C:\Program Files\trend micro
2012-05-11 22:52:39 ----D---- C:\Windows\tracing
2012-05-11 22:26:16 ----D---- C:\Windows\System32
2012-05-11 22:26:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-11 22:17:13 ----D---- C:\Windows\system32\drivers\etc
2012-05-11 22:17:01 ----D---- C:\Windows\Tasks
2012-05-11 15:16:57 ----SHD---- C:\System Volume Information
2012-05-11 15:15:26 ----D---- C:\Windows\system32\config
2012-05-11 12:29:07 ----SHD---- C:\Windows\Installer
2012-05-11 12:29:06 ----SHD---- C:\Config.Msi
2012-05-11 12:28:58 ----D---- C:\ProgramData\Microsoft Help
2012-05-11 12:28:02 ----D---- C:\Windows\system32\catroot
2012-05-11 07:27:48 ----D---- C:\Windows\system32\catroot2
2012-05-11 07:26:48 ----D---- C:\Windows\winsxs
2012-05-08 23:42:01 ----D---- C:\Users\Admin\AppData\Roaming\602Installer
2012-05-08 23:14:40 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2012-05-03 21:47:33 ----D---- C:\Program Files\Mozilla Firefox
2012-05-03 21:46:44 ----HD---- C:\ProgramData
2012-05-03 21:46:43 ----RD---- C:\Program Files
2012-04-20 09:27:21 ----RD---- C:\Program Files\Skype
2012-04-20 09:26:40 ----D---- C:\Program Files\Common Files
2012-04-20 09:26:31 ----D---- C:\ProgramData\Skype
2012-04-17 14:37:04 ----D---- C:\Windows\system32\migration
2012-04-17 14:37:03 ----D---- C:\Windows\system32\drivers
2012-04-17 14:37:03 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-07 44376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-07 103168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\Windows\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\Windows\system32\DRIVERS\adiusbaw.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393216]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G60I32.sys [2009-07-14 118784]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 Tdsshbecr;Handelsbanken card reader; C:\Windows\system32\DRIVERS\shbecr.sys [2008-09-23 42368]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-03-07 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-27 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe []
-----------------EOF-----------------
Re: zamrzavani laptopu
Tak to vypada, ze OTL provedlo vse, co jsem mu zadal. Jak je na tom pc? Nastala nejaka zmena?
Udelejte uplnou kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a pokud neco najde, dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Udelejte uplnou kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a pokud neco najde, dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Blanka yahoo
- Návštěvník
- Příspěvky: 346
- Registrován: 02 úno 2006 13:03
Re: zamrzavani laptopu
tak jsem provedla, zde je log
jinak to bezi mnohem rychleji a nezamrzava to...
muzu se zeptat, co s tim bylo?
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org
Verze databáze: v2012.05.11.08
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [administrátor]
Ochrana: Povolena
11/05/2012 23:13:40
mbam-log-2012-05-12 (08-22-16).txt
Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 322884
Uplynulý čas: 1 hodin, 9 minut,
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Špatný: (http://www.helpmeopen.com/?n=app&ext=%s) Dobrý: (http://shell.windows.com/fileassoc/%04x ... asp?Ext=%s) -> Žádná instrukce nebyla provedena.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 9
C:\$RECYCLE.BIN\S-1-5-21-3383073544-1549760780-763741289-1000\$R09L02J.exe (Affiliate.Downloader) -> Žádná instrukce nebyla provedena.
C:\$RECYCLE.BIN\S-1-5-21-3383073544-1549760780-763741289-1000\$R6W811Z.exe (Affiliate.Downloader) -> Žádná instrukce nebyla provedena.
C:\Program Files\Common Files\Lingea Shared\lingea.lexicon.5.v5.0.0.0-patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
C:\Program Files\Lexicon5\lingea.lexicon.5.v5.0.0.0-patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
C:\Program Files\Lexicon5\crack\lingea.lexicon.5.v5.0.0.0-patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
C:\Program Files\Lexicon5\syst\lingea.lexicon.5.v5.0.0.0-patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
C:\Users\Admin\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Žádná instrukce nebyla provedena.
C:\Users\Admin\Downloads\SW\VideoConverterSetup.exe (Adware.Agent) -> Žádná instrukce nebyla provedena.
