Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosim o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Laydee
Návštěvník
Návštěvník
Příspěvky: 167
Registrován: 19 kvě 2008 15:01

prosim o kontrolu logu

#1 Příspěvek od Laydee »

Ahoji, muzete mi prosim zkontrolovat log? Se to chova docela pomale cele. Predem dekujuuu

Logfile of random's system information tool 1.08 (written by random/random)
Run by Laydenka at 2010-08-16 17:10:42
Microsoft Windows 7 Ultimate
System drive C: has 6 GB (4%) free of 153 GB
Total RAM: 2047 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:11:07 PM, on 8/16/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\Laydenka\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\QIP Infium JadrisPack\infium.exe
C:\Program Files (x86)\Java\jre6\launch4j-tmp\frd.exe
C:\Program Files\trend micro\Laydenka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=%windows%\system32\userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Laydenka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8980 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe C:\Windows\system32\NVSVC64.DLL,nvsvcInitialize -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
"C:\Users\Laydenka\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe" /crashhandler
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 1688
"C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3744.5c6ad00.321754518 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 3744 plugin \\.\pipe\gecko-crash-server-pipe.3744
C:\Windows\System32\svchost.exe -k secsvcs
"C:\QIP Infium JadrisPack\infium.exe" /isolated /acc já /pass profil /savepass /trylogin
"C:\Program Files (x86)\Java\jre6\launch4j-tmp\frd.exe" -Xms32m -Xmx128m -jar "C:\Users\Laydenka\Documents\FreeRAPID-0.83U1\FreeRapid-0.83u1\frd.jar"
"C:\Users\Laydenka\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1270311530-2584071053-1987869603-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1270311530-2584071053-1987869603-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28 132456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-06 82464]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-06 15960096]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-10-26 1702400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Laydenka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-19 136176]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"ICQ"=C:\Program Files (x86)\ICQ7.2\ICQ.exe [2010-07-16 133368]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
""= []
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2010-08-16 17:10:42 ----D---- C:\rsit
2010-08-16 17:10:42 ----D---- C:\Program Files\trend micro
2010-08-12 21:00:17 ----D---- C:\Users\Laydenka\AppData\Roaming\AnvSoft
2010-08-12 21:00:14 ----D---- C:\Program Files (x86)\AnvSoft
2010-08-11 15:41:23 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 15:41:22 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 15:41:22 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-11 15:41:22 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 15:41:21 ----A---- C:\Windows\SYSWOW64\schannel.dll
2010-08-11 15:41:11 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 15:41:08 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2010-08-11 15:41:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 15:41:07 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2010-08-11 15:40:59 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 15:40:56 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 15:40:55 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-08-11 15:40:53 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-08-11 15:40:53 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 15:40:52 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-11 15:40:51 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\ieui.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 15:40:44 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 15:40:43 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2010-08-11 15:40:42 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2010-08-11 15:40:40 ----A---- C:\Windows\system32\win32k.sys
2010-08-11 15:40:39 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 15:40:38 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2010-08-10 21:37:44 ----D---- C:\Users\Laydenka\AppData\Roaming\HPAppData
2010-08-07 21:38:19 ----D---- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2
2010-08-07 21:26:28 ----D---- C:\Program Files\Windows Doctor
2010-08-07 21:26:12 ----D---- C:\Program Files (x86)\Windows Doctor
2010-08-07 19:40:41 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-08-07 19:40:41 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-08-07 19:40:41 ----A---- C:\Windows\SYSWOW64\java.exe
2010-08-05 22:35:49 ----DC---- C:\Windows\system32\DRVSTORE
2010-08-05 22:35:49 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2010-08-05 22:35:48 ----D---- C:\Program Files\Windows Live
2010-08-05 22:21:39 ----D---- C:\Program Files\Motorola
2010-08-05 22:20:29 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-08-05 22:10:06 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2010-08-05 22:10:05 ----A---- C:\Windows\system32\drivers\sdbus.sys
2010-08-05 20:38:39 ----D---- C:\Program Files (x86)\Microsoft Sync Framework
2010-08-05 20:38:29 ----D---- C:\Program Files (x86)\Microsoft
2010-08-05 20:37:39 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-08-05 20:37:09 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2010-08-05 20:37:03 ----D---- C:\Program Files (x86)\Windows Live
2010-08-04 16:06:58 ----D---- C:\Program Files (x86)\ViaVoice
2010-08-04 16:06:58 ----A---- C:\Windows\SYSWOW64\VVRtkReg.dll
2010-08-04 16:06:58 ----A---- C:\Windows\SYSWOW64\vvrtkclients.dll
2010-08-04 16:06:58 ----A---- C:\Windows\SYSWOW64\setresuk.dll
2010-08-04 16:06:58 ----A---- C:\Windows\SYSWOW64\roboex32.dll
2010-08-04 16:06:56 ----A---- C:\Windows\IsUninst.exe
2010-08-04 15:16:45 ----D---- C:\Users\Laydenka\AppData\Roaming\LANGMaster
2010-08-04 15:16:41 ----D---- C:\Program Files (x86)\LANGMaster
2010-08-04 15:16:39 ----D---- C:\ProgramData\LANGMaster
2010-08-03 23:04:48 ----D---- C:\Windows\RegisteredPackages
2010-08-03 23:04:47 ----HD---- C:\Windows\msdownld.tmp
2010-08-03 12:52:15 ----A---- C:\Windows\system32\shell32.dll
2010-08-03 12:52:14 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-08-02 15:40:05 ----A---- C:\Windows\Sandboxie.ini
2010-08-01 14:32:37 ----D---- C:\ProgramData\Blizzard Entertainment
2010-07-29 17:17:12 ----D---- C:\Users\Laydenka\AppData\Roaming\HpUpdate
2010-07-29 17:17:08 ----D---- C:\Windows\Hewlett-Packard
2010-07-29 13:01:43 ----D---- C:\ProgramData\NexonEU
2010-07-29 12:03:47 ----D---- C:\Nexon
2010-07-29 12:03:46 ----A---- C:\Windows\NEXON_EU_DownloaderUpdater.exe
2010-07-25 23:22:16 ----D---- C:\ProgramData\Google
2010-07-25 23:21:56 ----D---- C:\Program Files (x86)\Google
2010-07-22 17:51:59 ----D---- C:\ProgramData\WEBREG
2010-07-22 17:51:43 ----D---- C:\Users\Laydenka\AppData\Roaming\HP
2010-07-22 16:09:03 ----D---- C:\ProgramData\HP Product Assistant
2010-07-22 16:08:31 ----D---- C:\Windows\SYSWOW64\spool
2010-07-22 16:04:48 ----D---- C:\Program Files (x86)\HP
2010-07-22 16:04:47 ----HD---- C:\Config.Msi
2010-07-22 16:02:47 ----D---- C:\ProgramData\HP
2010-07-22 16:02:31 ----A---- C:\Windows\system32\hpzids40.dll
2010-07-22 16:02:31 ----A---- C:\Windows\system32\hpowiav1.dll
2010-07-22 16:02:31 ----A---- C:\Windows\system32\hpovst01.dll
2010-07-22 16:02:31 ----A---- C:\Windows\system32\hpotscl1.dll

