Prosím o preventivku

Zpráva

kazi21 · #1 Příspěvek od **kazi21** » 31 kvě 2010 11:43

Prosím o kontrolu, nějak tak mam zpomalený comp

Předem dík

Zde je log z Rsit:

Logfile of random's system information tool 1.07 (written by random/random)
Run by vista at 2010-05-31 12:41:20
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 221 GB (47%) free of 466 GB
Total RAM: 3070 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:41:32, on 31.5.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Users\vista\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\vista.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.146.92.217:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files (x86)\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [MAgent] "C:\Program Files (x86)\Mail.Ru\Agent\MAgent.exe" -LM
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files (x86)\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files (x86)\Rapidown\rapidownGet.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\newdotnet\newdotnet3_88.dll' missing
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://webcam.aicomp.de/kxhcm10.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11214 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac6628edb2ed2.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\NeroLiveEpgUpdate-vista-PC_vista.job
C:\Windows\tasks\User_Feed_Synchronization-{46834853-4A93-4B6F-8290-4000792C283D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-02-22 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-28 278128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-31 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-02-22 798771]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-28 278128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"MAgent"=C:\Program Files (x86)\Mail.Ru\Agent\MAgent.exe [2010-05-27 9422016]
"Guard.Mail.ru.gui"=C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2010-05-27 971968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 138240]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-04-14 3037696]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-04-06 26102056]
""= []
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-12-15 306088]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-05-17 322352]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{16664848-0E00-11D2-8059-000000000000}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a970c6ff-d654-11dd-ba17-001e9029280e}]
shell\AutoRun\command - L:\EmDesk.exe
shell\EmDesk\command - L:\EmDesk.exe

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-05-27 12:25:57 ----D---- C:\Users\vista\AppData\Roaming\PhoneRemoteControl
2010-05-27 08:40:07 ----D---- C:\Users\vista\AppData\Roaming\Mra
2010-05-27 08:39:46 ----D---- C:\Program Files (x86)\Mail.Ru
2010-05-26 10:50:47 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-05-26 10:47:00 ----A---- C:\Windows\SysWOW64\tzres.dll
2010-05-19 09:04:39 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2010-05-12 11:58:01 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2010-05-09 12:57:50 ----D---- C:\Users\vista\AppData\Roaming\Malwarebytes
2010-05-09 12:57:38 ----D---- C:\ProgramData\Malwarebytes
2010-05-09 12:57:34 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-05-08 20:19:33 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2010-05-31 12:41:32 ----D---- C:\Windows\Temp
2010-05-31 12:41:32 ----D---- C:\Windows\Prefetch
2010-05-31 12:41:31 ----D---- C:\Program Files (x86)\Trend Micro
2010-05-31 12:38:30 ----D---- C:\Windows\Tasks
2010-05-31 12:38:10 ----D---- C:\Users\vista\AppData\Roaming\Skype
2010-05-31 10:18:07 ----D---- C:\Windows
2010-05-31 09:49:59 ----D---- C:\Users\vista\AppData\Roaming\uTorrent
2010-05-31 09:48:21 ----D---- C:\Users\vista\AppData\Roaming\skypePM
2010-05-31 03:50:13 ----SHD---- C:\System Volume Information
2010-05-30 22:50:24 ----D---- C:\ProgramData\Google Updater
2010-05-30 14:19:05 ----D---- C:\Program Files (x86)
2010-05-30 14:18:28 ----HD---- C:\ProgramData
2010-05-29 13:43:55 ----D---- C:\Program Files (x86)\Winamp
2010-05-28 21:13:22 ----D---- C:\ProgramData\Spyware Terminator
2010-05-28 09:45:43 ----SHD---- C:\Windows\Installer
2010-05-27 13:38:05 ----D---- C:\Windows\SysWOW64\drivers
2010-05-27 13:37:33 ----D---- C:\Windows\inf
2010-05-27 13:37:32 ----D---- C:\Windows\SysWOW64
2010-05-27 13:37:28 ----D---- C:\Windows\System32
2010-05-27 13:37:28 ----D---- C:\ProgramData\Bluetooth
2010-05-27 10:41:47 ----D---- C:\Program Files (x86)\Electronic Arts
2010-05-27 10:21:10 ----RSD---- C:\Windows\assembly
2010-05-27 10:21:09 ----D---- C:\Program Files (x86)\Common Files\Nero
2010-05-27 10:17:43 ----A---- C:\Windows\SysWOW64\MsiExec.exe.log
2010-05-26 16:51:41 ----A---- C:\Windows\NeroDigital.ini
2010-05-26 16:49:28 ----D---- C:\Windows\ModemLogs
2010-05-26 15:55:30 ----D---- C:\Program Files (x86)\Common Files\Nokia
2010-05-26 15:53:24 ----D---- C:\ProgramData\OviInstallerCache
2010-05-26 11:13:49 ----D---- C:\Windows\rescache
2010-05-26 10:56:08 ----D---- C:\ProgramData\NVIDIA
2010-05-26 10:51:31 ----D---- C:\Windows\winsxs
2010-05-26 10:51:31 ----D---- C:\Program Files (x86)\Internet Explorer
2010-05-26 10:51:22 ----D---- C:\Windows\SysWOW64\en-US
2010-05-26 10:51:22 ----D---- C:\Windows\SysWOW64\cs-CZ
2010-05-24 08:32:06 ----D---- C:\Users\vista\AppData\Roaming\dvdcss
2010-05-22 18:11:00 ----D---- C:\Program Files (x86)\Spyware Terminator
2010-05-22 18:10:50 ----D---- C:\Users\vista\AppData\Roaming\Spyware Terminator
2010-05-21 20:33:22 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-05-19 19:02:51 ----D---- C:\Users\vista\AppData\Roaming\vlc
2010-05-19 15:41:19 ----D---- C:\Windows\system
2010-05-19 09:05:21 ----D---- C:\ProgramData\Installations
2010-05-19 08:59:30 ----D---- C:\Program Files (x86)\Nokia
2010-05-19 07:26:13 ----D---- C:\Program Files (x86)\Oleansoft
2010-05-19 07:14:53 ----A---- C:\Windows\hce29port.ini
2010-05-17 15:48:25 ----D---- C:\Program Files (x86)\uTorrent
2010-05-12 21:13:38 ----SD---- C:\Users\vista\AppData\Roaming\Microsoft
2010-05-12 21:07:52 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe
2010-05-12 18:22:00 ----D---- C:\Windows\Debug
2010-05-12 15:27:41 ----D---- C:\Program Files (x86)\Windows Mail
2010-05-01 21:44:24 ----AD---- C:\ProgramData\TEMP
2010-05-01 21:20:30 ----D---- C:\Windows\Logs
2010-05-01 20:21:44 ----D---- C:\ProgramData\Microsoft Help
2010-05-01 20:20:56 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-05-01 20:20:48 ----D---- C:\Program Files (x86)\Common Files
2010-05-01 20:20:38 ----D---- C:\Windows\ShellNew
2010-05-01 20:19:52 ----RSD---- C:\Windows\Fonts
2010-05-01 20:15:58 ----D---- C:\Program Files (x86)\Common Files\System
2010-05-01 20:15:54 ----A---- C:\Windows\win.ini
2010-05-01 20:15:37 ----RD---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys []
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 a7lt2n31;a7lt2n31; C:\Windows\SysWOW64\drivers\a7lt2n31.sys []
S3 avuom3z5;avuom3z5; C:\Windows\SysWOW64\drivers\avuom3z5.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys []
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys []
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys []
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\Windows\system32\DRIVERS\s816bus.sys []
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s816mdfl.sys []
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s816mdm.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys []
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys []
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2010-05-27 971968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-06 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-05-12 103736]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-04-14 488960]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 23296]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-02-26 652800]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 01 čer 2010 05:33

Zdravim,

nekolik bodu na uvod:

tohle proxy 83.146.92.217:8080 mate umyslne?
Tohle C:\Program Files (x86)\Mail.Ru znate?
Spybot - Search & Destroy doporucuji odinstalovat - tento program ma uz nejlepsi leta za sebou
Doporucuji odinstalovat klienty P2P siti - jsou potencialnim rizikem pro bezpecnost PC a jsou velmi casto zdrojem viru a haveti - navic jejich pouzivani odporuje i pravidlum naseho fora (vice zde)
Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 5min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

kazi21 · #3 Příspěvek od **kazi21** » 01 čer 2010 11:29

Dobré poledne.
Takže proxy schválně nahozený nemam, vubec nevim jak se to mohlo bez meho povolení tam dat???(Ja jsem si řikal proč mi nejde se přihlasit na účet-seznam.cz-neplatné heslo a dokola)
Mail.ru to je agent,takže ok.
Ty klienty p2p sití , kdybyste dal navod , myslim tim že ani netuším co to je(Sorry)?
Spybota odinstaluji!!!
Logy jsou tu:

OTL logfile created on: 1.6.2010 12:09:10 - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\vista\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,53 Gb Total Space | 210,39 Gb Free Space | 46,19% Space Free | Partition Type: NTFS
Drive D: | 10,23 Gb Total Space | 1,41 Gb Free Space | 13,83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VISTA-PC
Current User Name: vista
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.01 12:01:36 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\vista\Desktop\OTL.exe
PRC - [2010.05.27 08:40:16 | 000,971,968 | ---- | M] () -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
PRC - [2010.05.12 21:07:52 | 000,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010.04.14 12:43:20 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010.04.14 12:43:19 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
PRC - [2010.02.03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009.08.06 15:57:46 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (SafeList) ==========

