ahojte, vzdy ked sa pripoji usb kluc do booku tak sa nan skopiruju subory ako napr guma.exe a autorun odkazujuci nan,nod nic nenasiel
tu je log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by HP2 at 2010-03-12 10:50:11
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 24 GB (47%) free of 51 GB
Total RAM: 1975 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:56, on 12. 3. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\HP2\Desktop\RSIT.exe
C:\Program Files\trend micro\HP2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\windows\system32\agrsmsvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: rpcnetp - Unknown owner - C:\windows\System32\rpcnetp.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8054 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-06-04 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-06-04 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-06-04 141848]
""= []
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-16 293168]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-31 177456]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-04-21 197904]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2008-03-19 3842048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1314816]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-18 2289664]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2008-05-20 208896]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{181a09a1-250a-11df-8a72-00247e7b7e2f}]
shell\AutoRun\command - LIMUN/svrsh.exe
shell\explore\command - LIMUN/svrsh.exe
shell\open\command - LIMUN/svrsh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dfb9439-edfe-11de-9239-0025b369a945}]
shell\AutoRun\command - E:\NERVE///celika.exe
shell\explore\command - E:\NERVE///celika.exe
shell\open\command - E:\NERVE///celika.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55cfec79-04d9-11df-bdb7-00247e7b7e2f}]
shell\AutoRun\command - G:\KUPILJUBAV///dalimoze.exe
shell\open\command - G:\KUPILJUBAV///dalimoze.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55cfecb0-04d9-11df-bdb7-b31654ed6b31}]
shell\AutoRun\command - E:\NISAM///normalan.exe
shell\open\command - E:\NISAM///normalan.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6611a9d8-2695-11df-856a-00247e7b7e2f}]
shell\AutoRun\command - E:\NISAM///normalan.exe
shell\open\command - E:\NISAM///normalan.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6611aa3e-2695-11df-856a-00247e7b7e2f}]
shell\AutoRun\command - E:\DIJASPORA///gruda.exe
shell\open\command - E:\DIJASPORA///gruda.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6611aa70-2695-11df-856a-00247e7b7e2f}]
shell\AutoRun\command - NERVE///celika.exe
shell\explore\command - NERVE///celika.exe
shell\open\command - NERVE///celika.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70829c79-0664-11df-b9b3-00247e7b7e2f}]
shell\AutoRun\command - E:\NAUMI///radil.exe
shell\open\command - E:\NAUMI///radil.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b8c8ed6-de4a-11de-addb-00247e7b7e2f}]
shell\AutoRun\command - G:\NISAM///normalan.exe
shell\open\command - G:\NISAM///normalan.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90694553-df13-11de-acac-00247e7b7e2f}]
shell\AutoRun\command - LIMUN/svrsh.exe
shell\explore\command - LIMUN/svrsh.exe
shell\open\command - LIMUN/svrsh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9069459c-df13-11de-acac-00247e7b7e2f}]
shell\AutoRun\command - E:\fk.exe
shell\open\command - E:\fk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa6d198b-2511-11df-861e-0025b369a945}]
shell\AutoRun\command - DaTa/restore.exe
shell\explore\command - DaTa///restore.exe
shell\open\command - DaTa/restore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa6d1a96-2511-11df-861e-00247e7b7e2f}]
shell\AutoRun\command - E:\NAUMI///radil.exe
shell\open\command - E:\NAUMI///radil.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ade454a4-019c-11df-8691-00247e7b7e2f}]
shell\AutoRun\command - G:\s1.exe
shell\open\command - G:\s1.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3f5377d-0011-11df-8cc6-00247e7b7e2f}]
shell\AutoRun\command - E:\quiet.exe autorun.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3f537c3-0011-11df-8cc6-00247e7b7e2f}]
shell\AutoRun\command - E:\NISAM///normalan.exe
shell\open\command - E:\NISAM///normalan.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bed6f0d5-e31c-11de-a5fc-e16a2493e601}]
shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bed6f0d7-e31c-11de-a5fc-00247e7b7e2f}]