======List of files/folders modified in the last 1 months======

2010-08-16 17:10:59 ----D---- C:\Windows\Temp
2010-08-16 17:10:53 ----D---- C:\Windows\Prefetch
2010-08-16 17:10:42 ----RD---- C:\Program Files
2010-08-16 17:04:42 ----D---- C:\stazeno
2010-08-16 16:00:35 ----D---- C:\Users\Laydenka\AppData\Roaming\ICQ
2010-08-16 15:39:02 ----SHD---- C:\System Volume Information
2010-08-16 15:37:57 ----D---- C:\Windows\system32\config
2010-08-15 19:33:18 ----D---- C:\Program Files (x86)\HLSW
2010-08-15 15:12:50 ----D---- C:\Program Files (x86)\Steam
2010-08-15 15:04:46 ----D---- C:\share Utorrent
2010-08-15 13:05:19 ----D---- C:\Users\Laydenka\AppData\Roaming\uTorrent
2010-08-14 18:31:55 ----D---- C:\Users\Laydenka\AppData\Roaming\AIMP
2010-08-14 14:15:13 ----D---- C:\Program Files (x86)\uTorrent
2010-08-12 21:00:14 ----RD---- C:\Program Files (x86)
2010-08-11 17:34:57 ----D---- C:\Windows\Microsoft.NET
2010-08-11 17:34:24 ----RSD---- C:\Windows\assembly
2010-08-11 16:07:03 ----D---- C:\Windows\winsxs
2010-08-11 16:05:36 ----D---- C:\Windows
2010-08-11 16:04:28 ----D---- C:\Windows\SysWOW64
2010-08-11 16:04:28 ----D---- C:\Windows\system32\drivers
2010-08-11 16:04:28 ----D---- C:\Windows\System32
2010-08-11 16:04:27 ----D---- C:\Windows\SYSWOW64\migration
2010-08-11 16:04:27 ----D---- C:\Windows\system32\migration
2010-08-11 16:04:27 ----D---- C:\Program Files\Internet Explorer
2010-08-11 16:04:27 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-11 15:48:38 ----SHD---- C:\Windows\Installer
2010-08-11 15:48:33 ----D---- C:\ProgramData\Microsoft Help
2010-08-11 15:43:53 ----D---- C:\Windows\debug
2010-08-11 15:40:33 ----D---- C:\Windows\system32\catroot2
2010-08-11 15:40:33 ----D---- C:\Windows\system32\catroot
2010-08-10 20:51:04 ----D---- C:\Program Files (x86)\AIMP2
2010-08-10 16:52:43 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2010-08-10 09:39:37 ----HD---- C:\ProgramData
2010-08-10 09:39:36 ----D---- C:\Windows\Downloaded Program Files
2010-08-09 21:31:08 ----SD---- C:\Users\Laydenka\AppData\Roaming\Microsoft
2010-08-09 15:37:22 ----D---- C:\Windows\system32\wdi
2010-08-07 20:02:29 ----D---- C:\Program Files (x86)\Common Files
2010-08-07 19:40:35 ----D---- C:\Program Files (x86)\Java
2010-08-07 14:54:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-08-06 18:52:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-08-05 23:06:35 ----RSD---- C:\Windows\Fonts
2010-08-05 23:05:52 ----D---- C:\Program Files (x86)\Microsoft Works
2010-08-05 22:22:27 ----D---- C:\Windows\inf
2010-08-05 22:21:38 ----D---- C:\Windows\system32\DriverStore
2010-08-05 22:21:21 ----SD---- C:\ProgramData\Microsoft
2010-08-05 22:01:47 ----A---- C:\Windows\win.ini
2010-08-04 16:07:13 ----D---- C:\Windows\Speech
2010-08-04 15:30:28 ----D---- C:\Windows\system32\Tasks
2010-08-03 23:04:43 ----D---- C:\Windows\Cursors
2010-08-03 20:52:33 ----A---- C:\Windows\system32\MRT.exe
2010-08-02 16:13:17 ----D---- C:\games
2010-08-02 15:51:38 ----D---- C:\mp3
2010-07-29 17:39:43 ----D---- C:\Windows\twain_32
2010-07-25 23:23:46 ----D---- C:\Windows\Tasks
2010-07-23 18:00:30 ----D---- C:\ProgramData\Adobe
2010-07-23 18:00:06 ----D---- C:\Users\Laydenka\AppData\Roaming\Adobe
2010-07-17 05:00:04 ----A---- C:\Windows\SYSWOW64\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-19 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 47632]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 24064]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 109056]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-10-26 1202688]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 aw3knu1j;aw3knu1j; C:\Windows\system32\drivers\aw3knu1j.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-04-28 61288]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2008-05-02 8704]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2008-05-02 8704]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-06 364064]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-06-26 66872]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-25 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 fsssvc;Služba Windows Live Zabezpecení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-06-19 395048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1255736]

-----------------EOF-----------------
Nahoru
Laydee
Návštěvník
Návštěvník
Příspěvky: 167
Registrován: 19 kvě 2008 15:01

Re: prosim o kontrolu logu

#2 Příspěvek od Laydee »

jsem asi zapomenula

info.txt logfile of random's system information tool 1.08 2010-08-16 17:11:11

======Uninstall list======

-->"C:\Program Files (x86)\ViaVoice\Bin\vunUK.exe" ProdRunControl Dc En_UK 'IBM ViaVoice™ Command and Control Runtime' C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\ViaVoice\RtCmnd_UK.isu"
-->"C:\Program Files (x86)\ViaVoice\Bin\vunUK.exe" ProdRunControl Dc En_UK 'IBM ViaVoice™ Command and Control Runtime' C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\ViaVoice\RtCmnd_UK.isu"
-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
64 Bit HP CIO Components Installer-->MsiExec.exe /I{55D55008-E5F6-47D6-B16F-B2A40D4D145F}
7-Zip 4.65 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0465-000001000000}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.3.3 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A93000000001}
AIMP2-->C:\Program Files (x86)\AIMP2\Uninstall.exe
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Any Video Converter Professional 3.0.1-->"C:\Program Files (x86)\AnvSoft\Any Video Converter Professional\unins000.exe"
Ashampoo Burning Studio 10.0.1-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\unins000.exe"
ASIO4ALL-->C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
aTube Catcher-->C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\uninstall.exe
BSPlayer-->"C:\Program Files (x86)\Webteh\BSplayer\uninstall.exe"
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Combat Arms EU-->"C:\ProgramData\NexonEU\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU
Command & Conquer Generals-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer™ 4 Tiberian Twilight-->MsiExec.exe /X{82696435-8572-4D8B-A230-D1AA567D0F0F}
Command and ConquerTM Generals Zero Hour-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Counter-Strike-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10
EA Download Manager UI-->msiexec /qb /x {D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}
EA Download Manager UI-->MsiExec.exe /I{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}
EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\EADMUninstall.exe
FL Studio 9-->C:\Program Files (x86)\Image-Line\FL Studio 9\uninstall.exe
FM Screen Capture Codec (Remove Only)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\fmcodec.inf
FreeKiSS-->"C:\Program Files (x86)\FreeKiSS\unins000.exe"
Google Earth-->MsiExec.exe /X{C2D129C0-7508-11DF-9F1B-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Half-Life-->C:\games\HALF-L~1\UNWISE.EXE C:\games\HALF-L~1\INSTALL.LOG
Hardcore-->C:\Program Files (x86)\Image-Line\Hardcore\uninstall.exe
HLSW v1.0.0.44-->"C:\Program Files (x86)\HLSW\unins000.exe"
HP Customer Participation Program 13.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 3.5-->C:\Program Files (x86)\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B-->C:\Program Files (x86)\HP\Digital Imaging\{B61ED343-0B14-4241-999C-490CB1A20DA4}\setup\hpzscr40.exe -datfile hposcr19.dat -onestop -forcereboot
HP Smart Web Printing 4.60-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
ICQ 7.2 Build #3129 Banner Remover 1.0-->"C:\Program Files (x86)\ICQ-Banner-Remover\unins000.exe"
ICQ7.2-->"C:\Program Files (x86)\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
IL Download Manager-->C:\Program Files (x86)\Image-Line\Downloader\uninstall.exe
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}
LANGMaster eduExplorer-->C:\Program Files (x86)\LANGMaster\Explorer\EpaExplorer.exe -mUninstallStart -cCSY
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co85.dll,SM56UnInstaller
Mozilla Firefox (3.6.8)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (4.0b2)-->C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\uninstall\helper.exe
Mozilla Thunderbird (3.0.6)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nástroj pro odesílání služby Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Need For Speed™ World-->"C:\Program Files (x86)\Electronic Arts\Need For Speed World\unins000.exe"
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetupx64.dll,DoNTUninst
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
OCR Software by I.R.I.S. 13.0-->C:\Program Files (x86)\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PoiZone-->C:\Program Files (x86)\Image-Line\PoiZone\uninstall.exe
QIP Infium JadrisPack 3.3.0-->C:\QIP Infium JadrisPack\Uninstall.exe
Quake 4(TM)-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}
reFX Nexus VSTi RTAS v2.2.0-->"C:\Program Files (x86)\VstPlugins\Uninstall Nexus\unins000.exe"
RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe"
Sawer-->C:\Program Files (x86)\Image-Line\Sawer\uninstall.exe
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB980376)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {48113C06-9BA2-4D54-A731-D1D2C5B3144A}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
StarCraft II-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II (2)\Uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Toxic Biohazard-->C:\Program Files (x86)\Image-Line\Toxic Biohazard\uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (kb2279264)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {01D475AB-57B1-44CC-8A8F-3A6B0FA4989F}
VSO Image Resizer 4.0.0.36-->"C:\Program Files (x86)\VSO\Image Resizer 4\unins000.exe"
Windows Doctor 2.5-->"C:\Program Files (x86)\Windows Doctor\unins000.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F4D69A8D-BB5C-4C3D-A1AD-64C24233EDD6}
Windows Live Fotogalerie-->MsiExec.exe /X{40284D5A-EF61-4937-92CD-B7CB20C4C87B}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}
Windows Live Mail-->MsiExec.exe /I{E5A10EF8-DBF3-4251-A9CA-423311DBBFC8}
Windows Live Messenger-->MsiExec.exe /X{CE6557BF-FA56-4C95-91E3-B8C641679DF0}
Windows Live Movie Maker-->MsiExec.exe /X{2FDD487C-A777-4BB5-BD23-56BECE1FF099}
Windows Live Sync-->MsiExec.exe /X{1407B87C-36E3-4FC1-9051-D08B21E1096F}
Windows Live Toolbar-->MsiExec.exe /X{D6A1D7F6-79CB-4159-AF03-F21F28080B97}
Windows Live Writer-->MsiExec.exe /X{479A749B-1684-4881-8266-BF8DD22251E7}
Windows Live Zabezpecení rodiny-->MsiExec.exe /X{C1A128BD-CDCA-4111-B812-DC4D7C10F305}
WinPcap 4.1.1-->"C:\Program Files\WinPcap\uninstall.exe"