MOD - [2010.06.01 12:01:36 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\vista\Desktop\OTL.exe
MOD - [2009.04.11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.11.16 10:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009.09.25 03:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.04.11 09:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.04.11 09:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.04.11 09:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2009.04.11 09:11:04 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2008.01.19 10:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008.01.19 10:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.01.19 10:00:17 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV - [2010.05.27 08:40:16 | 000,971,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe -- (Guard.Mail.ru)
SRV - [2010.05.12 21:07:52 | 000,103,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010.04.14 12:43:19 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.02.26 16:14:04 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.06 15:57:46 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.03.30 06:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.11.02 15:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 08:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 08:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.03.12 18:40:20 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VX1000.sys -- (VX1000)
DRV:64bit: - [2010.02.26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.02.26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.02.26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010.02.26 14:21:22 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.02.26 14:21:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2009.12.18 16:02:26 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009.11.16 10:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009.11.16 09:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009.05.01 20:53:51 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.04.11 09:15:30 | 000,160,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol)
DRV:64bit: - [2009.04.11 07:40:06 | 000,694,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2009.04.11 07:39:57 | 000,178,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009.04.11 07:39:55 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2009.04.11 07:39:53 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2009.04.11 07:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2009.04.11 07:39:34 | 000,098,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009.04.11 06:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008.12.20 15:29:41 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.01.19 08:38:16 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008.01.19 08:34:19 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2007.06.19 08:50:54 | 000,143,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816mdm.sys -- (s816mdm)
DRV:64bit: - [2007.06.19 08:50:48 | 000,018,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816mdfl.sys -- (s816mdfl)
DRV:64bit: - [2007.06.19 08:50:46 | 000,107,048 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2010.03.12 18:40:20 | 000,101,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\VX1000.dll -- (VX1000)
DRV - [2008.12.19 19:37:35 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2007.07.14 01:50:52 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006.09.18 23:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
IE - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files (x86)\Mail.Ru\Agent\Mra\dll\newmrasearch.dll ()
IE - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.146.92.217:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "http://www.mail.ru/"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/search?fr=fftb&utf8in&q="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.centrum.cz/skinit/icq/"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..extensions.enabledItems: {7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.42.0
FF - prefs.js..extensions.enabledItems: {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.03
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D}:2.0.1.46
FF - prefs.js..keyword.URL: "http://go.mail.ru/search?utf8in=1&fr=fftbUFix&q="
FF - prefs.js..network.proxy.no_proxies_on: "plimus.com,www.plimus.com,regnow.com,www.regnow.com,"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 7070
FF - prefs.js..network.proxy.type: 1

FF - user.js..network.proxy.type: 1
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.ftp: ""
FF - user.js..network.proxy.ftp_port: 0
FF - user.js..network.proxy.gopher: ""
FF - user.js..network.proxy.gopher_port: 0
FF - user.js..network.proxy.socks_version: 5
FF - user.js..network.proxy.socks: "127.0.0.1"
FF - user.js..network.proxy.socks_port: 7070
FF - user.js..network.proxy.no_proxies_on: "plimus.com,www.plimus.com,regnow.com,www.regnow.com,"

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.07 21:04:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.26 15:54:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.05.15 22:50:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.30 14:19:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.02.22 20:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.26 15:54:35 | 000,000,000 | ---D | M]

[2008.12.22 00:31:59 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Extensions
[2010.05.31 13:13:37 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions
[2010.03.06 20:16:15 | 000,000,000 | ---D | M] (WebTran) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2010.05.29 13:43:35 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.08.11 23:15:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.22 08:06:19 | 000,000,000 | ---D | M] (ĐˇĐżŃŃ‚Đ˝Đ¸Đş @Mail.Ru) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2009.01.16 14:33:28 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2009.03.28 10:49:56 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\yasearch@yandex.ru
[2009.03.28 10:49:54 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\yasearch@yandex.ru\chrome\skin\extensions-hacks
[2009.06.18 18:05:35 | 000,000,523 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\daemon-search.xml
[2009.12.30 01:20:38 | 000,000,944 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\icqplugin.xml
[2010.01.22 21:03:38 | 000,001,533 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\mailru---.xml
[2010.01.22 08:06:34 | 000,001,431 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\mailru.xml
[2010.05.31 13:13:48 | 000,000,358 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\winamp-search.xml
[2010.03.27 20:21:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.01.30 09:50:33 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2009.08.05 15:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.25 09:32:38 | 000,001,340 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009.03.28 21:52:40 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.22 08:06:34 | 000,001,431 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mailru.xml
[2009.03.28 21:52:40 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.03.28 21:52:40 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.03.28 21:52:40 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.03.28 21:52:40 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe ()
O4 - HKLM..\Run: [MAgent] C:\Program Files (x86)\Mail.Ru\Agent\MAgent.exe (Mail.Ru)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://webcam.aicomp.de/kxhcm10.ocx (KX-HCM10 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.188.178.129 80.188.178.132
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\vista\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\vista\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a970c6ff-d654-11dd-ba17-001e9029280e}\Shell\AutoRun\command - "" = L:\EmDesk.exe -- File not found
O33 - MountPoints2\{a970c6ff-d654-11dd-ba17-001e9029280e}\Shell\EmDesk\command - "" = L:\EmDesk.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008.12.21 20:46:52 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008.12.21 20:47:14 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - C:\Windows\SysNative\vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSACM.MSNAUDIO - C:\Windows\SysWow64\MSNAUDIO.ACM (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

kazi21 · #4 Příspěvek od **kazi21** » 01 čer 2010 15:18

Tohle je pokračovaní nevešlo se to sem

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010.06.01 12:01:02 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\vista\Desktop\OTL.exe
[2010.05.31 10:19:30 | 000,000,000 | ---D | C] -- C:\Users\vista\Documents\Games for Windows - LIVE Demos
[2010.05.27 12:25:57 | 000,000,000 | ---D | C] -- C:\Users\vista\AppData\Roaming\PhoneRemoteControl
[2010.05.27 12:24:49 | 000,000,000 | ---D | C] -- C:\Users\vista\AppData\Local\Downloaded Installations
[2010.05.27 08:40:07 | 000,000,000 | ---D | C] -- C:\Users\vista\AppData\Roaming\Mra
[2010.05.27 08:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mail.Ru
[2010.05.26 10:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010.05.19 15:46:13 | 000,000,000 | R--D | C] -- C:\Users\vista\Documents\Scanned Documents
[2010.05.19 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\vista\Documents\Fax
[2010.05.19 09:12:36 | 000,042,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2010.05.19 09:05:12 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010.05.19 09:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010.05.16 15:21:00 | 000,000,000 | ---D | C] -- C:\Users\vista\Desktop\HRY
[2010.05.10 21:34:03 | 000,000,000 | ---D | C] -- C:\Users\vista\DoctorWeb
[2010.05.09 12:57:50 | 000,000,000 | ---D | C] -- C:\Users\vista\AppData\Roaming\Malwarebytes
[2010.05.09 12:57:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.09 12:57:38 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.09 12:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.09 12:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.05.08 20:19:33 | 000,000,000 | ---D | C] -- C:\rsit
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.06.01 12:15:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{46834853-4A93-4B6F-8290-4000792C283D}.job
[2010.06.01 12:14:07 | 004,456,448 | ---- | M] () -- C:\Users\vista\NTUSER.DAT
[2010.06.01 12:10:19 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.06.01 12:01:36 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\vista\Desktop\OTL.exe
[2010.06.01 11:41:01 | 000,226,592 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.01 11:40:56 | 000,226,592 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.01 11:40:47 | 000,003,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.01 11:40:47 | 000,003,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.01 11:40:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.01 11:40:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.31 23:19:05 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.31 23:18:55 | 000,524,288 | -HS- | M] () -- C:\Users\vista\NTUSER.DAT{979c3d3d-3262-11de-8e53-001e9029280e}.TMContainer00000000000000000001.regtrans-ms
[2010.05.31 23:18:55 | 000,065,536 | -HS- | M] () -- C:\Users\vista\NTUSER.DAT{979c3d3d-3262-11de-8e53-001e9029280e}.TM.blf
[2010.05.31 23:18:36 | 003,418,981 | -H-- | M] () -- C:\Users\vista\AppData\Local\IconCache.db
[2010.05.31 23:16:01 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.31 10:18:41 | 000,001,900 | ---- | M] () -- C:\Users\vista\Documents\cc_20100531_101836.reg
[2010.05.31 00:00:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-vista-PC_vista.job
[2010.05.29 13:43:36 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010.05.29 13:20:24 | 000,012,116 | ---- | M] () -- C:\Users\vista\Documents\cc_20100529_132019.reg
[2010.05.29 13:17:05 | 000,201,216 | ---- | M] () -- C:\Users\vista\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.27 13:47:42 | 000,000,680 | ---- | M] () -- C:\Users\vista\AppData\Local\d3d9caps.dat
[2010.05.27 10:58:31 | 000,024,998 | ---- | M] () -- C:\Users\vista\Documents\cc_20100527_105824.reg
[2010.05.26 17:14:13 | 000,001,376 | ---- | M] () -- C:\Users\vista\Documents\cc_20100526_171409.reg
[2010.05.26 16:51:41 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.05.26 16:50:13 | 000,598,622 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.05.26 16:50:13 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.26 16:50:13 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.26 16:50:12 | 001,393,930 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.26 16:50:12 | 000,114,816 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.05.26 15:58:22 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.05.25 15:12:06 | 000,013,490 | ---- | M] () -- C:\Users\vista\Documents\geografie.odt
[2010.05.22 10:44:42 | 000,002,072 | ---- | M] () -- C:\Users\vista\Documents\cc_20100522_104438.reg
[2010.05.21 20:35:23 | 000,002,622 | ---- | M] () -- C:\Users\vista\Documents\cc_20100521_203514.reg
[2010.05.19 09:13:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010.05.19 09:13:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.05.19 08:57:44 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.05.19 08:55:59 | 035,926,608 | ---- | M] () -- C:\Users\vista\Documents\NokiaSoftwareUpdaterSetup_cs.exe
[2010.05.19 07:47:33 | 000,004,226 | ---- | M] () -- C:\Users\vista\Documents\cc_20100519_074728.reg
[2010.05.19 07:14:53 | 000,000,017 | ---- | M] () -- C:\Windows\hce29port.ini
[2010.05.12 21:07:52 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.05.09 18:07:20 | 000,002,506 | ---- | M] () -- C:\Users\vista\Documents\cc_20100509_180715.reg
[2010.05.09 12:57:45 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.09 12:55:08 | 000,003,082 | ---- | M] () -- C:\Users\vista\Documents\cc_20100509_125503.reg
[2010.05.09 12:50:20 | 000,001,720 | ---- | M] () -- C:\Users\vista\Desktop\CCleaner.lnk
[2010.05.08 21:16:18 | 000,010,738 | ---- | M] () -- C:\Users\vista\Documents\cc_20100508_211611.reg
[2010.05.08 20:18:54 | 000,824,681 | ---- | M] () -- C:\Users\vista\Desktop\RSIT.exe
[2010.05.03 17:25:59 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.31 10:18:38 | 000,001,900 | ---- | C] () -- C:\Users\vista\Documents\cc_20100531_101836.reg
[2010.05.29 13:20:21 | 000,012,116 | ---- | C] () -- C:\Users\vista\Documents\cc_20100529_132019.reg
[2010.05.27 10:58:27 | 000,024,998 | ---- | C] () -- C:\Users\vista\Documents\cc_20100527_105824.reg
[2010.05.26 17:14:11 | 000,001,376 | ---- | C] () -- C:\Users\vista\Documents\cc_20100526_171409.reg
[2010.05.26 15:58:22 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.05.23 13:47:13 | 000,013,490 | ---- | C] () -- C:\Users\vista\Documents\geografie.odt
[2010.05.22 10:44:39 | 000,002,072 | ---- | C] () -- C:\Users\vista\Documents\cc_20100522_104438.reg
[2010.05.21 20:35:20 | 000,002,622 | ---- | C] () -- C:\Users\vista\Documents\cc_20100521_203514.reg
[2010.05.19 09:13:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010.05.19 09:13:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.05.19 09:12:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.05.19 08:57:44 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.05.19 08:54:43 | 035,926,608 | ---- | C] () -- C:\Users\vista\Documents\NokiaSoftwareUpdaterSetup_cs.exe
[2010.05.19 07:47:30 | 000,004,226 | ---- | C] () -- C:\Users\vista\Documents\cc_20100519_074728.reg
[2010.05.09 18:07:18 | 000,002,506 | ---- | C] () -- C:\Users\vista\Documents\cc_20100509_180715.reg
[2010.05.09 12:57:45 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.09 12:55:05 | 000,003,082 | ---- | C] () -- C:\Users\vista\Documents\cc_20100509_125503.reg
[2010.05.08 21:16:14 | 000,010,738 | ---- | C] () -- C:\Users\vista\Documents\cc_20100508_211611.reg
[2010.05.08 20:18:45 | 000,824,681 | ---- | C] () -- C:\Users\vista\Desktop\RSIT.exe
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.09 23:48:43 | 000,000,094 | ---- | C] () -- C:\Windows\winin.ini
[2010.02.22 23:31:46 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2010.01.26 17:36:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.18 18:26:40 | 001,421,006 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.09.28 14:50:54 | 000,142,592 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys
[2009.08.14 21:08:08 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.08.14 21:05:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.05 00:02:00 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.01.15 18:40:18 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.12.21 18:19:24 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.04.10 23:46:39 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2005.10.21 15:05:33 | 000,000,017 | ---- | C] () -- C:\Windows\hce29port.ini
[2003.01.20 16:48:41 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\msstc-ocd.dll
[2002.06.26 19:38:44 | 000,009,011 | ---- | C] () -- C:\Windows\SysWow64\mswtn-oce.dll