shell\AutoRun\command - E:\AutoRun.exe
======File associations======
.js - edit - C:\windows\System32\Notepad.exe %1
.js - open - C:\windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-03-12 10:44:41 ----D---- C:\Program Files\trend micro
2010-03-12 10:44:40 ----D---- C:\rsit
2010-03-12 09:44:21 ----A---- C:\windows\system32\gameux.dll
2010-03-12 09:44:17 ----A---- C:\windows\system32\GameUXLegacyGDFs.dll
2010-03-12 09:44:17 ----A---- C:\windows\system32\Apphlpdm.dll
2010-03-12 09:41:14 ----A---- C:\windows\system32\httpapi.dll
2010-03-12 09:41:13 ----A---- C:\windows\system32\nshhttp.dll
2010-03-12 09:37:35 ----A---- C:\windows\system32\tzres.dll
2010-03-12 09:31:49 ----A---- C:\windows\system32\t2embed.dll
2010-03-12 09:31:48 ----A---- C:\windows\system32\fontsub.dll
2010-03-12 09:31:36 ----A---- C:\windows\system32\msxml6.dll
2010-03-12 09:31:34 ----A---- C:\windows\system32\msxml3.dll
2010-03-12 09:31:27 ----A---- C:\windows\system32\ntoskrnl.exe
2010-03-12 09:31:27 ----A---- C:\windows\system32\ntkrnlpa.exe
2010-03-12 09:31:11 ----A---- C:\windows\system32\quartz.dll
2010-03-12 09:31:09 ----A---- C:\windows\system32\msvidc32.dll
2010-03-12 09:31:08 ----A---- C:\windows\system32\tsbyuv.dll
2010-03-12 09:31:08 ----A---- C:\windows\system32\msyuv.dll
2010-03-12 09:31:07 ----A---- C:\windows\system32\msrle32.dll
2010-03-12 09:31:06 ----A---- C:\windows\system32\iyuv_32.dll
2010-03-12 09:31:03 ----A---- C:\windows\system32\msvfw32.dll
2010-03-12 09:31:03 ----A---- C:\windows\system32\mciavi32.dll
2010-03-12 09:31:02 ----A---- C:\windows\system32\avifil32.dll
2010-03-12 09:30:58 ----A---- C:\windows\system32\jscript.dll
2010-03-12 09:29:33 ----A---- C:\windows\system32\rastls.dll
2010-03-12 09:29:25 ----A---- C:\windows\system32\winhttp.dll
2010-03-03 09:29:24 ----D---- C:\Users\HP2\AppData\Roaming\U3
2010-03-02 14:13:31 ----RSHD---- C:\RECYCLER
======List of files/folders modified in the last 1 months======
2010-03-12 10:52:56 ----D---- C:\windows\Prefetch
2010-03-12 10:52:52 ----D---- C:\windows\Temp
2010-03-12 10:44:41 ----RD---- C:\Program Files
2010-03-12 10:27:49 ----D---- C:\windows\winsxs
2010-03-12 10:25:00 ----D---- C:\windows\System32
2010-03-12 10:24:59 ----D---- C:\windows\inf
2010-03-12 10:24:59 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-03-12 10:17:40 ----D---- C:\windows\system32\catroot
2010-03-12 10:14:34 ----D---- C:\windows\system32\drivers
2010-03-12 10:14:33 ----D---- C:\Program Files\Windows Mail
2010-03-12 10:14:33 ----D---- C:\Program Files\Movie Maker
2010-03-12 10:14:33 ----D---- C:\Program Files\Internet Explorer
2010-03-12 10:14:33 ----AD---- C:\windows\system32\sk-SK
2010-03-12 10:14:32 ----D---- C:\windows\system32\en-US
2010-03-12 10:14:32 ----D---- C:\windows\AppPatch
2010-03-12 10:02:34 ----SHD---- C:\System Volume Information
2010-03-12 10:00:58 ----D---- C:\windows\system32\catroot2
2010-03-12 09:29:33 ----SD---- C:\Users\HP2\AppData\Roaming\Microsoft
2010-02-24 09:16:06 ----N---- C:\windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 CSC;Offline Files Driver; C:\windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\windows\System32\Drivers\dfsc.sys [2009-04-11 75264]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2009-04-11 17408]
R1 nsiproxy;NSI proxy service; C:\windows\system32\drivers\nsiproxy.sys [2008-01-21 16384]
R1 RDPENCDD;RDP Encoder Mirror Driver; C:\windows\system32\drivers\rdpencdd.sys [2008-01-21 6144]
R1 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\windows\system32\DRIVERS\smb.sys [2009-04-11 66560]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\windows\system32\DRIVERS\tdx.sys [2009-04-11 72192]
R1 Wanarpv6;Remote Access IPv6 ARP Driver; C:\windows\system32\DRIVERS\wanarp.sys [2008-01-21 62464]
R2 eamon;eamon; C:\windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\windows\system32\DRIVERS\lltdio.sys [2008-01-21 47104]
R2 luafv;UAC File Virtualization; C:\windows\system32\drivers\luafv.sys [2008-01-21 84480]
R2 PEAUTH;PEAUTH; C:\windows\system32\drivers\peauth.sys [2006-11-02 878080]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\windows\system32\DRIVERS\rspndr.sys [2008-01-21 60416]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\windows\System32\drivers\tcpipreg.sys [2009-12-08 30720]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2008-04-07 34664]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2008-04-11 382464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\windows\System32\Drivers\ATSwpWDF.sys [2008-05-13 475520]