======Hosts File======

127.0.0.1 gosredirector.ea.com
127.0.0.1 blazeserver.blazeemu.org
127.0.0.1 gosgvaprod-qos01.ea.com
127.0.0.1 gosiadprod-qos01.ea.com
127.0.0.1 gossjcprod-qos01.ea.com
127.0.0.1 demangler.ea.com
127.0.0.1 vmp.tools.gos.ea.com
127.0.0.1 im.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adtech.de

======System event log======

Computer Name: Laydenka-NB
Event Code: 51
Message: Na zarízení \Device\Harddisk1\DR4 byla pri operaci stránkování rozpoznána chyba.
Record Number: 32064
Source Name: Disk
Time Written: 20100723232940.356600-000
Event Type: Upozornení
User:

Computer Name: Laydenka-NB
Event Code: 51
Message: Na zarízení \Device\Harddisk1\DR4 byla pri operaci stránkování rozpoznána chyba.
Record Number: 32063
Source Name: Disk
Time Written: 20100723232940.356600-000
Event Type: Upozornení
User:

Computer Name: Laydenka-NB
Event Code: 51
Message: Na zarízení \Device\Harddisk1\DR4 byla pri operaci stránkování rozpoznána chyba.
Record Number: 32062
Source Name: Disk
Time Written: 20100723232940.356600-000
Event Type: Upozornení
User:

Computer Name: Laydenka-NB
Event Code: 51
Message: Na zarízení \Device\Harddisk1\DR4 byla pri operaci stránkování rozpoznána chyba.
Record Number: 32061
Source Name: Disk
Time Written: 20100723232940.356600-000
Event Type: Upozornení
User:

Computer Name: Laydenka-NB
Event Code: 51
Message: Na zarízení \Device\Harddisk1\DR4 byla pri operaci stránkování rozpoznána chyba.
Record Number: 32060
Source Name: Disk
Time Written: 20100723232940.356600-000
Event Type: Upozornení
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Not available
ID souboru CAB: 0

Podpis problému:
P1: x64
P2: ACPI\ATK0100
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Pripojené soubory:
C:\Windows\Temp\DMID299.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d4a99e8e3cb284c21dcc14fa73286c8c8f3f5f25_cab_0759d326

Symbol analýzy:
Opetovné hledání rešení: 0
ID hlášení: 2455dbe0-7bf9-11df-9d2d-ef017647766b
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100619231944.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100619231915.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100619231907.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspešne spuštena.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100619231859.149200-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabranuje vytvárení duplicitních záznamu v protokolu událostí po dobu 86400 sekund. Tuto dobu lze zmenit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíci registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100619231859.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: Byla zmenena zabezpecená místní skupina.

Predmet:
ID zabezpecení: S-1-5-18
Název úctu: 37L4247E29-32$
Doména úctu: WORKGROUP
ID prihlášení: 0x3e7

Skupina:
ID zabezpecení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Zmenené atributy:
Název úctu SAM: -
Historie identifikátoru zabezpecení: -

Další informace:
Oprávnení: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100619231833.627600-000
Event Type: Úspešný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: Byla vytvorena zabezpecená místní skupina.

Predmet:
ID zabezpecení: S-1-5-18
Název úctu: 37L4247E29-32$
Doména úctu: WORKGROUP
ID prihlášení: 0x3e7

Nová skupina:
ID zabezpecení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název úctu SAM: Backup Operators
Historie identifikátoru zabezpecení: -

Další informace:
Oprávnení: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100619231833.627600-000
Event Type: Úspešný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvorena.

Pocet prvku: 0
ID zásady: 0x30c1c
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100619231833.175200-000
Event Type: Úspešný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Úcet byl úspešne prihlášen.

Predmet:
ID zabezpecení: S-1-0-0
Název úctu: -
Doména úctu: -
ID prihlášení: 0x0

Typ prihlášení: 0

Nové prihlášení:
ID zabezpecení: S-1-5-18
Název úctu: SYSTEM
Doména úctu: NT AUTHORITY
ID prihlášení: 0x3e7
GUID prihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové síte -
Zdrojový port: -

Podrobné informace o overení:
Proces prihlášení: -
Balícek overení: -
Prenosové služby: -
Název balícku (pouze NTLM): -
Délka klíce: 0

Tato událost je generována po vytvorení relace prihlášení. Je generována v pocítaci, ke kterému byl získán prístup.

Pole s predmetem oznacují úcet v místním systému, který požadoval prihlášení. Jedná se nejcasteji o službu, napríklad službu serveru nebo místní proces, napríklad Winlogon.exe nebo Services.exe.

Pole Typ prihlášení oznacuje, k jakému typu prihlášení došlo. Nejbežnejší typy jsou 2 (interaktivní) a 3 (sít).

Pole Nové prihlášení oznacují úcet, pro který bylo nové prihlášení vytvoreno, tj. úcet, který byl prihlášen.

Pole Sít oznacují puvod požadavku na vzdálené prihlášení. Název pracovní stanice není vždy k dispozici a v nekterých prípadech muže být toto pole prázdné.

Pole s informacemi o overení poskytují podrobné informace o tomto konkrétním požadavku na prihlášení.
- GUID prihlášení je jednoznacný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Prenosové služby oznacují, které pomocné služby se podílely na tomto požadavku na prihlášení.
- Název balícku oznacuje, který dílcí protokol z protokolu NTLM byl použit.
- Délka klíce oznacuje délku generovaného klíce relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíc relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100619231830.304800-000
Event Type: Úspešný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána pri spuštení procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100619231830.133200-000
Event Type: Úspešný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"MAGICK_HOME"=C:\Program Files (x86)\FreeKiSS

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosim o kontrolu logu

#3 Příspěvek od motji »

Hezký večer :)

:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Laydee
Návštěvník
Návštěvník
Příspěvky: 167
Registrován: 19 kvě 2008 15:01

Re: prosim o kontrolu logu

#4 Příspěvek od Laydee »

hezky vecer i tobe :) Tady mas ten log. Dekujuuu :worship:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4440

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/18/2010 8:18:19 PM
mbam-log-2010-08-18 (20-18-19).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 290966
Uplynulý èas: 51 minuta(y), 26 sekunda(y)

Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované moduly v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované klíèe registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištìny)

Infikované soubory:
C:\Program Files (x86)\Image-Line\FL Studio 9\FL.exe (Hoax.BadJoke) -> No action taken.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosim o kontrolu logu

#5 Příspěvek od motji »

Můžeš smazat.
Co počítač?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Laydee
Návštěvník
Návštěvník
Příspěvky: 167
Registrován: 19 kvě 2008 15:01

Re: prosim o kontrolu logu

#6 Příspěvek od Laydee »

noo, mozna to je o fous lepsi, ale porad se to chova prapodivne. Neni naky jeste dalsi sken, jestli tu nemam fakt nakou havet schovanou? Vsechno trva "dlouho" nez se otevre, zavre, spusti, nacte. Cely notasek :/
Budes hodna, kdyz mi poradis :)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosim o kontrolu logu

#7 Příspěvek od motji »

:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.



:arrow: Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Laydee
Návštěvník
Návštěvník
Příspěvky: 167
Registrován: 19 kvě 2008 15:01

Re: prosim o kontrolu logu

#8 Příspěvek od Laydee »

tak mam hotovo. Jsem to musela delat dvakrat, pac se vypla elektrika a baterka to tak dlouho neutahla :/ Ale je to tam vsechno asi zapisany co to vymazalo.
PS: Jsem si nainstalovala jeste Aviru antivir. Mnoo, a ten behem prohledavani Kasperskeho taky mazal naky trojany atdd.