========== LOP Check ==========

[2009.01.12 21:09:51 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Anonymizer
[2010.03.10 10:46:59 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Atelier Web
[2008.12.29 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.06.18 18:05:29 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\DAEMON Tools
[2009.03.15 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Delete Cookie
[2009.03.15 13:34:12 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\GetRightToGo
[2009.01.29 23:40:16 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\GHISLER
[2009.01.31 12:01:13 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\gtk-2.0
[2009.05.01 12:02:16 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Hide IP NG
[2009.03.26 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\HideIP
[2009.08.24 22:32:51 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\HLSW
[2010.03.12 10:19:28 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\ICQ
[2008.12.29 01:41:56 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\ICQLite
[2010.02.22 23:33:33 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\LangSoft
[2010.02.22 18:39:46 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\LockHunter
[2010.05.27 08:40:52 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mra
[2010.01.07 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Nokia
[2010.01.07 16:12:57 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Nokia Ovi Suite
[2009.11.18 18:43:37 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Nseries
[2008.12.30 11:40:43 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\OpenOffice.org
[2010.01.05 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\PC Suite
[2010.03.15 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\PeerNetworking
[2010.05.27 13:26:54 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\PhoneRemoteControl
[2008.12.21 14:04:34 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\ReGet Software
[2010.05.22 18:10:50 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Spyware Terminator
[2008.12.27 17:07:34 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\streamripper
[2009.06.12 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\TeamViewer
[2010.06.01 11:57:23 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\uTorrent
[2008.12.21 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\VitySoft
[2008.12.30 14:19:18 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\VoipDiscount
[2009.01.31 16:52:11 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Yandex
[2009.12.29 18:08:07 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Zoner
[2010.05.31 23:19:08 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.01 12:15:41 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{46834853-4A93-4B6F-8290-4000792C283D}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.04.11 09:10:53 | 001,555,968 | ---- | M] (Microsoft Corporation)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.19 10:00:14 | 000,138,240 | ---- | M] (Microsoft Corporation)
"SpywareTerminatorUpdate" = "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2010.04.14 12:43:20 | 003,037,696 | ---- | M] (Crawler.com)
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.04.06 02:27:46 | 026,102,056 | R--- | M] (Skype Technologies S.A.)
"" =
"RGSC" = C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent -- [2009.12.15 23:10:19 | 000,306,088 | ---- | M] (Take-Two Interactive Software, Inc.)
"uTorrent" = "C:\Program Files (x86)\uTorrent\uTorrent.exe" -- [2010.05.17 15:48:01 | 000,322,352 | ---- | M] (BitTorrent, Inc.)
"AlcoholAutomount" = "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount -- [2007.08.01 20:17:21 | 000,222,592 | ---- | M] (Alcohol Soft Development Team)

< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.12.29 22:50:06 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Adobe
[2009.01.12 21:09:51 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Anonymizer
[2010.03.10 10:46:59 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Atelier Web
[2009.12.29 22:59:04 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\AVS4YOU
[2008.12.29 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.06.18 18:05:29 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\DAEMON Tools
[2009.03.15 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Delete Cookie
[2009.02.21 12:59:50 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Download Manager
[2010.05.24 08:32:06 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\dvdcss
[2009.03.15 13:34:12 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\GetRightToGo
[2009.01.29 23:40:16 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\GHISLER
[2009.01.31 15:46:03 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Google
[2009.01.31 12:01:13 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\gtk-2.0
[2009.07.04 22:13:46 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Hamachi
[2009.05.01 12:02:16 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Hide IP NG
[2009.03.26 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\HideIP
[2009.08.24 22:32:51 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\HLSW
[2010.03.12 10:19:28 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\ICQ
[2008.12.29 01:41:56 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\ICQLite
[2008.12.19 19:55:22 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Identities
[2010.02.22 23:33:33 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\LangSoft
[2010.02.22 18:39:46 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\LockHunter
[2008.12.20 21:58:53 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Macromedia
[2010.05.09 12:57:50 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Malwarebytes
[2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Media Center Programs
[2010.05.12 21:13:38 | 000,000,000 | --SD | M] -- C:\Users\vista\AppData\Roaming\Microsoft
[2008.12.22 00:31:59 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla
[2010.05.27 08:40:52 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mra
[2009.01.15 18:40:26 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Nero
[2009.11.23 09:53:24 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\NeroDCTemplates
[2010.01.07 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Nokia
[2010.01.07 16:12:57 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Nokia Ovi Suite
[2009.11.18 18:43:37 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Nseries
[2008.12.30 11:40:43 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\OpenOffice.org
[2010.01.05 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\PC Suite
[2010.03.15 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\PeerNetworking
[2010.05.27 13:26:54 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\PhoneRemoteControl
[2008.12.21 14:04:34 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\ReGet Software
[2009.08.23 19:31:27 | 000,000,000 | RH-D | M] -- C:\Users\vista\AppData\Roaming\SecuROM
[2010.06.01 12:15:02 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Skype
[2010.06.01 11:41:14 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\skypePM
[2010.05.22 18:10:50 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Spyware Terminator
[2008.12.27 17:07:34 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\streamripper
[2009.06.12 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\TeamViewer
[2010.02.22 13:46:29 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\UltraVNC
[2010.06.01 11:57:23 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\uTorrent
[2008.12.21 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\VitySoft
[2010.05.19 19:02:51 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\vlc
[2008.12.30 14:19:18 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\VoipDiscount
[2010.03.05 14:14:28 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Winamp
[2008.12.20 15:25:09 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\WinRAR
[2009.01.31 16:52:11 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Yandex
[2009.12.29 18:08:07 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2010.03.11 09:17:44 | 064,164,264 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
[2010.02.02 18:01:51 | 007,052,368 | ---- | M] (ZONER software ) -- C:\Users\vista\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build06.exe