R3 bowser;Bowser; C:\windows\system32\DRIVERS\bowser.sys [2008-01-21 69632]
R3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2008-02-01 80424]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2008-02-01 80936]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2008-02-01 16168]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\windows\System32\drivers\dxgkrnl.sys [2009-09-25 634880]
R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2009-04-11 561152]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2008-05-20 2360832]
R3 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-01-21 41472]
R3 iScsiPrt;iScsiPort Driver; C:\windows\system32\DRIVERS\msiscsi.sys [2009-04-11 180712]
R3 monitor;Microsoft Monitor Class Function Driver Service; C:\windows\system32\DRIVERS\monitor.sys [2008-01-21 41984]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\windows\System32\drivers\mpsdrv.sys [2008-01-21 64000]
R3 mrxsmb10;SMB 1.x MiniRedirector; C:\windows\system32\DRIVERS\mrxsmb10.sys [2009-12-04 212992]
R3 mrxsmb20;SMB 2.0 MiniRedirector; C:\windows\system32\DRIVERS\mrxsmb20.sys [2009-04-11 79360]
R3 NativeWifiP;NativeWiFi Filter; C:\windows\system32\DRIVERS\nwifi.sys [2009-04-11 148480]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 ohci1394;AGERE OHCI Compliant IEEE 1394 Host Controller; C:\windows\system32\DRIVERS\ohci1394.sys [2009-04-11 62208]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\windows\system32\DRIVERS\rassstp.sys [2009-04-11 69120]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2008-04-10 1804160]
R3 srv2;srv2; C:\windows\System32\DRIVERS\srv2.sys [2009-09-14 144896]
R3 srvnet;srvnet; C:\windows\System32\DRIVERS\srvnet.sys [2009-12-11 98816]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2008-03-27 199472]
R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\windows\system32\DRIVERS\tunmp.sys [2008-01-21 15360]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver; C:\windows\system32\DRIVERS\tunnel.sys [2008-01-21 23040]
R3 umbus;UMBus Enumerator Driver; C:\windows\system32\DRIVERS\umbus.sys [2008-01-21 34816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2009-04-11 39936]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2009-04-11 196096]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-01-21 23552]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 agp440;Intel AGP Bus Filter; C:\windows\system32\drivers\agp440.sys [2008-01-21 56376]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\drivers\amdagp.sys [2008-01-21 57400]
S3 AmdK7;AMD K7 Processor Driver; C:\windows\system32\drivers\amdk7.sys [2008-01-21 41472]
S3 AmdK8;AMD K8 Processor Driver; C:\windows\system32\DRIVERS\amdk8.sys [2008-01-21 44032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2007-11-29 181760]
S3 blbdrive;blbdrive; C:\windows\system32\drivers\blbdrive.sys [2008-01-21 45568]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\windows\system32\drivers\brfiltlo.sys [2006-11-02 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\windows\system32\drivers\brfiltup.sys [2006-11-02 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\windows\system32\drivers\brserid.sys [2006-11-02 71808]
S3 BrSerWdm;Brother WDM Serial driver; C:\windows\system32\drivers\brserwdm.sys [2006-11-02 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\windows\system32\drivers\brusbmdm.sys [2006-11-02 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\windows\system32\drivers\brusbser.sys [2006-11-02 11904]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\windows\system32\drivers\bthmodem.sys [2006-11-02 39936]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 circlass;Consumer IR Devices; C:\windows\system32\drivers\circlass.sys [2008-01-21 35328]
S3 Crusoe;Transmeta Crusoe Processor Driver; C:\windows\system32\drivers\crusoe.sys [2008-01-21 40960]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\windows\system32\DRIVERS\E1G60I32.sys [2008-01-21 118784]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 exfat;exFAT File System Driver; C:\windows\system32\drivers\exfat.sys [2009-04-11 136704]
S3 Filetrace;FileTrace; C:\windows\system32\drivers\filetrace.sys [2008-01-21 27648]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\windows\system32\drivers\gagp30kx.sys [2008-01-21 61496]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\windows\system32\drivers\hidbth.sys [2006-11-02 29184]