Tady mas log :)

Autoscan: malfunction (events: 14, objects: 0, time: Unknown)
8/20/2010 4:18:28 PM Task started
8/20/2010 5:38:38 PM Detected: Trojan-Dropper.Win32.Small.cjq C:\Program Files (x86)\HLSW\update.exe
8/20/2010 5:38:55 PM Deleted: Trojan-Dropper.Win32.Small.cjq C:\Program Files (x86)\HLSW\update.exe
8/20/2010 5:51:06 PM Detected: Trojan.Win32.Rettesser.ee C:\Program Files (x86)\Windows Doctor\FileSplitter.exe
8/20/2010 5:51:18 PM Detected: Trojan.Win32.Rettesser.ed C:\Program Files (x86)\Windows Doctor\FileCopy.exe
8/20/2010 5:51:24 PM Deleted: Trojan.Win32.Rettesser.ee C:\Program Files (x86)\Windows Doctor\FileSplitter.exe
8/20/2010 5:51:28 PM Deleted: Trojan.Win32.Rettesser.ed C:\Program Files (x86)\Windows Doctor\FileCopy.exe
8/20/2010 5:56:24 PM Detected: Trojan.Win32.Rettesser.ed C:\share Utorrent\Windows Doctor 2.5.0.0.rar/Windows Doctor 2.5.0.0/WindowsDoctor25.exe/data0010
8/20/2010 5:56:24 PM Untreated: Trojan.Win32.Rettesser.ed C:\share Utorrent\Windows Doctor 2.5.0.0.rar/Windows Doctor 2.5.0.0/WindowsDoctor25.exe/data0010 Write not supported
8/20/2010 5:57:08 PM Detected: Trojan.Win32.Rettesser.ee C:\share Utorrent\Windows Doctor 2.5.0.0.rar/Windows Doctor 2.5.0.0/WindowsDoctor25.exe/data0012
8/20/2010 5:57:08 PM Untreated: Trojan.Win32.Rettesser.ee C:\share Utorrent\Windows Doctor 2.5.0.0.rar/Windows Doctor 2.5.0.0/WindowsDoctor25.exe/data0012 Write not supported
8/20/2010 5:59:27 PM Detected: Trojan.Win32.Rettesser.ed C:\share Utorrent\Windows Doctor 2.5.0.0\Windows Doctor 2.5.0.0\WindowsDoctor25.exe/data0010
8/20/2010 5:59:55 PM Detected: Trojan.Win32.Rettesser.ee C:\share Utorrent\Windows Doctor 2.5.0.0\Windows Doctor 2.5.0.0\WindowsDoctor25.exe/data0012
8/20/2010 6:00:09 PM Deleted: Trojan.Win32.Rettesser.ee C:\share Utorrent\Windows Doctor 2.5.0.0\Windows Doctor 2.5.0.0\WindowsDoctor25.exe
Autoscan: completed 1 hour ago (events: 2, objects: 262531, time: 01:30:52)
8/21/2010 1:19:51 PM Task started
8/21/2010 2:50:43 PM Task completed
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosim o kontrolu logu

#9 Příspěvek od motji »

Jak to vypadá teď?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Laydee
Návštěvník
Návštěvník
Příspěvky: 167
Registrován: 19 kvě 2008 15:01

Re: prosim o kontrolu logu

#10 Příspěvek od Laydee »

tvari se ze to je bez viru :) Je to i rekla bych lepsi, ale porad se mi to nak nezda. Hry hrat je ehm. Notasek je silny na ty hry dost (Counter Strike 1.6) atdd. ale porad se to v nich seka i kdyz by nemelo vlastne. Tak ted nevim cim to bude :/
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosim o kontrolu logu

#11 Příspěvek od motji »

Možná grafikou? Poproísm o nový log ze rsitu.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Laydee
Návštěvník
Návštěvník
Příspěvky: 167
Registrován: 19 kvě 2008 15:01

Re: prosim o kontrolu logu

#12 Příspěvek od Laydee »

jsi hodna ze mi pomahas :))
Jsem notasek zkousela jeste projet Avirou a neco nasel.
PS: grafikou, asi myslis nejaky nastaveni jeji, vid?
Log tady:



Avira AntiVir Personal
Report file date: Tuesday, August 24, 2010 14:49

Scanning for 2742057 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : LAYDENKA-NB

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 11:37:40
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 11:57:06
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 17:33:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 22:40:50
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 18:27:50
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 16:37:44
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 15:37:44
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 10:29:04
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 10:48:31
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 10:48:34
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 10:48:40
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 10:48:40
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 10:48:40
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 10:48:40
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 10:48:40
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 10:48:40
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 10:48:40
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 10:48:42
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 10:48:42
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 10:48:42
VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 10:48:43
VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 10:48:43
VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 10:48:43
VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 10:48:43
VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 10:48:44
VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 10:48:44
VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 12:48:38
VBASE024.VDF : 7.10.10.247 2048 Bytes 8/23/2010 12:48:38
VBASE025.VDF : 7.10.10.248 2048 Bytes 8/23/2010 12:48:38
VBASE026.VDF : 7.10.10.249 2048 Bytes 8/23/2010 12:48:38
VBASE027.VDF : 7.10.10.250 2048 Bytes 8/23/2010 12:48:38
VBASE028.VDF : 7.10.10.251 2048 Bytes 8/23/2010 12:48:38
VBASE029.VDF : 7.10.10.252 2048 Bytes 8/23/2010 12:48:38
VBASE030.VDF : 7.10.10.253 2048 Bytes 8/23/2010 12:48:38
VBASE031.VDF : 7.10.11.4 67584 Bytes 8/24/2010 12:48:38
Engineversion : 8.2.4.38
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/21/2010 10:48:49
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 8/21/2010 10:48:49
AESCN.DLL : 8.1.6.1 127347 Bytes 8/21/2010 10:48:48
AESBX.DLL : 8.1.3.1 254324 Bytes 8/21/2010 10:48:49
AERDL.DLL : 8.1.8.2 614772 Bytes 8/21/2010 10:48:48
AEPACK.DLL : 8.2.3.5 471412 Bytes 8/21/2010 10:48:48
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/21/2010 10:48:47
AEHEUR.DLL : 8.1.2.15 2859382 Bytes 8/21/2010 10:48:47
AEHELP.DLL : 8.1.13.2 242039 Bytes 8/21/2010 10:48:46
AEGEN.DLL : 8.1.3.19 393587 Bytes 8/21/2010 10:48:45
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/21/2010 10:48:45
AECORE.DLL : 8.1.16.2 192887 Bytes 8/21/2010 10:48:45
AEBB.DLL : 8.1.1.0 53618 Bytes 8/21/2010 10:48:45
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 11:03:40
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 11:03:36
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 15:47:42
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 11:35:48
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 11:39:52
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 11:22:14
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 08:53:32
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 11:58:00
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 14:38:58
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 13:41:02
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 12:10:22
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 13:14:30

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, August 24, 2010 14:49

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\ShellFolder\attributes
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'plugin-container.exe' - '76' Module(s) have been scanned
Scan process 'firefox.exe' - '109' Module(s) have been scanned
Scan process 'avscan.exe' - '78' Module(s) have been scanned
Scan process 'avscan.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '101' Module(s) have been scanned
Scan process 'AIMP2.exe' - '99' Module(s) have been scanned
Scan process 'avgnt.exe' - '57' Module(s) have been scanned
Scan process 'jusched.exe' - '27' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '20' Module(s) have been scanned
Scan process 'HpqSRmon.exe' - '30' Module(s) have been scanned
Scan process 'hpqPhotoCrm.exe' - '36' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '28' Module(s) have been scanned
Scan process 'RocketDock.exe' - '47' Module(s) have been scanned
Scan process 'SeaPort.exe' - '74' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'avguard.exe' - '69' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '142' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\share Utorrent\rzr-scii-mbb.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Black.Gen2 Trojan
--> Razor1911\Keytro.exe
[DETECTION] Is the TR/Black.Gen2 Trojan

Beginning disinfection:
C:\share Utorrent\rzr-scii-mbb.rar
[DETECTION] Is the TR/Black.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '48a979e7.qua'.


End of the scan: Tuesday, August 24, 2010 16:53
Used time: 1:31:17 Hour(s)

The scan has been done completely.