< MD5 for: AGP440.SYS >
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.12.19 20:38:14 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008.01.19 10:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.12.19 20:38:15 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CDROM.SYS >
[2008.01.19 08:29:04 | 000,079,872 | ---- | M] (Microsoft Corporation) MD5=3B2FB35363423ED60C8FBF15FC8680BD -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_bbc7f7665c24db80\cdrom.sys
[2009.04.11 07:34:39 | 000,079,872 | ---- | M] (Microsoft Corporation) MD5=C025AA69BE3D0D25C7A2E746EF6F94FC -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_bdb370725946a6cc\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.04.11 09:11:14 | 000,166,912 | ---- | M] (Microsoft Corporation) MD5=18918613E63F387CDE4D95CA7D49DCF7 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_d409adf4504e8a6b\cryptsvc.dll
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 10:01:10 | 000,165,376 | ---- | M] (Microsoft Corporation) MD5=4374F784121D8B3BB466B03F5E5EBD33 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_d21e34e8532cbf1f\cryptsvc.dll
[2006.11.02 13:16:52 | 000,163,328 | ---- | M] (Microsoft Corporation) MD5=4B48CC76EBFE97314EA64C3BDA983623 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_cfe772ec5641ae4b\cryptsvc.dll
[2008.01.19 09:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008.12.19 20:50:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.12.19 20:50:09 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.12.19 20:50:10 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.12.19 20:50:09 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2006.11.02 13:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.12.19 20:47:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_b61f6f46696c67ab\explorer.exe
[2008.12.19 20:50:10 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.12.19 20:47:26 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=819D88EC82C2C44B556DC32ED22044DE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_ac3dc19d4e3a6405\explorer.exe
[2008.12.19 20:50:09 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2008.12.19 20:47:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_b6926bef829b2600\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.12.19 20:50:08 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.12.19 20:50:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.19 10:00:15 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.12.19 20:47:27 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=FCBF8AC1855EF986CDEC2387760F71C6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_abcac4f4350ba5b0\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 09:15:31 | 000,233,448 | ---- | M] (Microsoft Corporation) MD5=822EA80D8E91D1BD5F31954348842AAA -- C:\Windows\winsxs\amd64_hal.inf_31bf3856ad364e35_6.0.6002.18005_none_612624babd6ea012\hal.dll
[2008.01.19 10:11:22 | 000,233,528 | ---- | M] (Microsoft Corporation) MD5=D63C785A6EF1A3DE684781698A0CC9AF -- C:\Windows\winsxs\amd64_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_5f3aabaec04cd4c6\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.19 10:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2008.01.19 10:07:46 | 000,023,608 | ---- | M] (Microsoft Corporation) MD5=0672BFCEDC6FC468A2B0500D81437F4F -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\isapnp.sys
[2008.01.19 10:07:46 | 000,023,608 | ---- | M] (Microsoft Corporation) MD5=0672BFCEDC6FC468A2B0500D81437F4F -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.06.15 15:21:28 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=02474FBCB00AA5C622E92F620DB9A041 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_02bcb9272e6ecc60\lsass.exe
[2009.09.10 17:22:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=1104B18819392FEA12FB5F9E170E66B3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_00fbc3d9312b9991\lsass.exe
[2009.02.13 10:52:40 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1979F94B28107233315DD6220F2304DD -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_02ad19252e799f25\lsass.exe
[2008.01.19 10:00:20 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1B461E9F6DB0EF829B4369F47A24BBEC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_026926461528a96c\lsass.exe
[2008.01.19 10:00:20 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1B461E9F6DB0EF829B4369F47A24BBEC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_02635b98152c3e5e\lsass.exe
[2008.01.19 10:00:20 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1B461E9F6DB0EF829B4369F47A24BBEC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_04549f52124a74b8\lsass.exe
[2009.06.15 15:34:54 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=1E766E4C5BF9E230AD37A56BF7DB6C94 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_00d282d7314a3edc\lsass.exe
[2009.06.15 15:32:30 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=306E4503E083A498AE797FF59FA72839 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_00373bf8183ad660\lsass.exe
[2009.06.15 15:15:02 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=40348DCEC0712ED42231C5F90A69A690 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_041a8e8e12769b11\lsass.exe
[2009.09.09 13:32:36 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=41FB90DF49F203672F459122EF1F13B1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_02effd0d2e47247b\lsass.exe
[2009.02.13 07:14:46 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=563B71CEF1D46A24C5980FA2988DB67F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_0101906d312801c6\lsass.exe
[2006.11.02 13:15:57 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=7B6AA93EEE1F354B3A4AC2ADE5EE334E -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_0032644a183d9898\lsass.exe
[2009.06.15 15:26:45 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=80F4593E92FF960E4763380D3168E498 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_021f7b32155f99ff\lsass.exe
[2009.09.10 16:57:16 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=BBBCE2DACDCCD5EA60A50D0023AE2DE9 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_04c69d972b7a16dd\lsass.exe
[2009.02.13 09:46:54 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=E231BDBD7D69857EEFFDEB3A48A53824 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_006d4b9418124aab\lsass.exe
[2009.06.15 15:12:52 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=EBDAEE60E442BEA413E5D7CEDFB09463 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_04a52ba32b935432\lsass.exe

< MD5 for: NDIS.SYS >
[2008.01.19 10:12:09 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_03e5c74ad46c7e4e\ndis.sys
[2009.04.11 09:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_05d14056d18e499a\ndis.sys
[2006.11.02 13:52:20 | 000,641,128 | ---- | M] (Microsoft Corporation) MD5=CCA69C9493A13AF86DCF0AE272AFBB72 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_01af054ed7816d7a\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.01.19 10:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 10:10:12 | 000,128,056 | ---- | M] (NVIDIA Corporation) MD5=2C040B7ADA5B06F6FACADAC8514AA034 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2008.01.19 10:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 10:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: SMSS.EXE >
[2006.11.02 13:16:12 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=362C49C769D938B1FB6648D240BF5C76 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_06228184d4a4001c\smss.exe
[2008.01.19 10:00:39 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=9FC8E8C0F344EAE043740B72794DA3CC -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_08594380d18f10f0\smss.exe
[2009.04.11 09:10:54 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=C17704EA5B0F83D78F1377075FFE1C89 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_0a44bc8cceb0dc3c\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2006.11.02 13:16:13 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=6B30067D55E10E4DEBDC842FB1911479 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_0fa33328c0c01e47\svchost.exe
[2008.01.19 10:00:40 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.12.08 20:22:57 | 001,199,616 | ---- | M] (Microsoft Corporation) MD5=2F822AF5E70467F827F5B4010A7FD57F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_bb7549d64ac6920e\tcpip.sys
[2010.02.18 17:01:57 | 001,420,688 | ---- | M] (Microsoft Corporation) MD5=30C4ABC8075DEA44D7E775D434AF1753 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_0f2e179c1ecd900b\tcpip.sys
[2009.08.14 16:44:27 | 001,200,640 | ---- | M] (Microsoft Corporation) MD5=34B30202AECCB530FDDC6C6CCFA2FB46 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_bbc5fabc4a894d2a\tcpip.sys
[2010.02.18 14:25:21 | 001,200,640 | ---- | M] (Microsoft Corporation) MD5=396CF3FD8D2A4FDF55570C01894DB9DF -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_bba931004aa006ed\tcpip.sys
[2009.08.14 20:05:16 | 001,418,840 | ---- | M] (Microsoft Corporation) MD5=3BCD46BE9988B09D3510A0EF54F0D65B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9\tcpip.sys
[2010.02.18 17:04:06 | 001,414,032 | ---- | M] (Microsoft Corporation) MD5=4680D08A2E8A2509CD9B751D7AF59606 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys
[2010.02.18 16:22:15 | 001,423,752 | ---- | M] (Microsoft Corporation) MD5=4AD4600DF1F09EE7462152C061B683C8 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_118286a1352721f8\tcpip.sys
[2008.12.19 20:37:21 | 001,193,472 | ---- | M] (Microsoft Corporation) MD5=5833A92EDC82BA178E4915A8E81A1FC2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_bbaf54e84a9a7440\tcpip.sys
[2008.12.19 20:37:21 | 001,192,448 | ---- | M] (Microsoft Corporation) MD5=616E40EA154BECBB549A87790AA0D667 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_bc13807d63d4e92a\tcpip.sys
[2009.08.14 18:42:31 | 001,413,208 | ---- | M] (Microsoft Corporation) MD5=74B776CA1B328095FE23A3306B1613A3 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys
[2008.01.19 10:12:15 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=7A1183FBB802F5ABAD7FA18BC67E0858 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys
[2010.02.18 14:27:40 | 001,198,080 | ---- | M] (Microsoft Corporation) MD5=7B0B928E318CADC23C87226BE0A1097D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_bc37d12363b92291\tcpip.sys
[2008.01.09 02:33:22 | 001,193,472 | ---- | M] (Microsoft Corporation) MD5=8A77713E6FC47DE55F941C72A808839E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_bb8413524abae6dd\tcpip.sys
[2009.12.08 22:59:37 | 001,418,840 | ---- | M] (Microsoft Corporation) MD5=8C94F5E4F9DE14A495BAA86F643CF31D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_0ef8061a1ef61e99\tcpip.sys
[2008.04.26 10:55:25 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=8E041924441FF8755E5B4F135C8C3767 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_0efecf2c1ef1a5d7\tcpip.sys
[2009.04.11 09:15:48 | 001,426,408 | ---- | M] (Microsoft Corporation) MD5=99D07AD0EF2C535610F6573C29BC045E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_112826e21be57d78\tcpip.sys
[2009.08.14 18:39:38 | 001,425,992 | ---- | M] (Microsoft Corporation) MD5=A7BFF59C2F610F62E6C292074FF36A1E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_10c2d66e1c321395\tcpip.sys
[2010.02.18 16:28:06 | 001,427,336 | ---- | M] (Microsoft Corporation) MD5=B4B7B375FDD672AF79B0CBE9B9A48B47 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_112c2bd61be1dd22\tcpip.sys
[2009.12.08 20:21:46 | 001,196,032 | ---- | M] (Microsoft Corporation) MD5=BB6FB43B431CCAD6FC367648C87205C0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_bc00bf5763e297c8\tcpip.sys
[2008.01.09 02:33:21 | 001,192,960 | ---- | M] (Microsoft Corporation) MD5=C79C17ECF4FFFFCE57E40A3A877B6C42 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_bbfa10d963e6f137\tcpip.sys
[2009.12.08 23:13:33 | 001,411,656 | ---- | M] (Microsoft Corporation) MD5=D1A6D398865E0686533E13DD2558D64B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_0f81a4cb3813bb8a\tcpip.sys
[2009.08.14 18:32:21 | 001,424,952 | ---- | M] (Microsoft Corporation) MD5=D45D67A18C9FD4CC637BC9D4585C0646 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_11acc42135079bb6\tcpip.sys
[2009.08.16 00:55:23 | 001,196,032 | ---- | M] (Microsoft Corporation) MD5=D4E30E6BADFF21865C3A075457CF9C00 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_bc4f6fa963a72036\tcpip.sys
[2006.11.02 11:48:29 | 001,193,472 | ---- | M] (Microsoft Corporation) MD5=DB08D7CB8D64A07E4D59F8983CD13758 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_bb6d6f644acc0b1a\tcpip.sys
[2009.12.08 22:22:19 | 001,425,480 | ---- | M] (Microsoft Corporation) MD5=E52F99B1160A1A1DE83223379D2C1828 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_10e247ce1c1aa392\tcpip.sys
[2009.12.08 22:04:59 | 001,423,944 | ---- | M] (Microsoft Corporation) MD5=EE84432AD7DCADE2931528C319C55097 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_1159459f3545c743\tcpip.sys
[2008.04.26 10:47:15 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=F10A60005FB50698E33A1940C6EBB010 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_0f8c6d1f380baafd\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 10:00:45 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006.11.02 13:19:11 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=28E8AC2995EBAC957AB648F461056C55 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_4c9f8a4a89c86626\ws2_32.dll
[2008.01.19 10:04:48 | 000,265,216 | ---- | M] (Microsoft Corporation) MD5=63944ECFE4878C1C4889689324CABFAB -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_4ed64c4686b376fa\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_f4a329cecb77d110\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2009.04.11 09:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_50c1c55283d54246\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