S3 HidIr;Microsoft Infrared HID Driver; C:\windows\system32\drivers\hidir.sys [2006-11-02 21504]
S3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-01-21 12288]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632]
S3 IPMIDRV;IPMIDRV; C:\windows\system32\drivers\ipmidrv.sys [2008-01-21 64512]
S3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2008-01-21 15872]
S3 MsRPC;MsRPC; C:\windows\system32\drivers\MsRPC.sys [2009-04-11 161752]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 ntrigdigi;N-trig HID Tablet Driver; C:\windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\windows\system32\drivers\nv_agp.sys [2008-01-21 109112]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\windows\system32\drivers\qwavedrv.sys [2008-01-21 31232]
S3 sermouse;Serial Mouse Driver; C:\windows\system32\drivers\sermouse.sys [2008-01-21 19968]
S3 sffdisk;SFF Storage Class Driver; C:\windows\system32\drivers\sffdisk.sys [2008-01-21 13312]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\windows\system32\drivers\sffp_mmc.sys [2008-01-21 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\windows\system32\drivers\sffp_sd.sys [2008-01-21 11776]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\drivers\sisagp.sys [2008-01-21 55864]
S3 Tcpip6;Microsoft IPv6 Protocol Driver; C:\windows\system32\DRIVERS\tcpip.sys [2009-12-08 904776]
S3 tssecsrv;Terminal Services Security Filter Driver; C:\windows\System32\DRIVERS\tssecsrv.sys [2008-01-21 23552]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\windows\system32\drivers\uagp35.sys [2008-01-21 59448]
S3 uliagpkx;Uli AGP Bus Filter; C:\windows\system32\drivers\uliagpkx.sys [2008-01-21 60984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2008-01-21 73216]
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\windows\system32\drivers\usbcir.sys [2006-11-02 68608]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbohci.sys [2008-01-21 19456]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\drivers\usbprint.sys [2006-11-02 18944]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2009-04-11 65536]
S3 usbvideo;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 vga;vga; C:\windows\system32\DRIVERS\vgapnp.sys [2008-01-21 26112]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\drivers\viaagp.sys [2008-01-21 56888]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\drivers\viac7.sys [2008-01-21 41472]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\windows\system32\drivers\wacompen.sys [2006-11-02 20608]
S3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ws2ifsl;Winsock IFS driver; C:\windows\system32\drivers\ws2ifsl.sys [2008-01-21 15872]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576]
R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2007-10-19 86016]
R2 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 ATService;AuthenTec Fingerprint Service; c:\Program Files\Fingerprint Sensor\AtService.exe [2008-05-10 1168632]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 EMDMgmt;@%SystemRoot%\system32\emdmgmt.dll,-1000; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 gpsvc;@gpapi.dll,-112; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2008-04-07 24936]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 KtmRm;@comres.dll,-2946; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 netprofm;@%SystemRoot%\system32\netprof.dll,-246; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 slsvc;@%SystemRoot%\system32\SLsvc.exe,-101; C:\windows\system32\SLsvc.exe [2009-04-11 3408896]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\windows\system32\SearchIndexer.exe [2009-04-11 441344]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\windows\system32\svchost.exe [2008-01-21 21504]
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-04-16 165192]
R3 KeyIso;@keyiso.dll,-100; C:\windows\system32\lsass.exe [2009-06-15 9728]
R3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\windows\system32\svchost.exe [2008-01-21 21504]
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\windows\System32\svchost.exe [2008-01-21 21504]
R3 WMPNetworkSvc;@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2008-01-21 896512]
S2 rpcnetp;rpcnetp; C:\windows\System32\rpcnetp.exe []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-03-30 66368]
S3 DFSR;@dfsrres.dll,-101; C:\windows\system32\DFSR.exe [2009-04-11 2092544]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\windows\system32\fxssvc.exe [2008-01-21 523776]