27108 Scanned directories
354193 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
354192 Files not concerned
2650 Archives were scanned
0 Warnings
1 Notes
617595 Objects were scanned with rootkit scan
3 Hidden objects were found
Nahoru
Laydee
Návštěvník
Návštěvník
Příspěvky: 167
Registrován: 19 kvě 2008 15:01

Re: prosim o kontrolu logu

#13 Příspěvek od Laydee »

RSIT :

Logfile of random's system information tool 1.08 (written by random/random)
Run by Laydenka at 2010-08-24 16:55:28
Microsoft Windows 7 Ultimate
System drive C: has 2 GB (1%) free of 153 GB
Total RAM: 2047 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:55:34 PM, on 8/24/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\Laydenka\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe - co to je :???:
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\AIMP2\AIMP2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\trend micro\Laydenka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "C:\Users\Laydenka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: setup_9.0.0.722_20.08.2010_15-56.lnk = C:\Users\Laydenka\Desktop\Virus Removal Tool\setup_9.0.0.722_20.08.2010_15-56\startup.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9519 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\rundll32.exe C:\Windows\system32\NVSVC64.DLL,nvsvcInitialize -first
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000744
\??\C:\Windows\system32\conhost.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
"C:\Users\Laydenka\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe" /crashhandler
WLIDSvcM.exe 2180
"C:\Program Files (x86)\Common Files\\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5a2b9f1d-1a71-4bd7-b807-d52d4f65c4ab -SystemEventPortName:HostProcess-b8ea5360-e8cb-491b-b791-1638c1af58cf -IoCancelEventPortName:HostProcess-5cf15b23-e203-41f8-9a42-2c624ba1b920 -NonStateChangingEventPortName:HostProcess-0b552806-6391-49d6-89eb-bbdb9ffc1d0a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:001459a5-6b13-4810-bb3d-7b92e346ae25
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\AIMP2\AIMP2.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe" /CFG="C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp" /GUIMODE=1 /STARTSELF
"C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe" /CFG="C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp" /GUIMODE=1
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3724.62dcb00.693357305 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 3724 plugin \\.\pipe\gecko-crash-server-pipe.3724
"C:\Program Files (x86)\uTorrent\uTorrent.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20100824-144945-EB413190.LOG
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe21_ Global\UsGthrCtrlFltPipeMssGthrPipe21 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Laydenka\Desktop\RSITx64(2).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1270311530-2584071053-1987869603-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1270311530-2584071053-1987869603-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28 132456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-06 82464]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-06 15960096]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-10-26 1702400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Laydenka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-19 136176]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"ICQ"=C:\Program Files (x86)\ICQ7.2\ICQ.exe [2010-07-16 133368]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
""= []
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

C:\Users\Laydenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
setup_9.0.0.722_20.08.2010_15-56.lnk - C:\Users\Laydenka\Desktop\Virus Removal Tool\setup_9.0.0.722_20.08.2010_15-56\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-21 12:50:35 ----D---- C:\Users\Laydenka\AppData\Roaming\Avira
2010-08-21 12:46:39 ----A---- C:\Windows\SYSWOW64\drivers\avgntmgr.sys
2010-08-21 12:46:39 ----A---- C:\Windows\SYSWOW64\drivers\avgntdd.sys
2010-08-21 12:46:39 ----A---- C:\Windows\system32\drivers\avipbb.sys
2010-08-21 12:46:39 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2010-08-21 12:46:38 ----D---- C:\ProgramData\Avira
2010-08-21 12:46:38 ----D---- C:\Program Files (x86)\Avira
2010-08-20 23:30:47 ----D---- C:\Users\Laydenka\AppData\Roaming\vlc
2010-08-20 23:30:20 ----D---- C:\Program Files (x86)\VideoLAN
2010-08-20 16:07:24 ----D---- C:\ProgramData\Kaspersky Lab
2010-08-20 16:06:08 ----A---- C:\Windows\system32\drivers\77977302.sys
2010-08-20 16:06:08 ----A---- C:\Windows\system32\drivers\77977301.sys
2010-08-20 16:06:08 ----A---- C:\Windows\system32\drivers\7797730.sys
2010-08-17 19:05:10 ----D---- C:\Users\Laydenka\AppData\Roaming\Malwarebytes
2010-08-17 19:04:54 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2010-08-17 19:04:53 ----D---- C:\ProgramData\Malwarebytes
2010-08-17 19:04:53 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-08-17 19:04:53 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-16 17:10:42 ----D---- C:\rsit
2010-08-16 17:10:42 ----D---- C:\Program Files\trend micro
2010-08-12 21:00:17 ----D---- C:\Users\Laydenka\AppData\Roaming\AnvSoft
2010-08-12 21:00:14 ----D---- C:\Program Files (x86)\AnvSoft
2010-08-11 15:41:23 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 15:41:22 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 15:41:22 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-11 15:41:22 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 15:41:21 ----A---- C:\Windows\SYSWOW64\schannel.dll
2010-08-11 15:41:11 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 15:41:08 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2010-08-11 15:41:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 15:41:07 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2010-08-11 15:40:59 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 15:40:56 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 15:40:55 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-08-11 15:40:53 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-08-11 15:40:53 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 15:40:52 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-08-11 15:40:51 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-11 15:40:51 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\ieui.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 15:40:51 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 15:40:44 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 15:40:43 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2010-08-11 15:40:42 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2010-08-11 15:40:40 ----A---- C:\Windows\system32\win32k.sys
2010-08-11 15:40:39 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 15:40:38 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2010-08-10 21:37:44 ----D---- C:\Users\Laydenka\AppData\Roaming\HPAppData
2010-08-07 21:38:19 ----D---- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2
2010-08-07 21:26:28 ----D---- C:\Program Files\Windows Doctor
2010-08-07 21:26:12 ----D---- C:\Program Files (x86)\Windows Doctor
2010-08-07 19:40:41 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-08-07 19:40:41 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-08-07 19:40:41 ----A---- C:\Windows\SYSWOW64\java.exe
2010-08-05 22:35:49 ----DC---- C:\Windows\system32\DRVSTORE
2010-08-05 22:35:49 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2010-08-05 22:35:48 ----D---- C:\Program Files\Windows Live
2010-08-05 22:21:39 ----D---- C:\Program Files\Motorola
2010-08-05 22:20:29 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-08-05 22:10:06 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2010-08-05 22:10:05 ----A---- C:\Windows\system32\drivers\sdbus.sys
2010-08-05 20:38:39 ----D---- C:\Program Files (x86)\Microsoft Sync Framework
2010-08-05 20:38:29 ----D---- C:\Program Files (x86)\Microsoft
2010-08-05 20:37:39 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-08-05 20:37:09 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2010-08-05 20:37:03 ----D---- C:\Program Files (x86)\Windows Live
2010-08-04 16:06:58 ----D---- C:\Program Files (x86)\ViaVoice
2010-08-04 16:06:58 ----A---- C:\Windows\SYSWOW64\VVRtkReg.dll
2010-08-04 16:06:58 ----A---- C:\Windows\SYSWOW64\vvrtkclients.dll
2010-08-04 16:06:58 ----A---- C:\Windows\SYSWOW64\setresuk.dll
2010-08-04 16:06:58 ----A---- C:\Windows\SYSWOW64\roboex32.dll
2010-08-04 16:06:56 ----A---- C:\Windows\IsUninst.exe
2010-08-04 15:16:45 ----D---- C:\Users\Laydenka\AppData\Roaming\LANGMaster
2010-08-04 15:16:41 ----D---- C:\Program Files (x86)\LANGMaster
2010-08-04 15:16:39 ----D---- C:\ProgramData\LANGMaster
2010-08-03 23:04:48 ----D---- C:\Windows\RegisteredPackages
2010-08-03 23:04:47 ----HD---- C:\Windows\msdownld.tmp
2010-08-03 12:52:15 ----A---- C:\Windows\system32\shell32.dll
2010-08-03 12:52:14 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-08-02 15:40:05 ----A---- C:\Windows\Sandboxie.ini
2010-08-01 14:32:37 ----D---- C:\ProgramData\Blizzard Entertainment
2010-07-29 17:17:12 ----D---- C:\Users\Laydenka\AppData\Roaming\HpUpdate
2010-07-29 17:17:08 ----D---- C:\Windows\Hewlett-Packard
2010-07-29 13:01:43 ----D---- C:\ProgramData\NexonEU
2010-07-29 12:03:47 ----D---- C:\Nexon
2010-07-29 12:03:46 ----A---- C:\Windows\NEXON_EU_DownloaderUpdater.exe
2010-07-25 23:22:16 ----D---- C:\ProgramData\Google
2010-07-25 23:21:56 ----D---- C:\Program Files (x86)\Google