C:\Users\Admin\Downloads\SW\Lingea Lexicon 5 CZ (SK) - EN\crack\lingea.lexicon.5.v5.0.0.0-patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
(konec)
jinak to bezi mnohem rychleji a nezamrzava to...
muzu se zeptat, co s tim bylo?
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org
Verze databáze: v2012.05.11.08
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [administrátor]
Ochrana: Povolena
11/05/2012 23:13:40
mbam-log-2012-05-12 (08-22-16).txt
Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 322884
Uplynulý čas: 1 hodin, 9 minut,
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Špatný: (http://www.helpmeopen.com/?n=app&ext=%s) Dobrý: (http://shell.windows.com/fileassoc/%04x ... asp?Ext=%s) -> Žádná instrukce nebyla provedena.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 9
C:\$RECYCLE.BIN\S-1-5-21-3383073544-1549760780-763741289-1000\$R09L02J.exe (Affiliate.Downloader) -> Žádná instrukce nebyla provedena.
C:\$RECYCLE.BIN\S-1-5-21-3383073544-1549760780-763741289-1000\$R6W811Z.exe (Affiliate.Downloader) -> Žádná instrukce nebyla provedena.
C:\Program Files\Common Files\Lingea Shared\lingea.lexicon.5.v5.0.0.0-patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
C:\Program Files\Lexicon5\lingea.lexicon.5.v5.0.0.0-patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
C:\Program Files\Lexicon5\crack\lingea.lexicon.5.v5.0.0.0-patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
C:\Program Files\Lexicon5\syst\lingea.lexicon.5.v5.0.0.0-patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
C:\Users\Admin\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Žádná instrukce nebyla provedena.
C:\Users\Admin\Downloads\SW\VideoConverterSetup.exe (Adware.Agent) -> Žádná instrukce nebyla provedena.
C:\Users\Admin\Downloads\SW\Lingea Lexicon 5 CZ (SK) - EN\crack\lingea.lexicon.5.v5.0.0.0-patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
(konec)
Re: zamrzavani laptopu
Bylo tam dost smeti (docasne soubory a jine brzdy) a jak vidite, i nejaka ta havet.
Nalezy MBAM doporucuju nechat odstranit. Tu Lingeu nebudu komentovat
Po ostraneni restartujte pc a MBAM zase odinstalujte, at zbytecne nezere pamet.
No a jestli nebude nejaky problem, muzeme uklizet
Spustte znovu OTL jako spravce a kliknete na napis Vycisti. Program po sobe uklidi
Nainstalujte Service Pack 1
Pokud mate windows Vista nebo windows 7, vsechny tyto programy - vcetne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)
Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar, jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
Muzete defragmentovat disk
Stahnete napriklad program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci
Az vse provedete, napiste, jaky je stav pc
Nalezy MBAM doporucuju nechat odstranit. Tu Lingeu nebudu komentovat
Po ostraneni restartujte pc a MBAM zase odinstalujte, at zbytecne nezere pamet.
No a jestli nebude nejaky problem, muzeme uklizet
Spustte znovu OTL jako spravce a kliknete na napis Vycisti. Program po sobe uklidi Nainstalujte Service Pack 1 Pokud mate windows Vista nebo windows 7, vsechny tyto programy - vcetne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce) Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustteKliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.Pri instalaci pozor na toolbar, jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
Muzete defragmentovat diskStahnete napriklad program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci
Az vse provedete, napiste, jaky je stav pc
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Blanka yahoo
- Návštěvník
- Příspěvky: 346
- Registrován: 02 úno 2006 13:03
Re: zamrzavani laptopu
hlasim, ze jsem vse provedla a laptop bezi jako nikdy pred tim...
lingeu jsem odistalovala, zustatek po predeslem majiteli...
mockrat vam dekuji za pomoc...
vzdy mi zustane zahadou, proc mladi kluci ci vyzrali muzi (netusim) poskytuji tyto odvirovavaci sluzby zadarmo...?
a to sama delam v neziskovem sektoru...
mejte se fajn...
lingeu jsem odistalovala, zustatek po predeslem majiteli...
mockrat vam dekuji za pomoc...
vzdy mi zustane zahadou, proc mladi kluci ci vyzrali muzi (netusim) poskytuji tyto odvirovavaci sluzby zadarmo...?
a to sama delam v neziskovem sektoru...
mejte se fajn...
Přispějete na provoz fóra?