S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-02-18 43904]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-02-18 879448]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pimsvc;@%SystemRoot%\system32\p2psvc.dll,-8004; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 PNRPAutoReg;@%SystemRoot%\system32\p2psvc.dll,-8002; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 PNRPsvc;@%SystemRoot%\system32\p2psvc.dll,-8000; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 SLUINotify;@%SystemRoot%\system32\SLUINotify.dll,-103; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\windows\System32\snmptrap.exe [2006-11-02 12800]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\windows\servicing\TrustedInstaller.exe [2009-04-11 39424]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\windows\system32\UI0Detect.exe [2008-01-21 35840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\windows\System32\vds.exe [2009-04-11 385536]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\windows\system32\wbengine.exe [2009-04-11 918528]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\windows\System32\svchost.exe [2008-01-21 21504]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
notebook kopirujuci data na usb kluce
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: notebook kopirujuci data na usb kluce
cez vikend nebudem mat pristup k tomu booku takze tu je aj info
info.txt logfile of random's system information tool 1.06 2010-03-12 10:53:01
======Uninstall list======
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1 - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-A91000000001}
Agere Systems HDA Modem-->agrsmdel
Aktualizácia Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {9A8C39B0-D27F-4F81-BE74-2FECF164707E}
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {CE23B3DC-18CC-46FC-A309-81D6670F8D3D}
Aktualizácia Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}
AuthenTec Fingerprint System-->MsiExec.exe /I{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
ESU for Microsoft Vista SP1-->MsiExec.exe /I{819F6BAD-35DA-4094-BCE6-F57AACE116D1}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP 3D DriveGuard-->MsiExec.exe /X{4C203E35-B5C7-4E35-9834-619668C0FFEE}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->MsiExec.exe /X{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Quick Launch Buttons 6.40 D3-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP QuickLook 2-->"C:\Program Files\Hewlett-Packard\HP QuickLook 2\unins000.exe"
HP SoftPaq Download Manager-->MsiExec.exe /I{352AB263-2FF5-44DE-8DC7-ABD8BE81EF85}
HP User Guides 0097-->MsiExec.exe /I{8595812B-9104-4196-B629-FD298D819399}
HP Webcam Application-->C:\Program Files\InstallShield Installation Information\{154E4F71-DFC0-4B31-8D99-F97615031B02}\setup.exe -runfromtemp -l0x0009 -removeonly
HP Webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x001b -removeonly
HP Wireless Assistant-->MsiExec.exe /I{340F521E-3576-4E1A-B75C-EB0ACF751379}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Business v10-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Business-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD-->MsiExec.exe /I{30A2A953-DEB1-466A-B660-F4399C7C6B9D}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb975960)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5}
Vista Default Settings-->MsiExec.exe /I{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: UIPSUIP-FVHYS7W
Event Code: 1001
Message: Inicializácia aplikácie zlyhala. Posledná chyba: 0x80070032
Record Number: 109178
Source Name: Microsoft-Windows-LanguagePackSetup
Time Written: 20091127105458.351420-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
Computer Name: UIPSUIP-FVHYS7W
Event Code: 7000
Message: Spustenie služby rpcnetp zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.
Record Number: 109152
Source Name: Service Control Manager
Time Written: 20091127105446.000000-000
Event Type: Error
User:
Computer Name: UIPSUIP-FVHYS7W
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 109089
Source Name: b57nd60x
Time Written: 20091127105413.627316-000
Event Type: Warning
User:
Computer Name: UIPSUIP-FVHYS7W
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 108961
Source Name: b57nd60x
Time Written: 20091127105150.256800-000
Event Type: Warning
User:
Computer Name: UIPSUIP-FVHYS7W
Event Code: 17
Message: Miestny adaptér Bluetooth zlyhal bližšie neurčeným spôsobom a nebude sa používať. Ovládač bol odstránený z pamäte.