======List of files/folders modified in the last 1 months======

2010-08-24 16:55:34 ----D---- C:\Windows\Prefetch
2010-08-24 16:55:30 ----D---- C:\Windows\Temp
2010-08-24 16:55:22 ----D---- C:\Users\Laydenka\AppData\Roaming\uTorrent
2010-08-24 16:53:24 ----D---- C:\share Utorrent
2010-08-24 16:09:28 ----SHD---- C:\System Volume Information
2010-08-24 14:59:20 ----D---- C:\Users\Laydenka\AppData\Roaming\AIMP
2010-08-24 14:43:58 ----D---- C:\Program Files (x86)\Steam
2010-08-24 13:47:57 ----D---- C:\Users\Laydenka\AppData\Roaming\ICQ
2010-08-24 12:40:16 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2010-08-24 12:08:16 ----D---- C:\Windows\system32\config
2010-08-24 11:05:58 ----D---- C:\Windows\System32
2010-08-24 11:05:58 ----D---- C:\Windows\inf
2010-08-24 11:05:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-22 20:28:59 ----D---- C:\Program Files (x86)\HLSW
2010-08-22 14:19:49 ----D---- C:\Windows\system32\catroot2
2010-08-21 12:46:49 ----D---- C:\Windows\system32\catroot
2010-08-21 12:46:39 ----D---- C:\Windows\SYSWOW64\drivers
2010-08-21 12:46:39 ----D---- C:\Windows\system32\drivers
2010-08-21 12:46:38 ----RD---- C:\Program Files (x86)
2010-08-21 12:46:38 ----HD---- C:\ProgramData
2010-08-21 12:45:04 ----SHD---- C:\Windows\Installer
2010-08-21 12:45:04 ----HD---- C:\Config.Msi
2010-08-21 12:45:01 ----D---- C:\Windows\winsxs
2010-08-21 11:47:04 ----D---- C:\Windows
2010-08-20 20:52:11 ----D---- C:\Windows\system32\wdi
2010-08-20 14:49:08 ----D---- C:\Windows\debug
2010-08-20 14:42:34 ----D---- C:\Program Files (x86)\CCleaner
2010-08-20 08:05:54 ----D---- C:\Windows\SysWOW64
2010-08-18 21:40:18 ----D---- C:\stazeno
2010-08-16 17:10:42 ----RD---- C:\Program Files
2010-08-14 21:19:57 ----D---- C:\Program Files (x86)\uTorrent
2010-08-11 17:34:57 ----D---- C:\Windows\Microsoft.NET
2010-08-11 17:34:24 ----RSD---- C:\Windows\assembly
2010-08-11 16:04:27 ----D---- C:\Windows\SYSWOW64\migration
2010-08-11 16:04:27 ----D---- C:\Windows\system32\migration
2010-08-11 16:04:27 ----D---- C:\Program Files\Internet Explorer
2010-08-11 16:04:27 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-11 15:48:36 ----D---- C:\ProgramData\Microsoft Help
2010-08-10 20:51:04 ----D---- C:\Program Files (x86)\AIMP2
2010-08-10 09:39:36 ----D---- C:\Windows\Downloaded Program Files
2010-08-09 21:31:08 ----SD---- C:\Users\Laydenka\AppData\Roaming\Microsoft
2010-08-07 20:02:29 ----D---- C:\Program Files (x86)\Common Files
2010-08-07 19:40:35 ----D---- C:\Program Files (x86)\Java
2010-08-07 14:54:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-08-06 18:52:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-08-05 23:06:35 ----RSD---- C:\Windows\Fonts
2010-08-05 23:05:52 ----D---- C:\Program Files (x86)\Microsoft Works
2010-08-05 22:21:38 ----D---- C:\Windows\system32\DriverStore
2010-08-05 22:21:21 ----SD---- C:\ProgramData\Microsoft
2010-08-05 22:01:47 ----A---- C:\Windows\win.ini
2010-08-04 16:07:13 ----D---- C:\Windows\Speech
2010-08-04 15:30:28 ----D---- C:\Windows\system32\Tasks
2010-08-03 23:04:43 ----D---- C:\Windows\Cursors
2010-08-03 20:52:33 ----A---- C:\Windows\system32\MRT.exe
2010-08-02 16:13:17 ----D---- C:\games
2010-08-02 15:51:38 ----D---- C:\mp3
2010-08-02 15:49:33 ----D---- C:\Program Files (x86)\HP
2010-07-29 17:39:43 ----D---- C:\Windows\twain_32
2010-07-25 23:23:46 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 77977302;77977302 Boot Guard Driver; C:\Windows\system32\DRIVERS\77977302.sys [2009-10-22 40464]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-19 834544]
R1 77977301;77977301; C:\Windows\system32\DRIVERS\77977301.sys [2009-09-25 157712]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-02 116568]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 setup_9.0.0.722_20.08.2010_15-56drv;setup_9.0.0.722_20.08.2010_15-56drv; C:\Windows\system32\DRIVERS\7797730.sys [2009-10-09 352784]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 81072]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 47632]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 24064]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 109056]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-10-26 1202688]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 ai4nsnnc;ai4nsnnc; C:\Windows\system32\drivers\ai4nsnnc.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-04-28 61288]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2008-05-02 8704]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2008-05-02 8704]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-06 364064]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-06-26 66872]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-25 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 fsssvc;Služba Windows Live Zabezpecení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-06-19 395048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1255736]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosim o kontrolu logu

#14 Příspěvek od motji »

:arrow: Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde :)



Ten soubor co jsi se ptala, je ok
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Laydee
Návštěvník
Návštěvník
Příspěvky: 167
Registrován: 19 kvě 2008 15:01

Re: prosim o kontrolu logu

#15 Příspěvek od Laydee »

OTL logfile created on: 8/25/2010 3:49:49 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Laydenka\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 2.03 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 14.92 Gb Total Space | 6.13 Gb Free Space | 41.08% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAYDENKA-NB
Current User Name: Laydenka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/25 06:49:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Laydenka\Desktop\OTL.exe
PRC - [2010/07/24 03:06:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/16 12:54:19 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe
PRC - [2010/06/26 20:17:47 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/06/21 22:42:15 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Laydenka\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/04/01 13:33:20 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/02 11:28:32 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:10 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/10/01 14:55:56 | 000,330,256 | ---- | M] (Kaspersky Lab) -- C:\Users\Laydenka\Desktop\Virus Removal Tool\setup_9.0.0.722_20.08.2010_15-56\setup_9.0.0.722_20.08.2010_15-56.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/07/22 18:33:28 | 000,544,768 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (SafeList) ==========

MOD - [2010/08/25 06:49:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Laydenka\Desktop\OTL.exe
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/26 20:17:47 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/06/19 17:00:43 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/04/01 13:33:20 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 10:28:10 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/19 16:46:54 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/02 13:35:02 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/16 14:24:02 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/11/16 18:33:38 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009/10/26 15:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009/10/22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\77977302.sys -- (77977302)
DRV:64bit: - [2009/10/10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/09 23:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\7797730.sys -- (setup_9.0.0.722_20.08.2010_15-56drv)
DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\77977301.sys -- (77977301)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/02 10:59:08 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2008/05/02 10:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008/05/02 10:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/05/02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2007/08/09 01:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 F5 23 CC BC 0F CB 01 [binary data]
IE - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "seznam.cz"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: support@auto-hide-ip.com:1.0
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.share_proxy_settings: true

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/29 17:35:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/17 19:27:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/20 08:06:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\components [2010/08/07 21:38:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/07/26 17:12:30 | 000,000,000 | ---D | M]