========== Files - Unicode (All) ==========
[2010.05.27 08:40:17 | 000,001,761 | ---- | M] ()(C:\Users\Public\Desktop\Mail.Ru ?????.lnk) -- C:\Users\Public\Desktop\Mail.Ru Агент.lnk
[2010.05.27 08:40:17 | 000,001,761 | ---- | C] ()(C:\Users\Public\Desktop\Mail.Ru ?????.lnk) -- C:\Users\Public\Desktop\Mail.Ru Агент.lnk
[2009.08.11 14:44:53 | 000,000,000 | ---D | M](C:\Users\vista\Documents\????? Mail.Ru ??????) -- C:\Users\vista\Documents\Файлы Mail.Ru Агента
[2009.05.15 23:09:38 | 000,000,000 | ---D | C](C:\Users\vista\Documents\????? Mail.Ru ??????) -- C:\Users\vista\Documents\Файлы Mail.Ru Агента

========== Alternate Data Streams ==========

@Alternate Data Stream - 4 bytes -> C:\Windows\win.ini:s1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B6418BC9
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A73B0434
< End of report >

kazi21 · #5 Příspěvek od **kazi21** » 01 čer 2010 15:21

A ještě ten Extras.Txt

OTL Extras logfile created on: 1.6.2010 12:09:10 - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\vista\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,53 Gb Total Space | 210,39 Gb Free Space | 46,19% Space Free | Partition Type: NTFS
Drive D: | 10,23 Gb Total Space | 1,41 Gb Free Space | 13,83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VISTA-PC
Current User Name: vista
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3079210359-1618249588-441608347-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 68 0A CF 8F 9D 63 C9 01 [binary data]
"VistaSp2" = 70 70 AE 2A 1A 1D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C282E8-6F54-46DE-9D9B-7A2106EA3923}" = lport=138 | protocol=17 | dir=in | app=system |
"{0BF949A8-C5BE-4E73-9C3F-4227E91E227E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{0DCC2304-2947-4389-92C5-C82B7BE1F2B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1039397A-77FE-4557-9BD6-0169B154A7AF}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E25BC51-6193-4CE3-8503-37FC3C594211}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1EE88162-4DFE-42BA-AE5E-0B5DAEF611F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2572DB9E-0609-49AC-840A-444C0408D0D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2ADD95C2-C7BA-4F9D-A006-C827F566B482}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E0CF5BD-91DF-4DD5-88E2-E0525D2BC890}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{2F37863F-E30B-4E48-AB5A-4341F3F9F1C7}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3116F79E-B208-4F58-9688-82D2C7B3FC1F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{337619C7-110C-4B52-90B6-9A814F586867}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{35E9BC60-FE92-44FE-B304-3BAE30F1C4BA}" = lport=teredo | protocol=17 | dir=in | svc=iphlpsvc | app=c:\windows\system32\svchost.exe |
"{3890DF72-87FB-4468-BD5A-87D436A1A5E2}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{41B14586-85E8-4BD9-9C7C-EE57EEE65F10}" = lport=3390 | protocol=6 | dir=in | app=system |
"{501A4410-B421-48F3-B043-3E1F5E3C7ECB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{50644261-67C5-43D3-A6D3-9F76BFE370EF}" = rport=67 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe |
"{50C8ABD5-6B95-4B60-99E3-4E2DF284D6F3}" = lport=139 | protocol=6 | dir=in | app=system |
"{52BA7C97-C5D9-4403-A398-AD9B07B90A9E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{5D468818-F7B6-4B12-995C-91F045C7AC8C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5D762BD7-6E03-40B9-B9B9-0DC02F72FA44}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{5E1DC05A-20EA-4EAE-AFEA-6F3266776FBC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{620767F9-8F5C-453A-8A2B-2FC5376D8102}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66241C34-95FF-4BC8-8B39-C05CE72F8393}" = rport=10244 | protocol=6 | dir=out | app=system |
"{68A32A97-1244-4821-8E97-0382D3AA0119}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{716FE82F-9D27-49F6-B7D5-145C91C78BB3}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{75348D96-9182-47E9-A75E-9665DB9B3517}" = lport=5357 | protocol=6 | dir=in | app=system |
"{76B5347A-40BC-456B-BA7C-F451C23817B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{775BB7D4-7C0F-4154-A3C3-475380B3BE95}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{78DD079A-4AE2-4581-AB91-B09828EC2C76}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{7B36AC3D-C281-42A2-B43A-3A8EE2FDE84C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7E8AB974-EF16-41FA-B275-F0A540FE4CD7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8039C77E-0D21-4751-B143-A3DF8596671D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{803F296A-B448-4762-857C-93FC892D0892}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{82B4BADD-8164-4B23-9C16-7659B1347B17}" = lport=10243 | protocol=6 | dir=in | app=system |
"{87C67C54-C354-436C-93A0-0BFB17EEF7FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{87EFAEE6-8247-4AA2-877C-C9CDD8522F2B}" = rport=445 | protocol=6 | dir=out | app=system |
"{88342CAF-11AE-4D2A-B183-1F6392F629A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{903429A7-4168-4DF0-BA6F-4EBAD5A6DE0A}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{90BE47FB-62DB-4A90-A877-8ADE1B65ECEE}" = rport=137 | protocol=17 | dir=out | app=system |
"{9314A236-4D22-451F-BF8B-89BF2CD2C103}" = rport=5357 | protocol=6 | dir=out | app=system |
"{9A26440D-2DE0-4E82-84A4-4782D5599CAA}" = rport=5358 | protocol=6 | dir=out | app=system |
"{9CE66AEB-C86B-4BA6-AA53-A2985BB7F87F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D66FF05-0329-492D-B3EA-3DC2B568A2B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F26CC1A-D5A8-4631-9FFC-42E85E7220AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A01A4D20-1D8B-4AAA-BEFA-B66DFD14E403}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{A108D987-6C7A-4A45-A88B-B9149739CE30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A40BED70-47AD-4955-8490-CB1394AD4F63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7172005-D541-4BE4-BA14-828392501950}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8577227-9E9C-4EF6-8A37-BE65A6BFF268}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ACAEE003-E29B-429E-B0E0-951AA219377F}" = rport=139 | protocol=6 | dir=out | app=system |
"{B03DC748-F778-4F60-96F1-2F754E13E3A3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B28C7FCE-D2D5-4516-91DC-22AFFD44D33E}" = lport=445 | protocol=6 | dir=in | app=system |
"{B2DD95E8-77F0-49AB-B8D5-7DC6B47D1CC5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{B4738633-5C0B-4157-BFAA-C08FE1C1B77D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{B48AF33A-4BFA-4F30-9969-0F42C3B00DBA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BCBA08C0-08D3-4569-9756-E519CCC0DE7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{CC6716A1-3FC3-4F85-B5ED-A10375247852}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D47459BE-5F7F-489F-B32D-4B8A5293CBB0}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{D52AC6C3-BC62-49E7-BD62-8DDF5311698F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA49097A-7E6D-4CA4-A23C-4844426AE761}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{DB1326F0-481B-4F68-B0DC-7052E34DD0CD}" = rport=138 | protocol=17 | dir=out | app=system |
"{E3350DB1-5053-459F-95C4-952026ADFBD9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E7593A17-B1D8-4BCE-B341-2756B5B6D274}" = rport=67 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe |
"{E8504BAD-6844-4C51-B8D9-9EC3903B60E0}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{E8DD2311-2B1E-4735-8838-53AD4427B3D5}" = lport=5358 | protocol=6 | dir=in | app=system |
"{EE1AB5FD-0EE6-492E-B0CA-B70FDF775283}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{EE438514-47ED-4BB4-AE3F-24BFEA942C78}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EEBC2B4B-ED1C-4EC3-98E6-BB8D4238763B}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{F04CCDDA-1331-4969-9BDD-56D7AA5BD470}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{F85DDC2B-4EC1-4AF4-A3A6-682013CE2394}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC1114E3-3AA6-4AE9-9242-2CE445C467CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FDBD2D6D-34F3-4231-8763-4F91E0ED0E38}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D7A367-61D8-45D9-8F22-78103E97D01A}" = protocol=6 | dir=in | app=c:\program files (x86)\voipdiscount.com\voipdiscount\voipdiscount.exe |
"{0496D291-A900-4411-B89D-E0669D2E212C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{081CB47D-DC52-4848-9F12-1F0F6B92DA3C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0E14DF5C-3BF1-464D-8E79-E69C01DE9965}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0EC424D4-9069-4453-971C-534792C99AB5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1199F795-2B8C-4256-B63E-CDF779B3C872}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{123D58B9-6E73-4747-B494-74BD45927998}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{19BDF35B-E895-4260-B96D-1C72096F1642}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1AC14B4E-7B0A-4F1C-BC35-B9116A429312}" = protocol=58 | dir=out | name=core networking - parameter problem (icmpv6-out) |
"{28F7583F-1FF0-4A0A-9E0E-6433B46139CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2B83D903-55FE-44CF-9A4A-447CD4BE0E3E}" = protocol=58 | dir=out | name=core networking - time exceeded (icmpv6-out) |
"{2C0BC7DA-C6F1-48F9-BE60-EB59A94D03A9}" = protocol=58 | dir=in | app=system |
"{2C911ADE-38B5-40BE-8E7C-D94777E4D9F7}" = protocol=17 | dir=in | app=c:\program files\bitlord2\bitlord.exe |
"{2D28BCFE-BB50-49FD-B370-23B8A0577055}" = protocol=58 | dir=in | app=system |
"{2D7AD626-A424-45B9-9289-E0A703B13D0B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{2DC4DED7-3C4D-4285-807C-76832C77897F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30AA1B3F-C82A-40A5-B52E-DAADB5B63A8C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{328E198B-0083-4F03-A6C7-7054874E9E4B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3494229B-42E4-483B-AA02-D547353E7EAD}" = protocol=2 | dir=out | app=system |