Record Number: 107820
Source Name: BTHUSB
Time Written: 20091127103251.311200-000
Event Type: Error
User:
=====Application event log=====
Computer Name: cpqtest-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.
Record Number: 1035
Source Name: Microsoft-Windows-Search
Time Written: 20090917091030.000000-000
Event Type: Warning
User:
Computer Name: cpqtest-PC
Event Code: 4440
Message: The CRM log file was originally created on a computer with a different name. It has been updated with the name of the current computer. If this warning appears when the computer name has been changed then no further action is required. WIN-RCT1IQJLW1J
Server Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235}
Server Application Instance ID:
{17E2835E-28E4-49C3-A524-DDF971A77A28}
Server Application Name: System Application
Comsvcs.dll file version: ENU 2001.12.6931.18000 shp
Record Number: 1030
Source Name: Microsoft-Windows-Complus
Time Written: 20090917091018.000000-000
Event Type: Warning
User:
Computer Name: cpqtest-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-433530778-1702004399-1996281515-500_Classes:
Process 940 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-433530778-1702004399-1996281515-500_CLASSES
Record Number: 1015
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090619125334.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: cpqtest-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-433530778-1702004399-1996281515-500:
Process 940 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-433530778-1702004399-1996281515-500
Record Number: 1014
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090619125334.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: cpqtest-PC
Event Code: 3036
Message: The content source <iehistory://{s-1-5-21-433530778-1702004399-1996281515-500}/> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
The filtering was stopped because of a user action, such as stopping the crawl. (0x80040d54)
Record Number: 1007
Source Name: Microsoft-Windows-Search
Time Written: 20090619124721.000000-000
Event Type: Warning
User:
=====Security event log=====
Computer Name: cpqtest-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: CPQTEST-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 1738
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619124723.456828-000
Event Type: Audit Success
User:
Computer Name: cpqtest-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1737
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619124723.394428-000
Event Type: Audit Success
User:
Computer Name: cpqtest-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: CPQTEST-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 1736
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619124723.394428-000
Event Type: Audit Success
User:
Computer Name: cpqtest-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: CPQTEST-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 1735
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619124723.394428-000
Event Type: Audit Success
User:
Computer Name: cpqtest-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-433530778-1702004399-1996281515-500
Account Name: Administrator
Domain Name: cpqtest-PC
Logon ID: 0x2bfc9
Record Number: 1734
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090619124714.720828-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ActivIdentity\ActivClient\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=BNB
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"EMC_AUTOPLAY"=c:\Program Files\Common Files\Roxio Shared\
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-03-12 10:53:01
======Uninstall list======
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1 - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-A91000000001}
Agere Systems HDA Modem-->agrsmdel
Aktualizácia Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {9A8C39B0-D27F-4F81-BE74-2FECF164707E}
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {CE23B3DC-18CC-46FC-A309-81D6670F8D3D}
Aktualizácia Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}
AuthenTec Fingerprint System-->MsiExec.exe /I{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
ESU for Microsoft Vista SP1-->MsiExec.exe /I{819F6BAD-35DA-4094-BCE6-F57AACE116D1}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP 3D DriveGuard-->MsiExec.exe /X{4C203E35-B5C7-4E35-9834-619668C0FFEE}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->MsiExec.exe /X{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Quick Launch Buttons 6.40 D3-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP QuickLook 2-->"C:\Program Files\Hewlett-Packard\HP QuickLook 2\unins000.exe"
HP SoftPaq Download Manager-->MsiExec.exe /I{352AB263-2FF5-44DE-8DC7-ABD8BE81EF85}
HP User Guides 0097-->MsiExec.exe /I{8595812B-9104-4196-B629-FD298D819399}
HP Webcam Application-->C:\Program Files\InstallShield Installation Information\{154E4F71-DFC0-4B31-8D99-F97615031B02}\setup.exe -runfromtemp -l0x0009 -removeonly
HP Webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x001b -removeonly
HP Wireless Assistant-->MsiExec.exe /I{340F521E-3576-4E1A-B75C-EB0ACF751379}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Business v10-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Business-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD-->MsiExec.exe /I{30A2A953-DEB1-466A-B660-F4399C7C6B9D}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb975960)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5}
Vista Default Settings-->MsiExec.exe /I{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: UIPSUIP-FVHYS7W
Event Code: 1001
Message: Inicializácia aplikácie zlyhala. Posledná chyba: 0x80070032
Record Number: 109178
Source Name: Microsoft-Windows-LanguagePackSetup
Time Written: 20091127105458.351420-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
Computer Name: UIPSUIP-FVHYS7W
Event Code: 7000
Message: Spustenie služby rpcnetp zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.