[2010/06/26 17:39:27 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Mozilla\Extensions
[2010/06/26 17:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laydenka\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/24 15:12:24 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Mozilla\Firefox\Profiles\ed5akz0v.default\extensions
[2010/06/24 11:29:02 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Mozilla\Firefox\Profiles\ed5akz0v.default\extensions\support@auto-hide-ip.com
[2010/07/13 11:36:40 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Mozilla\Firefox\Profiles\ed5akz0v.default\extensions\tineye@ideeinc.com
[2010/08/06 08:37:52 | 000,001,819 | ---- | M] () -- C:\Users\Laydenka\AppData\Roaming\Mozilla\Firefox\Profiles\ed5akz0v.default\searchplugins\bing.xml
[2010/08/24 15:12:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/22 13:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/07 19:40:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010/04/01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010/04/01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010/04/01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010/04/01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010/07/16 12:57:53 | 000,001,256 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 gosredirector.ea.com
O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Laydenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_20.08.2010_15-56.lnk = C:\Users\Laydenka\Desktop\Virus Removal Tool\setup_9.0.0.722_20.08.2010_15-56\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1270311530-2584071053-1987869603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9c5d7c5a-9e1e-11df-8431-001bfc0bf5af}\Shell - "" = AutoRun
O33 - MountPoints2\{9c5d7c5a-9e1e-11df-8431-001bfc0bf5af}\Shell\AutoRun\command - "" = F:\Dummy.exe -- File not found
O33 - MountPoints2\{ab0ae5c2-7bb4-11df-a694-001bfc0bf5af}\Shell - "" = AutoRun
O33 - MountPoints2\{ab0ae5c2-7bb4-11df-a694-001bfc0bf5af}\Shell\AutoRun\command - "" = E:\cont32.exe data\uvod_ces.ctx -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: wave1 - serwvdrv.dll (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: wave1 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/08/25 06:49:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Laydenka\Desktop\OTL.exe
[2010/08/25 06:42:34 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/24 19:56:14 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\Desktop\cspggui16
[2010/08/24 14:39:12 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\Desktop\The_Prodigy_-_The_Fat_of_the_Land
[2010/08/24 13:18:09 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\Desktop\E__Prodigy-_The_best_of
[2010/08/21 12:50:35 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\AppData\Roaming\Avira
[2010/08/21 12:46:39 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/08/21 12:46:39 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/08/21 12:46:39 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/08/21 12:46:39 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/08/21 12:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/08/21 12:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/08/20 23:30:47 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\AppData\Roaming\vlc
[2010/08/20 23:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/08/20 16:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/08/20 16:06:08 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\7797730.sys
[2010/08/20 16:06:08 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\77977301.sys
[2010/08/20 16:06:08 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\77977302.sys
[2010/08/20 16:06:08 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\Desktop\Virus Removal Tool
[2010/08/20 09:57:38 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\Desktop\Desktop
[2010/08/17 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\AppData\Roaming\Malwarebytes
[2010/08/17 19:04:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/17 19:04:53 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/17 19:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/17 19:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/17 19:04:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laydenka\Desktop\mbam-setup-1.46.exe
[2010/08/16 17:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/08/16 17:10:42 | 000,000,000 | ---D | C] -- C:\rsit
[2010/08/12 21:01:26 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\Documents\Any Video Converter Professional
[2010/08/12 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\AppData\Roaming\AnvSoft
[2010/08/12 21:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2010/08/11 15:41:08 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 15:41:08 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/11 15:41:07 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/08/11 15:40:51 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 15:40:51 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 15:40:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 15:40:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 15:40:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 15:40:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 15:40:44 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 15:40:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 15:40:42 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/10 21:37:44 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\AppData\Roaming\HPAppData
[2010/08/09 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\Desktop\enselor_cze
[2010/08/07 21:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2
[2010/08/07 21:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Doctor
[2010/08/07 21:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Doctor
[2010/08/07 20:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/07 19:40:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/07 19:40:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/07 19:40:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/05 22:39:09 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\Tracing
[2010/08/05 22:35:49 | 000,061,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/08/05 22:35:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/08/05 22:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/08/05 22:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/08/05 22:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/08/05 22:10:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2010/08/05 20:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/08/05 20:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/08/05 20:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/08/05 20:37:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/08/05 20:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/08/05 20:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/08/05 20:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/08/04 16:06:58 | 000,421,888 | ---- | C] (IBM Corporation) -- C:\Windows\SysWow64\setresuk.dll
[2010/08/04 16:06:58 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\roboex32.dll
[2010/08/04 16:06:58 | 000,167,936 | ---- | C] (IBM Corporation) -- C:\Windows\SysWow64\setnote.cpl
[2010/08/04 16:06:58 | 000,049,152 | ---- | C] (IBM Corporation) -- C:\Windows\SysWow64\vvrtkclients.dll
[2010/08/04 16:06:58 | 000,018,944 | ---- | C] (IBM Corporation) -- C:\Windows\SysWow64\VVRtkReg.dll
[2010/08/04 16:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ViaVoice
[2010/08/04 16:06:56 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/08/04 15:16:45 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\AppData\Roaming\LANGMaster
[2010/08/04 15:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LANGMaster
[2010/08/04 15:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\LANGMaster
[2010/08/03 23:04:48 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2010/08/03 23:04:47 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/08/02 15:51:43 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\Documents\StarCraft II
[2010/08/01 14:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/08/01 14:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/07/30 15:08:40 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\AppData\Local\Activision
[2010/07/30 13:59:16 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\Desktop\Angličtina do ucha
[2010/07/29 17:17:12 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\AppData\Roaming\HpUpdate
[2010/07/29 17:17:08 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2010/07/29 13:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2010/07/29 12:03:47 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/07/29 12:03:46 | 000,421,888 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2010/07/26 18:27:33 | 000,000,000 | ---D | C] -- C:\Users\Laydenka\Desktop\Michael Jackson - Greatest Hits
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/25 15:55:12 | 002,097,152 | -HS- | M] () -- C:\Users\Laydenka\NTUSER.DAT
[2010/08/25 15:47:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1270311530-2584071053-1987869603-1000UA.job
[2010/08/25 15:44:53 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 15:44:53 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 15:40:47 | 001,470,062 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/25 15:40:47 | 000,631,314 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010/08/25 15:40:47 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/25 15:40:47 | 000,121,922 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010/08/25 15:40:47 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/25 15:36:29 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 15:36:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 15:36:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 15:36:11 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 08:28:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 06:59:09 | 001,592,048 | -H-- | M] () -- C:\Users\Laydenka\AppData\Local\IconCache.db
[2010/08/25 06:49:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Laydenka\Desktop\OTL.exe
[2010/08/24 19:55:42 | 000,006,054 | ---- | M] () -- C:\Users\Laydenka\Desktop\cspggui16.zip
[2010/08/24 13:37:59 | 135,032,654 | ---- | M] () -- C:\Users\Laydenka\Desktop\The_Prodigy_-_The_Fat_of_the_Land.rar
[2010/08/24 13:17:37 | 069,982,651 | ---- | M] () -- C:\Users\Laydenka\Desktop\E__Prodigy-_The_best_of.rar
[2010/08/24 13:16:05 | 000,192,852 | ---- | M] () -- C:\Users\Laydenka\Desktop\The_Prodigy_-_The_Fat_of_the_Land__1997__320kbps.rar.part
[2010/08/24 13:16:05 | 000,000,000 | ---- | M] () -- C:\Users\Laydenka\Desktop\The_Prodigy_-_The_Fat_of_the_Land__1997__320kbps.rar
[2010/08/21 12:44:02 | 044,092,512 | ---- | M] () -- C:\Users\Laydenka\Desktop\avira_antivir_personal_en.exe
[2010/08/20 23:30:40 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/20 22:47:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1270311530-2584071053-1987869603-1000Core.job
[2010/08/20 16:07:24 | 000,002,226 | ---- | M] () -- C:\Users\Laydenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_20.08.2010_15-56.lnk
[2010/08/20 14:42:35 | 000,001,011 | ---- | M] () -- C:\Users\Laydenka\Desktop\CCleaner.lnk
[2010/08/20 08:06:43 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/17 19:04:57 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/17 19:04:37 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Laydenka\Desktop\mbam-setup-1.46.exe
[2010/08/16 17:07:43 | 000,832,273 | ---- | M] () -- C:\Users\Laydenka\Desktop\RSITx64.exe
[2010/08/12 21:00:22 | 000,001,193 | ---- | M] () -- C:\Users\Laydenka\Desktop\Any Video Converter Professional.lnk
[2010/08/11 20:49:48 | 002,514,949 | ---- | M] () -- C:\Users\Laydenka\Desktop\inx [neo] 2K10_011_+++.ogg
[2010/08/11 16:06:35 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/10 21:50:35 | 014,581,156 | ---- | M] () -- C:\Users\Laydenka\Desktop\watch2.mp4
[2010/08/10 21:45:51 | 013,770,728 | ---- | M] () -- C:\Users\Laydenka\Desktop\watch1.mp4
[2010/08/10 21:44:53 | 005,725,095 | ---- | M] () -- C:\Users\Laydenka\Desktop\149489561734918_24878.mp4
[2010/08/10 21:09:01 | 000,013,831 | ---- | M] () -- C:\Users\Laydenka\Desktop\tralala.docx
[2010/08/10 20:51:05 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AIMP2.lnk
[2010/08/10 20:51:04 | 000,000,991 | ---- | M] () -- C:\Users\Laydenka\Application Data\Microsoft\Internet Explorer\Quick Launch\AIMP2.lnk
[2010/08/09 21:27:03 | 000,509,689 | ---- | M] () -- C:\Users\Laydenka\Desktop\enselor_cze.zip
[2010/08/07 21:38:32 | 000,002,159 | ---- | M] () -- C:\Users\Laydenka\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 2.lnk
[2010/08/07 21:38:32 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 2.lnk
[2010/08/06 08:36:48 | 000,109,616 | ---- | M] () -- C:\Users\Laydenka\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/05 22:01:47 | 000,000,513 | ---- | M] () -- C:\Windows\win.ini
[2010/08/05 20:37:40 | 000,000,020 | ---- | M] () -- C:\Windows\„öŠ
[2010/08/04 23:39:57 | 000,000,788 | RH-- | M] () -- C:\Windows\SysWow64\ttri.dat
[2010/08/04 16:06:53 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Berlitz.lnk
[2010/08/02 16:13:20 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/08/02 15:49:52 | 000,001,612 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/08/01 15:05:16 | 000,618,319 | ---- | M] () -- C:\Users\Laydenka\Desktop\inx [neo] 2K10_011+++.ogg
[2010/07/30 14:29:02 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.005
[2010/07/30 14:27:10 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.004
[2010/07/30 14:26:56 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.003
[2010/07/30 14:24:00 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.002
[2010/07/30 14:23:49 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.001
[2010/07/30 14:23:36 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.000
[2010/07/30 14:05:28 | 263,734,732 | ---- | M] () -- C:\Users\Laydenka\Desktop\ANGLICTINA DO UCHA - COPY.rar
[2010/07/30 13:58:03 | 141,606,683 | ---- | M] () -- C:\Users\Laydenka\Desktop\Angličtina do ucha.rar
[2010/07/29 17:37:31 | 000,023,145 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/07/29 13:07:02 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2010/07/29 12:03:46 | 000,421,888 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2010/07/29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/07/28 20:42:21 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2010/07/28 16:06:39 | 000,000,681 | ---- | M] () -- C:\Users\Public\Desktop\Quake 4.lnk
[2010/07/26 18:20:13 | 168,981,843 | ---- | M] () -- C:\Users\Laydenka\Desktop\Michael Jackson - Greatest Hits.rar
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/24 19:55:40 | 000,006,054 | ---- | C] () -- C:\Users\Laydenka\Desktop\cspggui16.zip
[2010/08/24 13:20:17 | 135,032,654 | ---- | C] () -- C:\Users\Laydenka\Desktop\The_Prodigy_-_The_Fat_of_the_Land.rar
[2010/08/24 13:16:05 | 000,000,000 | ---- | C] () -- C:\Users\Laydenka\Desktop\The_Prodigy_-_The_Fat_of_the_Land__1997__320kbps.rar
[2010/08/24 13:16:03 | 000,192,852 | ---- | C] () -- C:\Users\Laydenka\Desktop\The_Prodigy_-_The_Fat_of_the_Land__1997__320kbps.rar.part
[2010/08/24 13:14:24 | 069,982,651 | ---- | C] () -- C:\Users\Laydenka\Desktop\E__Prodigy-_The_best_of.rar
[2010/08/21 12:43:11 | 044,092,512 | ---- | C] () -- C:\Users\Laydenka\Desktop\avira_antivir_personal_en.exe
[2010/08/20 23:30:40 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/20 16:07:24 | 000,002,226 | ---- | C] () -- C:\Users\Laydenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_20.08.2010_15-56.lnk
[2010/08/17 19:04:57 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 17:07:42 | 000,832,273 | ---- | C] () -- C:\Users\Laydenka\Desktop\RSITx64.exe
[2010/08/12 21:00:22 | 000,001,193 | ---- | C] () -- C:\Users\Laydenka\Desktop\Any Video Converter Professional.lnk
[2010/08/11 20:49:46 | 002,514,949 | ---- | C] () -- C:\Users\Laydenka\Desktop\inx [neo] 2K10_011_+++.ogg
[2010/08/10 21:50:11 | 014,581,156 | ---- | C] () -- C:\Users\Laydenka\Desktop\watch2.mp4
[2010/08/10 21:45:30 | 013,770,728 | ---- | C] () -- C:\Users\Laydenka\Desktop\watch1.mp4
[2010/08/10 21:44:49 | 005,725,095 | ---- | C] () -- C:\Users\Laydenka\Desktop\149489561734918_24878.mp4
[2010/08/10 20:51:03 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AIMP2.lnk
[2010/08/10 20:30:13 | 000,013,831 | ---- | C] () -- C:\Users\Laydenka\Desktop\tralala.docx
[2010/08/09 21:27:01 | 000,509,689 | ---- | C] () -- C:\Users\Laydenka\Desktop\enselor_cze.zip
[2010/08/07 21:38:32 | 000,002,159 | ---- | C] () -- C:\Users\Laydenka\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 2.lnk
[2010/08/07 21:38:32 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 2.lnk
[2010/08/05 20:37:39 | 000,000,020 | ---- | C] () -- C:\Windows\„öŠ
[2010/08/04 16:06:48 | 000,000,788 | RH-- | C] () -- C:\Windows\SysWow64\ttri.dat
[2010/08/04 15:16:59 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Berlitz.lnk
[2010/08/02 15:51:43 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/08/02 15:40:05 | 000,001,612 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/08/01 15:05:03 | 000,618,319 | ---- | C] () -- C:\Users\Laydenka\Desktop\inx [neo] 2K10_011+++.ogg
[2010/07/30 14:29:02 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.005
[2010/07/30 14:27:10 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.004
[2010/07/30 14:26:56 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.003
[2010/07/30 14:23:59 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.002
[2010/07/30 14:23:48 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.001
[2010/07/30 14:23:35 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.000
[2010/07/30 13:58:19 | 263,734,732 | ---- | C] () -- C:\Users\Laydenka\Desktop\ANGLICTINA DO UCHA - COPY.rar
[2010/07/30 13:54:34 | 141,606,683 | ---- | C] () -- C:\Users\Laydenka\Desktop\Angličtina do ucha.rar
[2010/07/29 17:34:41 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/07/29 13:07:02 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2010/07/28 20:42:21 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2010/07/26 18:14:54 | 168,981,843 | ---- | C] () -- C:\Users\Laydenka\Desktop\Michael Jackson - Greatest Hits.rar
[2010/07/22 16:03:56 | 000,002,555 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/19 19:51:06 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\libmySQL.dll
[2010/06/19 19:51:06 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\TrackerNET.dll
[2010/06/19 19:48:30 | 000,000,056 | ---- | C] () -- C:\Windows\sierra.ini
[2009/11/16 18:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/08/24 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\AIMP
[2010/08/12 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\AnvSoft
[2010/06/19 18:00:01 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Ashampoo
[2010/06/24 11:28:52 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\AutoHideIP
[2010/06/19 19:46:18 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\DAEMON Tools Lite
[2010/06/26 11:26:07 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Facebook
[2010/06/22 16:19:54 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\GHISLER
[2010/08/24 13:47:57 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\ICQ
[2010/08/04 15:16:45 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\LANGMaster
[2010/06/26 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Leadertech
[2010/07/03 11:38:37 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Need for Speed World
[2010/06/26 17:39:25 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Thunderbird
[2010/08/24 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\uTorrent
[2010/06/22 13:59:10 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\VitySoft
[2010/07/14 13:13:35 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\VSO
[2010/08/18 15:06:02 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Google Update" = "C:\Users\Laydenka\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010/06/19 16:37:43 | 000,136,176 | ---- | M] (Google Inc.)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"RocketDock" = "C:\Program Files (x86)\RocketDock\RocketDock.exe" -- [2007/09/02 13:58:52 | 000,495,616 | ---- | M] ()
"ICQ" = "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 -- [2010/07/16 12:54:19 | 000,133,368 | ---- | M] (ICQ, LLC.)