"{36AA3F5F-BC1D-4238-B6E6-C1AF79A0867B}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{38289B22-DCE6-475E-9603-5569A4122F35}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3ABD4A9C-B46F-4F00-B0D2-D5D79F47E856}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C15E3E9-AFB1-4604-BEAD-B6B6988D277E}" = protocol=58 | dir=out | name=core networking - neighbor discovery solicitation (icmpv6-out) |
"{3D78A34F-CA2B-445A-ADCB-83A6ADA73282}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"{4169FA6A-4AC9-4B61-AEE1-F5F3DFEBDED7}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{463CE0D9-BF05-41A4-966C-2120297AC8B9}" = protocol=58 | dir=out | name=core networking - router advertisement (icmpv6-out) |
"{49F41589-2AC2-44AA-BBE2-8756C73C5853}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{50EFEA8B-A339-427D-B550-A20BD10E7012}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{524F2A0C-AFF0-4059-B747-0207524FF670}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{56D0F0DD-5390-4706-BE5B-03C0731DE0E7}" = protocol=58 | dir=in | app=system |
"{592FC25C-6FCB-406F-9B19-D07770DC49E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{5A8A1F58-8B63-4F5E-BC54-B0F518243FA9}" = protocol=58 | dir=out | name=core networking - router solicitation (icmpv6-out) |
"{5C4D9540-1DF0-47D4-B527-6FA3BB09E7D2}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{63F78524-1588-491B-A561-ADE12096A7F6}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{64450079-30A0-49C1-96F1-8F98CB1A961B}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{65BFD12B-41D1-4DF6-B9B3-43E53032324B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65E2FCD7-E082-49CE-BDD8-5E7B4E54C6D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A54AB84-C0CA-4726-9625-307FD47B8ED5}" = protocol=6 | dir=out | app=system |
"{6D718423-2ADE-4ECD-A9DB-9A2DFA168302}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{6D9D931B-4B95-4BF1-B8A5-B87385C78A0A}" = protocol=58 | dir=in | app=system |
"{6E4DC050-7276-4DDA-952B-0252DE99D190}" = protocol=58 | dir=out | name=core networking - packet too big (icmpv6-out) |
"{6F950E0D-19DB-4715-BCBE-CDB01B9615B6}" = protocol=58 | dir=out | name=core networking - multicast listener report (icmpv6-out) |
"{6FD329BB-AD13-4206-B5C4-CA7C80F0306F}" = protocol=41 | dir=in | app=system |
"{71655A69-AEF5-49AF-A0B7-F379091EB8F5}" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia home media server\media server\twonkymedia.exe |
"{73AC3C02-F87B-48F4-8A98-85B17EED16DA}" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{7441F773-F2ED-40F0-A7E8-B8919FA80DFE}" = protocol=58 | dir=in | app=system |
"{75FF7795-8A4F-4A37-9D11-18C23F371FF5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7690FD8F-72B8-4884-818A-C11582CB79F3}" = protocol=6 | dir=out | app=system |
"{76C64BD4-5192-4E55-860B-C02C7D3EE36A}" = protocol=58 | dir=in | app=system |
"{7AFF437B-28C4-47E5-99EF-F899004FFED1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C952EA8-C470-46A1-B972-ECE90778723A}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{8073503D-3C6A-44D6-BBBE-7DF4E84B6D57}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{8083390E-87D0-4936-9C03-909FFA44EC5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8524C472-4DDE-4FDB-8777-62393E78AEC3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{85A52BE9-C36E-4EE2-A4E1-D709B0437D7A}" = protocol=58 | dir=out | name=core networking - neighbor discovery advertisement (icmpv6-out) |
"{85F41578-AAF1-4EC7-82B4-C6E2B747A19B}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{8609FEBD-FFD8-48C1-816F-DE86693E2DE7}" = protocol=58 | dir=in | app=system |
"{8664A007-C6B2-4198-8794-70C404EEDCF0}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{86BD63B9-8AE4-4F3C-920E-6E9D7D0F239D}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{89340A8C-B827-4669-85FE-C5ACC22C9534}" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{8D883B75-BD45-4C4E-92D6-62B26530B672}" = protocol=17 | dir=out | svc=iphlpsvc | app=c:\windows\system32\svchost.exe |
"{8D8E8B53-D7E7-495B-9FB6-01E080E118C2}" = protocol=17 | dir=in | app=c:\program files (x86)\voipdiscount.com\voipdiscount\voipdiscount.exe |
"{8EB9FE6E-7776-429F-BE8B-4512884D712F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{921200DC-F88E-4838-AF65-CBFE18AD6962}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92A939BB-71AD-46D3-A5DD-79398EEFDEE0}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{9746A857-F3AE-426D-A716-96BC713B81F4}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{975163DD-B6AD-41D0-8878-23D8DFCD218E}" = protocol=58 | dir=out | name=core networking - multicast listener report v2 (icmpv6-out) |
"{989C5500-699A-4F58-ADBB-497ADC0AC55C}" = protocol=58 | dir=in | app=system |
"{9915390D-5DE6-49AF-A04B-0A7FF7432F89}" = protocol=58 | dir=in | app=system |
"{9B1813B9-1F04-4DEB-BBBC-59D69459746E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D08CA9C-64E3-4856-B82D-4D76DE9A4661}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9FD58863-BA19-4AF3-9EAF-A1CFDDA7A2BE}" = protocol=58 | dir=in | app=system |
"{A067D511-6D0F-40F0-8D82-8CB4D15C8C86}" = protocol=1 | dir=in | app=system |
"{A30FCDCF-59B6-4AA5-BFE3-DE377915CA79}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{A91EB78F-7C2C-4D96-B451-DD4112E98D84}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"{A994061F-FB90-4512-BC8F-2854F54209DB}" = protocol=58 | dir=in | app=system |
"{AC120496-C171-48B6-B143-ACB8DC84D9E6}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{AD5C0002-4F9E-440C-9EC8-E293BA6A7974}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{AE360638-704F-4769-ABA1-90A984C10D64}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{B1B5D74E-C004-49F7-A24C-00629FFE864D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B5726EB6-87CE-4F39-BEF2-743457607C77}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C5486535-6149-4870-A5E2-2F51A8F77273}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C66BC9F8-975C-4D64-B993-82920A0FBF6E}" = protocol=17 | dir=in | app=c:\windows\syswow64\ftp.exe |
"{C67AD0CE-5821-4851-8466-8C4A99020BA3}" = protocol=58 | dir=out | name=core networking - multicast listener query (icmpv6-out) |
"{CA3B9E45-E384-4399-8D1E-3217C5B3A5EB}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{CAB20B9D-5E2D-45EB-920E-8D2ACF38D5EC}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{CB3F3FDE-1990-4827-AC51-164774E846A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB92316A-BA9A-4A30-9CC3-1265C5C50DB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE4BE040-AAEF-4EEB-976E-4051DE745755}" = protocol=6 | dir=in | app=c:\program files\bitlord2\bitlord.exe |
"{CFA69C9F-AB1E-4A9E-901D-0008BA2D920F}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{D04A1021-BE89-40BB-B24E-DF3C8CB24101}" = protocol=2 | dir=in | app=system |
"{D7602DCC-5F60-490A-A63B-F36185C2810B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D78F8122-027B-471E-A0DE-F156DC83481C}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{D930767B-3EFB-42E6-9206-A78184681368}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{D934CFB6-0CE9-42A6-999A-CECDA2A60946}" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia home media server\media server\twonkymedia.exe |
"{DDF2CD47-A995-4A78-B727-0502FEA189C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\ftp.exe |
"{E00B879D-FB45-4DBF-AD71-AF394A6925D3}" = protocol=41 | dir=out | app=system |
"{E026706B-E9A0-42B9-A392-4876DDFB46F6}" = protocol=58 | dir=out | name=core networking - multicast listener done (icmpv6-out) |
"{E27B0F2D-9732-4582-807C-A01C95F316BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{E6EB2291-B8AD-4D2C-9189-1687C150D6CA}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{EB365D1C-D25D-4589-8550-915B0D2B7DE2}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{F237B44A-8F3F-4A25-9CA2-655F3882B07D}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{F5F793F0-DE1B-4D59-874C-3384AF862D28}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7088375-24FE-4C24-A845-3CB728C91A37}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F9D37845-B33A-4917-AA72-B0093546DB91}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{FA77509B-AF79-4DB2-B8D1-EBEA8795FBFE}" = protocol=58 | dir=in | app=system |
"TCP Query User{00270A58-CF0E-4635-8196-C37D4C24288D}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{066AE723-81DB-4DFF-A2C0-335A62335289}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero showtime\showtime.exe |
"TCP Query User{09239F3E-2F20-4AC1-8760-E76CC1BE4A7C}C:\program files (x86)\01smith\01smith.exe" = protocol=6 | dir=in | app=c:\program files (x86)\01smith\01smith.exe |
"TCP Query User{0A4A95A0-2741-4862-8898-1D9A8FC55DA9}\\jenda\c\call of duty\codmp.exe" = protocol=6 | dir=in | app=\\jenda\c\call of duty\codmp.exe |
"TCP Query User{10A00307-3D98-485E-8A92-FC002DEE3BDD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{1DC2B714-6249-4F40-9870-776E41110665}C:\program files (x86)\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mail.ru\agent\magent.exe |
"TCP Query User{1F548822-6F3E-41DC-AADF-1154CA5820C8}C:\users\vista\downloads\call of duty 4\setup\data\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\vista\downloads\call of duty 4\setup\data\iw3mp.exe |
"TCP Query User{2681EBD3-2A63-40CE-A26B-52DF13995F4E}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{292CCBA9-C7F2-42E2-9630-1F0FE445C578}\\jenda\c\call of duty\codmp.exe" = protocol=6 | dir=in | app=\\jenda\c\call of duty\codmp.exe |
"TCP Query User{2B284589-AEE3-4B64-A4C4-27B849BDF7EA}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{330BB956-121B-4120-A35A-5E4FE418B1AF}C:\program files (x86)\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mail.ru\agent\magent.exe |