Record Number: 109152
Source Name: Service Control Manager
Time Written: 20091127105446.000000-000
Event Type: Error
User:
Computer Name: UIPSUIP-FVHYS7W
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 109089
Source Name: b57nd60x
Time Written: 20091127105413.627316-000
Event Type: Warning
User:
Computer Name: UIPSUIP-FVHYS7W
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 108961
Source Name: b57nd60x
Time Written: 20091127105150.256800-000
Event Type: Warning
User:
Computer Name: UIPSUIP-FVHYS7W
Event Code: 17
Message: Miestny adaptér Bluetooth zlyhal bližšie neurčeným spôsobom a nebude sa používať. Ovládač bol odstránený z pamäte.
Record Number: 107820
Source Name: BTHUSB
Time Written: 20091127103251.311200-000
Event Type: Error
User:
=====Application event log=====
Computer Name: cpqtest-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.
Record Number: 1035
Source Name: Microsoft-Windows-Search
Time Written: 20090917091030.000000-000
Event Type: Warning
User:
Computer Name: cpqtest-PC
Event Code: 4440
Message: The CRM log file was originally created on a computer with a different name. It has been updated with the name of the current computer. If this warning appears when the computer name has been changed then no further action is required. WIN-RCT1IQJLW1J
Server Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235}
Server Application Instance ID:
{17E2835E-28E4-49C3-A524-DDF971A77A28}
Server Application Name: System Application
Comsvcs.dll file version: ENU 2001.12.6931.18000 shp
Record Number: 1030
Source Name: Microsoft-Windows-Complus
Time Written: 20090917091018.000000-000
Event Type: Warning
User:
Computer Name: cpqtest-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-433530778-1702004399-1996281515-500_Classes:
Process 940 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-433530778-1702004399-1996281515-500_CLASSES
Record Number: 1015
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090619125334.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: cpqtest-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-433530778-1702004399-1996281515-500:
Process 940 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-433530778-1702004399-1996281515-500
Record Number: 1014
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090619125334.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: cpqtest-PC
Event Code: 3036
Message: The content source <iehistory://{s-1-5-21-433530778-1702004399-1996281515-500}/> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
The filtering was stopped because of a user action, such as stopping the crawl. (0x80040d54)
Record Number: 1007
Source Name: Microsoft-Windows-Search
Time Written: 20090619124721.000000-000
Event Type: Warning
User:
=====Security event log=====
Computer Name: cpqtest-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: CPQTEST-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 1738
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619124723.456828-000
Event Type: Audit Success
User:
Computer Name: cpqtest-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1737
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619124723.394428-000
Event Type: Audit Success
User:
Computer Name: cpqtest-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: CPQTEST-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 1736
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619124723.394428-000
Event Type: Audit Success
User:
Computer Name: cpqtest-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: CPQTEST-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 1735
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619124723.394428-000
Event Type: Audit Success
User:
Computer Name: cpqtest-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-433530778-1702004399-1996281515-500
Account Name: Administrator
Domain Name: cpqtest-PC
Logon ID: 0x2bfc9
Record Number: 1734
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090619124714.720828-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ActivIdentity\ActivClient\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=BNB
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"EMC_AUTOPLAY"=c:\Program Files\Common Files\Roxio Shared\
-----------------EOF-----------------
Re: notebook kopirujuci data na usb kluce
Hezké odpoledne 
Připojte všechny USB klíče, externí disky, pamětové karty k pc. Jde vidět infekce na jednotkách E, F, G. Nechejte připojené přes celou lečbu
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt
Připojte všechny USB klíče, externí disky, pamětové karty k pc. Jde vidět infekce na jednotkách E, F, G. Nechejte připojené přes celou lečbu Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Stáhněte na plochu UsbFix-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?