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/07/23 18:00:06 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Adobe
[2010/08/24 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\AIMP
[2010/08/12 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\AnvSoft
[2010/06/19 18:00:01 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Ashampoo
[2010/06/24 11:28:52 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\AutoHideIP
[2010/08/21 12:50:35 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Avira
[2010/06/19 19:46:18 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\DAEMON Tools Lite
[2010/06/26 11:26:07 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Facebook
[2010/06/22 16:19:54 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\GHISLER
[2010/07/22 17:51:59 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\HP
[2010/08/10 21:37:44 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\HPAppData
[2010/08/05 19:13:38 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\HpUpdate
[2010/08/24 13:47:57 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\ICQ
[2010/06/19 16:30:09 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Identities
[2010/08/04 15:16:45 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\LANGMaster
[2010/06/26 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Leadertech
[2010/06/19 16:52:18 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Macromedia
[2010/08/17 19:05:10 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Malwarebytes
[2009/07/14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Media Center Programs
[2010/08/09 21:31:08 | 000,000,000 | --SD | M] -- C:\Users\Laydenka\AppData\Roaming\Microsoft
[2010/06/21 12:40:41 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Mozilla
[2010/07/03 11:38:37 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Need for Speed World
[2010/06/26 17:39:25 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\Thunderbird
[2010/08/24 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\uTorrent
[2010/06/22 13:59:10 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\VitySoft
[2010/08/20 23:33:20 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\vlc
[2010/07/14 13:13:35 | 000,000,000 | ---D | M] -- C:\Users\Laydenka\AppData\Roaming\VSO
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“