"TCP Query User{395174B8-E565-4C99-82FC-ABB8585FBEE7}C:\program files (x86)\tvplayerclassic\tvplayerclassic.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvplayerclassic\tvplayerclassic.exe |
"TCP Query User{526D1D8C-A4D3-4054-9BE3-9469BFFD2D98}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{53D5AC9E-F9E7-4797-9506-4169D772E348}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{58450C57-2E41-4B60-A1B2-9F342D6FD8FD}C:\program files (x86)\java\jre6\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\frd.exe |
"TCP Query User{5988B03E-AB93-49F0-8820-733E7E1E8BE5}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{679645FC-38C7-4D40-A9B3-646700E52287}C:\program files (x86)\ea games\medal of honor allied assault spearhead demo\moh_spearhead_demo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\medal of honor allied assault spearhead demo\moh_spearhead_demo.exe |
"TCP Query User{70B0FB1D-0687-4638-9722-BFF682A30270}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{81F6DC09-6192-41F4-AD43-DB5D95C95FE7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{8CE38184-D951-4A0D-BFB1-A0EE25A8EE61}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{922150A3-D8D7-47AD-8902-83A6F3B3A671}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{9B397CC9-5589-4DEF-88F8-763A0637F8E4}C:\program files (x86)\oleansoft\hc\hce.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oleansoft\hc\hce.exe |
"TCP Query User{A436515D-F34A-4562-B8E1-077D9EE2D2F6}C:\program files (x86)\roger wilco\roger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\roger wilco\roger.exe |
"TCP Query User{A5F6C207-0D9A-4ED9-BAF3-199289B38078}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"TCP Query User{A69529A0-72D3-44A4-A9AD-C8C125F28016}C:\program files (x86)\01smith\01smith.exe" = protocol=6 | dir=in | app=c:\program files (x86)\01smith\01smith.exe |
"TCP Query User{BC1294A0-CDAD-4A8B-8CFA-D42023A23BB8}C:\users\vista\desktop\vzd plocha\winvnc.exe" = protocol=6 | dir=in | app=c:\users\vista\desktop\vzd plocha\winvnc.exe |
"TCP Query User{C1732C52-9E4F-46B7-8F16-0B39D65D56D3}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"TCP Query User{C82D0CB6-C7DF-483C-9E93-1978E9616FBA}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{C95E1726-E10F-465A-B18C-8522A74B5EB8}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"TCP Query User{D65F7C9E-98D2-4426-91D1-9A46B5189055}C:\users\vista\downloads\ares\ares.exe" = protocol=6 | dir=in | app=c:\users\vista\downloads\ares\ares.exe |
"TCP Query User{D8079204-2B33-4079-8742-79FFC5F7955C}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{DF25CA4D-CDB0-471E-B0FF-F5B2F4C9B142}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{E33D780F-2A80-4378-A95A-E838E9F6557B}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{E61908DA-8DA7-47DE-B9C8-E8EB3BB8B116}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{EA17AC47-9E54-48D0-84DA-41E4C22E7227}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{EA6A5840-4F9E-434F-9B99-C16171C0AC3E}C:\program files (x86)\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe |
"TCP Query User{EFAF2D1B-84CD-4008-BED8-84C356C5BDF4}C:\program files (x86)\reget software\reget deluxe\regetdx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reget software\reget deluxe\regetdx.exe |
"TCP Query User{F5EFC0D2-15F9-4819-A306-4E57D510CBE8}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{F60C62FA-BDAC-48C5-91EE-9CB409674BE7}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{03565A68-2ABC-4DBA-AED6-B50321B7921A}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{044924FC-1881-4066-9D16-8C87B6B3112A}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{0481E2E9-8A59-486F-B09D-E324A1B7FF13}C:\program files (x86)\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mail.ru\agent\magent.exe |
"UDP Query User{0AB935CD-9ADB-44D0-96E2-68DCDEC9F03B}C:\program files (x86)\tvplayerclassic\tvplayerclassic.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvplayerclassic\tvplayerclassic.exe |
"UDP Query User{0BC00868-0BEE-42DB-B890-4CA0FC864823}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{11627806-CCDD-4259-8F79-12197F41C51C}C:\program files (x86)\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mail.ru\agent\magent.exe |
"UDP Query User{1417D147-B676-4EB7-87B2-040DF84F0694}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero showtime\showtime.exe |
"UDP Query User{15618FC1-AD19-45C8-8D86-C1CA10BAAA4D}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{1AFAA849-B49E-435D-BEF0-0AF213FCA135}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{1BAFE7D3-D1DA-43E3-A60C-25AB1C2B9E2E}C:\users\vista\downloads\ares\ares.exe" = protocol=17 | dir=in | app=c:\users\vista\downloads\ares\ares.exe |
"UDP Query User{239635F9-385B-483C-AB52-3C7DF67AB5B1}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{32B0E790-DB91-4498-B718-F5BFB3D4E90D}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{3ED66993-E7A8-4538-A592-871C860F4B97}\\jenda\c\call of duty\codmp.exe" = protocol=17 | dir=in | app=\\jenda\c\call of duty\codmp.exe |
"UDP Query User{4A3A3F04-2C92-4787-9739-ABEFA8A87B4F}C:\program files (x86)\ea games\medal of honor allied assault spearhead demo\moh_spearhead_demo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\medal of honor allied assault spearhead demo\moh_spearhead_demo.exe |
"UDP Query User{4F36D569-7112-4867-AB66-AEE88D78F84D}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"UDP Query User{56381336-33D5-4AF2-999B-EE4BA04560F2}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"UDP Query User{57058A69-BE7E-41BC-85C0-967C35108961}C:\program files (x86)\oleansoft\hc\hce.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oleansoft\hc\hce.exe |
"UDP Query User{75F770C4-5E2E-4807-8E7D-B74041CD9753}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{766F8713-3B2D-4E44-99F8-8B8BC5464705}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{7A072C42-8D85-4B66-B991-49E3E1763602}C:\program files (x86)\01smith\01smith.exe" = protocol=17 | dir=in | app=c:\program files (x86)\01smith\01smith.exe |
"UDP Query User{84CCD1A4-43E5-40F8-AAFA-1AD8C4772FE5}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{9039AD80-05A6-4643-BA8E-E720E2F934CF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9094D8E9-5FA8-41D8-AC50-F63ED5DDA9CB}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{9125EF8F-5285-42D2-AA51-1021654F173D}C:\program files (x86)\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe |
"UDP Query User{959C2543-E8D8-4609-9130-79A2AAF3C003}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{97D24057-B6CA-4A27-ACCB-E3E3301A81B0}C:\program files (x86)\roger wilco\roger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\roger wilco\roger.exe |
"UDP Query User{9ABB2070-A7B7-4424-A9C9-58AEA0A66316}\\jenda\c\call of duty\codmp.exe" = protocol=17 | dir=in | app=\\jenda\c\call of duty\codmp.exe |
"UDP Query User{A232A765-0F7E-4464-AA26-25316AD80099}C:\users\vista\desktop\vzd plocha\winvnc.exe" = protocol=17 | dir=in | app=c:\users\vista\desktop\vzd plocha\winvnc.exe |
"UDP Query User{AF80DF24-1910-42A1-BCC2-D9E922740920}C:\program files (x86)\01smith\01smith.exe" = protocol=17 | dir=in | app=c:\program files (x86)\01smith\01smith.exe |
"UDP Query User{B90E59BC-FAA7-4552-BFEB-A3409E09F635}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{BA34A61A-EFB8-4589-A63F-8F216A152147}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{BCCB7317-EAE8-45B8-9B93-E7CA1E301F06}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{BE95D865-118A-4E1A-9041-FD7EE070415B}C:\program files (x86)\java\jre6\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\frd.exe |
"UDP Query User{CA96BB2C-81D7-4457-B296-2DE8ACC298AE}C:\program files (x86)\reget software\reget deluxe\regetdx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reget software\reget deluxe\regetdx.exe |
"UDP Query User{D069F7CF-66E1-458E-B598-68992C4D87E3}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{D115EF76-F91E-472F-9168-40F9CC4AA814}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{D4DE84A0-F5CB-4B5C-82DA-CA6B178D81A3}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{DD906F95-C550-43DD-BFD2-AC3A90E80FFD}C:\users\vista\downloads\call of duty 4\setup\data\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\vista\downloads\call of duty 4\setup\data\iw3mp.exe |
"UDP Query User{FCF863EB-20D2-469D-8ACC-29B85DF27675}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{16B03921-11C2-4351-9DF8-C83F4F2674F1}" = ESET NOD32 Antivirus
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{54699D7E-6710-4318-A488-7F8BF82BAB59}" = Testy Autoškola
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C0DA51-DB32-4F66-970B-7298F3CAF37F}" = Nokia Software Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-00B2-0405-0000-0000000FF1CE}" = Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE8BE32F-F595-4693-9F82-1E0A5A047BB6}" = OpenOffice.org 3.0
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1B7EF59-A3E2-452A-882E-076E1A18D94A}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Singleplayer Patch
"{DA18FD01-4830-45D6-8408-8F20A9D89D95}" = PC Connectivity Solution
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveXControlPad" = Microsoft ActiveX Control Pad
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe® Flash® Player 10 Plugin
"CCleaner" = CCleaner (remove only)
"FL Studio 8" = FL Studio 8
"Google Updater" = Google Updater
"Guard.Mail.ru" = Guard.Mail.ru
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D1B7EF59-A3E2-452A-882E-076E1A18D94A}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Singleplayer Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MRA" = Mail.Ru Агент 5.6 (сборка 3402, для всех пользователей)
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"Spyware Terminator_is1" = Spyware Terminator
"TmNationsForever_is1" = TmNationsForever
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

kazi21 · #6 Příspěvek od **kazi21** » 01 čer 2010 15:22

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3079210359-1618249588-441608347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7.1.2010 11:04:36 | Computer Name = vista-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
se nezdařilo. Závislé sestavení Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 7.1.2010 11:04:36 | Computer Name = vista-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
se nezdařilo. Závislé sestavení Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 7.1.2010 11:04:37 | Computer Name = vista-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
se nezdařilo. Závislé sestavení Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 7.1.2010 11:04:37 | Computer Name = vista-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
se nezdařilo. Závislé sestavení Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 7.1.2010 11:04:37 | Computer Name = vista-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
se nezdařilo. Závislé sestavení Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 7.1.2010 11:04:39 | Computer Name = vista-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
se nezdařilo. Závislé sestavení Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 7.1.2010 11:04:40 | Computer Name = vista-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
se nezdařilo. Závislé sestavení Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 7.1.2010 11:04:40 | Computer Name = vista-PC | Source = SideBySide | ID = 16842830
Description = Selhalo generování kontextu aktivace pro: C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe. Chyba v souboru manifestu nebo zásad na řádku .
Verze
součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již
aktivní. Konfliktní součásti jsou: Součást 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Součást
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 7.1.2010 11:04:40 | Computer Name = vista-PC | Source = SideBySide | ID = 16842830
Description = Selhalo generování kontextu aktivace pro: C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe. Chyba v souboru manifestu nebo zásad na řádku . Verze
součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již
aktivní. Konfliktní součásti jsou: Součást 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Součást
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 7.1.2010 11:04:47 | Computer Name = vista-PC | Source = SideBySide | ID = 16842830
Description = Selhalo generování kontextu aktivace pro: C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe. Chyba v souboru manifestu nebo zásad na řádku . Verze součásti
požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní
součásti jsou: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

[ System Events ]
Error - 31.5.2010 11:23:31 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 31.5.2010 11:23:41 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1.6.2010 5:40:16 | Computer Name = vista-PC | Source = volmgr | ID = 262190
Description = Inicializace výpisu stavu systému se nezdařila.

Error - 1.6.2010 5:40:33 | Computer Name = vista-PC | Source = volmgr | ID = 262190
Description = Inicializace výpisu stavu systému se nezdařila.

Error - 1.6.2010 5:40:47 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1.6.2010 5:40:50 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1.6.2010 5:41:05 | Computer Name = vista-PC | Source = DCOM | ID = 10005
Description =

Error - 1.6.2010 5:41:06 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1.6.2010 5:41:26 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1.6.2010 5:42:32 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7001
Description =

< End of report >

#7 Příspěvek od **vyosek** » 01 čer 2010 19:21

Zdravim, na log se podivam a zaslu skript na opravu

V PC mate klienta p2p site uTorrent...

#8 Příspěvek od **vyosek** » 01 čer 2010 20:06

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Google Toolbar
DAEMON Tools Toolbar

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
IE - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
IE - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.146.92.217:8080
FF - prefs.js..browser.search.defaultenginename: "http://www.mail.ru/"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/search?fr=fftb&utf8in&q="
FF - prefs.js..browser.startup.homepage: "http://www.centrum.cz/skinit/icq/"
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..keyword.URL: "http://go.mail.ru/search?utf8in=1&fr=fftbUFix&q="
FF - prefs.js..network.proxy.no_proxies_on: "plimus.com,www.plimus.com,regnow.com,www.regnow.com,"
FF - user.js..network.proxy.no_proxies_on: "plimus.com,www.plimus.com,regnow.com,www.regnow.com,"
O3 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3079210359-1618249588-441608347-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKU\S-1-5-21-3079210359-1618249588-441608347-1000..\Run: [] File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O33 - MountPoints2\{a970c6ff-d654-11dd-ba17-001e9029280e}\Shell\AutoRun\command - "" = L:\EmDesk.exe -- File not found
O33 - MountPoints2\{a970c6ff-d654-11dd-ba17-001e9029280e}\Shell\EmDesk\command - "" = L:\EmDesk.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
@Alternate Data Stream - 4 bytes -> C:\Windows\win.ini:s1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B6418BC9
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A73B0434

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""=-

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

kazi21 · #9 Příspěvek od **kazi21** » 02 čer 2010 08:15

Dobré dopoledne.
Zde je log:
All processes killed
========== OTL ==========
HKU\S-1-5-21-3079210359-1618249588-441608347-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3079210359-1618249588-441608347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "http://www.mail.ru/" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://go.mail.ru/search?fr=fftb&utf8in&q=" removed from browser.search.defaulturl
Prefs.js: "http://www.centrum.cz/skinit/icq/" removed from browser.startup.homepage
Prefs.js: bkmrksync@nokia.com:1.0.0.723 removed from extensions.enabledItems
Prefs.js: "http://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=" removed from keyword.URL
Prefs.js: "plimus.com,www.plimus.com,regnow.com,www.regnow.com," removed from network.proxy.no_proxies_on
C:\Users\vista\AppData\Roaming\Mozilla\FireFox\Profiles\39ywwxh5.default\user.js moved successfully.
Registry value HKEY_USERS\S-1-5-21-3079210359-1618249588-441608347-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}\ not found.
Registry value HKEY_USERS\S-1-5-21-3079210359-1618249588-441608347-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09900DE8-1DCA-443F-9243-26FF581438AF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\ not found.
Registry value HKEY_USERS\S-1-5-21-3079210359-1618249588-441608347-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-3079210359-1618249588-441608347-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{16664848-0E00-11D2-8059-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16664848-0E00-11D2-8059-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a970c6ff-d654-11dd-ba17-001e9029280e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a970c6ff-d654-11dd-ba17-001e9029280e}\ not found.
File L:\EmDesk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a970c6ff-d654-11dd-ba17-001e9029280e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a970c6ff-d654-11dd-ba17-001e9029280e}\ not found.
File L:\EmDesk.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Windows\1.tmp deleted successfully.
C:\Windows\2.tmp deleted successfully.
ADS C:\Windows\win.ini:s1 deleted successfully.
ADS C:\ProgramData\TEMP:8927A071 deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:B6418BC9 deleted successfully.
ADS C:\ProgramData\TEMP:A73B0434 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41704 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: vista
->Temp folder emptied: 1907301574 bytes
->Temporary Internet Files folder emptied: 6824303 bytes
->Java cache emptied: 52750489 bytes
->FireFox cache emptied: 31851727 bytes
->Google Chrome cache emptied: 557120 bytes
->Flash cache emptied: 593 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23926740 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33294 bytes
RecycleBin emptied: 300567 bytes

Total Files Cleaned = 1 930,00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: vista
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.5.2 log created on 06022010_090646

Files\Folders moved on Reboot...
C:\Users\vista\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\vista\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KNHUYLFA\afr[1].htm moved successfully.
C:\Windows\temp\TMP00000054C6CF8C22CC2511BD moved successfully.

Registry entries deleted on Reboot...

#10 Příspěvek od **vyosek** » 02 čer 2010 08:18

Jak to vypada s PC

Jeste pro kontrolu stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

kazi21 · #11 Příspěvek od **kazi21** » 02 čer 2010 08:19

Ještě se optam jak se da vypnout to proxy nikde jsem to nenašel.
Diky za kontrolu a naslednou opravu

S pozdravem uživatel
Provedu a vložim

#12 Příspěvek od **vyosek** » 02 čer 2010 08:23

Jeste neutikejte

Udelejte prosim ten test MBAM a jeste mam mensi podezreni na rootkity - na ty se vrhnem az po MBAM...No a musime pouklizet, natahali jsme tam spoustu smrdutych mazadel

Proxy ve FF: Nastroje-Moznosti-Rozsirene-Sit-Nastevni pripojeni, ale ja jsem Vam ho jiz smazal...

kazi21 · #13 Příspěvek od **kazi21** » 02 čer 2010 08:27

Ano udělam ted skenuji ale uz musim zase do prace tak o obědovce jestli to stihne MBAM!Zatim dik

#14 Příspěvek od **vyosek** » 02 čer 2010 08:28

V pohode, prozatim nemate zac...

kazi21 · #15 Příspěvek od **kazi21** » 02 čer 2010 10:44

Jsem zpět.
Takže MBAM nic nenašel.
Tak jěště něco na ty rootkity a na vyčištění, bych prosil

VIRY.CZ

Prosím o preventivku

Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku