Pozrite sa mi na to pls

[alwil]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Peťo at 2010-12-10 03:40:22
Microsoft Windows 7 Professional
System drive C: has 14 GB (22%) free of 61 GB
Total RAM: 4095 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:41:21, on 10. 12. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\TCB Networks\StrokeIt\strokeit.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\trend micro\Peťo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WebIE.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WebIE.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files (x86)\TCB Networks\StrokeIt\strokeit.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files (x86)\IVT Corporation\BlueSoleil\gprs.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files (x86)\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Xacti LLC - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9694 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe"
"C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
Atouch64.exe
ATKOSD.exe
WDC.exe
"C:\Program Files\OO Software\Defrag\oodag.exe"
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe"
C:\Windows\SysWOW64\rpcnet.exe
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\TCB Networks\StrokeIt\strokeit.exe"
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe"
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
KHALMNPR.EXE /API
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe" /TUStart /pid:2724
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\splwow64.exe 2
"D:\Stiahnuté\RSITx64.exe"
taskeng.exe {4680F9E6-64E4-4E98-93FD-BEFC990743BA}

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-872177969-757071468-1379090124-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-872177969-757071468-1379090124-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-08 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WebIE.dll [2010-10-08 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WebIE.dll [2010-10-08 503808]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-07-30 617856]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-06-26 1609296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"StrokeIt"=C:\Program Files (x86)\TCB Networks\StrokeIt\strokeit.exe [2010-01-03 26248]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BlueSoleil.lnk - C:\Program Files (x86)\IVT Corporation\BlueSoleil\gprs.exe

C:\Users\Peťo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-05-06 66640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-10 01:02:23 ----D---- C:\Program Files\Microsoft Games
2010-12-08 23:21:00 ----A---- C:\Windows\system32\drivers\1394ohci.sys
2010-12-06 11:28:29 ----D---- C:\Users\Peťo\AppData\Roaming\Ashampoo
2010-12-06 11:28:25 ----D---- C:\Program Files (x86)\Conduit
2010-12-06 11:28:24 ----D---- C:\Program Files (x86)\MyAshampoo
2010-12-06 11:28:17 ----D---- C:\ProgramData\ashampoo
2010-12-06 11:27:40 ----D---- C:\Program Files (x86)\Ashampoo
2010-12-04 13:25:53 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-12-04 13:24:10 ----D---- C:\ProgramData\NVIDIA Corporation
2010-12-04 13:22:43 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2010-12-04 13:22:43 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2010-12-04 13:22:43 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2010-12-04 13:22:43 ----A---- C:\Windows\system32\nvoglv64.dll
2010-12-04 13:22:43 ----A---- C:\Windows\system32\nvgenco642030.dll
2010-12-04 13:22:43 ----A---- C:\Windows\system32\nvdispco642050.dll
2010-12-04 13:22:43 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-12-04 13:22:43 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-12-04 13:22:42 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2010-12-04 13:22:42 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2010-12-04 13:22:42 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2010-12-04 13:22:42 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2010-12-04 13:22:42 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2010-12-04 13:22:42 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2010-12-04 13:22:42 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2010-12-04 13:22:42 ----A---- C:\Windows\system32\OpenCL.dll
2010-12-04 13:22:42 ----A---- C:\Windows\system32\nvcuvid.dll
2010-12-04 13:22:42 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-12-04 13:22:42 ----A---- C:\Windows\system32\nvcuda.dll
2010-12-04 13:22:42 ----A---- C:\Windows\system32\nvcompiler.dll
2010-12-04 12:31:42 ----D---- C:\rsit
2010-12-04 12:31:42 ----D---- C:\Program Files\trend micro
2010-12-02 12:10:05 ----D---- C:\Users\Peťo\AppData\Roaming\codeblocks
2010-12-02 12:09:33 ----D---- C:\Program Files (x86)\CodeBlocks
2010-11-25 13:01:57 ----A---- C:\Windows\system32\unrar.dll
2010-11-25 13:01:57 ----A---- C:\Windows\system32\ff_vfw.dll
2010-11-25 13:01:55 ----D---- C:\Program Files\KLCP64
2010-11-24 20:06:21 ----D---- C:\Program Files\StrongDC++
2010-11-24 00:05:52 ----SHD---- C:\Config.Msi
2010-11-20 18:46:08 ----HD---- C:\VritualRoot
2010-11-20 18:42:17 ----D---- C:\ProgramData\Comodo
2010-11-20 18:42:11 ----D---- C:\Program Files\COMODO
2010-11-17 11:48:59 ----D---- C:\Program Files\Tracker Software
2010-11-16 23:20:52 ----D---- C:\Users\Peťo\AppData\Roaming\translateclient
2010-11-16 23:20:38 ----D---- C:\Program Files (x86)\Translate Client
2010-11-16 23:20:28 ----D---- C:\Users\Peťo\AppData\Roaming\vlc
2010-11-15 23:35:28 ----D---- C:\Users\Peťo\AppData\Roaming\Foxit Software
2010-11-15 23:32:40 ----D---- C:\Program Files (x86)\Foxit Software
2010-11-13 18:50:37 ----D---- C:\Windows\Profiles
2010-11-13 18:45:14 ----A---- C:\Windows\system32\drivers\revoflt.sys
2010-11-13 18:45:12 ----D---- C:\Program Files\VS Revo Group

======List of files/folders modified in the last 1 months======

2010-12-10 03:41:09 ----D---- C:\Windows\Temp
2010-12-10 03:40:17 ----D---- C:\Windows\Prefetch
2010-12-10 02:43:18 ----D---- C:\Users\Peťo\AppData\Roaming\TeraCopy
2010-12-10 01:12:41 ----D---- C:\Windows\system32\config
2010-12-10 01:02:34 ----D---- C:\Windows\winsxs
2010-12-10 01:02:23 ----RD---- C:\Program Files
2010-12-10 01:02:23 ----D---- C:\Windows\system32\en-US
2010-12-10 01:02:23 ----D---- C:\Windows\System32
2010-12-10 01:02:14 ----SHD---- C:\System Volume Information
2010-12-10 00:23:02 ----AD---- C:\ProgramData\TEMP
2010-12-09 21:34:53 ----A---- C:\Windows\system32\rpcnetp.exe
2010-12-09 19:55:36 ----D---- C:\Users\Peťo\AppData\Roaming\Macromedia
2010-12-09 19:54:51 ----D---- C:\Windows
2010-12-09 19:53:47 ----HD---- C:\ProgramData
2010-12-09 19:53:22 ----D---- C:\ProgramData\NVIDIA
2010-12-09 19:53:18 ----A---- C:\Windows\SYSWOW64\rpcnet.dll
2010-12-09 19:53:00 ----D---- C:\Windows\Minidump
2010-12-09 19:36:04 ----D---- C:\Users\Peťo\AppData\Roaming\Disk Cleaner
2010-12-09 19:35:27 ----D---- C:\Users\Peťo\AppData\Roaming\Winamp
2010-12-08 23:21:27 ----D---- C:\Windows\system32\DriverStore
2010-12-08 23:21:27 ----D---- C:\Windows\system32\drivers
2010-12-08 23:21:04 ----D---- C:\Windows\system32\catroot
2010-12-08 23:19:02 ----D---- C:\Windows\inf
2010-12-08 23:19:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-07 10:25:11 ----D---- C:\Windows\system32\catroot2
2010-12-07 00:07:35 ----D---- C:\Program Files (x86)\Winamp
2010-12-06 23:40:57 ----D---- C:\Program Files (x86)\Winamp Detect
2010-12-06 20:25:36 ----D---- C:\Windows\system32\wdi
2010-12-06 17:29:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-12-06 11:28:25 ----RD---- C:\Users
2010-12-06 11:28:25 ----RD---- C:\Program Files (x86)
2010-12-06 11:28:24 ----D---- C:\Windows\SysWOW64
2010-12-04 23:17:58 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-04 20:20:36 ----D---- C:\ProgramData\Spyware Terminator
2010-12-04 20:13:13 ----D---- C:\Users\Peťo\AppData\Roaming\Spyware Terminator
2010-12-04 17:13:18 ----D---- C:\Windows\system32\drivers\etc
2010-12-04 14:49:37 ----D---- C:\Windows\system32\Tasks
2010-12-04 14:42:32 ----D---- C:\Windows\SYSWOW64\drivers
2010-12-04 13:25:58 ----SHD---- C:\Windows\Installer
2010-12-04 13:23:48 ----D---- C:\Program Files\NVIDIA Corporation
2010-11-29 07:46:09 ----A---- C:\Windows\SYSWOW64\rpcnetp.dll
2010-11-29 07:45:51 ----A---- C:\Windows\SYSWOW64\rpcnetp.exe
2010-11-27 12:53:19 ----D---- C:\Program Files (x86)\IObit
2010-11-27 12:07:41 ----D---- C:\Windows\system32\oodag
2010-11-26 22:18:40 ----D---- C:\Windows\Tasks
2010-11-26 22:18:40 ----D---- C:\Windows\system32\wfp
2010-11-26 22:18:40 ----D---- C:\Windows\system32\CodeIntegrity
2010-11-26 22:18:39 ----D---- C:\Windows\AppCompat
2010-11-26 22:18:39 ----D---- C:\Users\Peťo\AppData\Roaming\Dev-Cpp
2010-11-26 22:18:38 ----D---- C:\Windows\system32\wbem
2010-11-26 22:18:38 ----D---- C:\Windows\registration
2010-11-26 22:18:38 ----D---- C:\Program Files (x86)\RocketDock
2010-11-26 22:17:01 ----D---- C:\Windows\system32\LogFiles
2010-11-25 10:59:19 ----D---- C:\Program Files (x86)\Digsby
2010-11-24 21:54:00 ----D---- C:\Program Files\Internet Explorer
2010-11-24 21:54:00 ----D---- C:\Program Files (x86)\Internet Explorer
2010-11-23 23:05:30 ----D---- C:\Users\Peťo\AppData\Roaming\LangSoft
2010-11-23 23:05:30 ----D---- C:\Users\Peťo\AppData\Roaming\IrfanView
2010-11-23 23:05:30 ----D---- C:\Users\Peťo\AppData\Roaming\IObit
2010-11-23 23:05:30 ----D---- C:\ProgramData\ESET
2010-11-23 23:05:23 ----D---- C:\Program Files\ESET
2010-11-23 23:04:34 ----D---- C:\ProgramData\IObit
2010-11-20 13:28:23 ----D---- C:\Program Files (x86)\Adobe
2010-11-20 13:28:07 ----SD---- C:\Users\Peťo\AppData\Roaming\Microsoft
2010-11-20 13:28:07 ----D---- C:\Users\Peťo\AppData\Roaming\Adobe
2010-11-20 13:28:02 ----D---- C:\Program Files (x86)\Common Files
2010-11-19 18:07:23 ----D---- C:\ProgramData\Adobe
2010-11-17 19:03:09 ----D---- C:\Program Files (x86)\Spyware Terminator
2010-11-17 12:44:17 ----D---- C:\Program Files\Defraggler
2010-11-17 12:38:25 ----D---- C:\Users\Peťo\AppData\Roaming\Azureus
2010-11-17 12:34:15 ----D---- C:\Program Files\Common Files
2010-11-17 11:20:23 ----D---- C:\Users\Peťo\AppData\Roaming\Nitro PDF
2010-11-16 23:20:41 ----RSD---- C:\Windows\Fonts
2010-11-15 19:30:36 ----RHD---- C:\MSOCache
2010-11-13 19:00:50 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-13 18:46:44 ----D---- C:\Program Files (x86)\Vuze
2010-11-13 15:07:49 ----D---- C:\Users\Peťo\AppData\Roaming\Registry Mechanic
2010-11-13 14:58:27 ----D---- C:\Windows\debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 24976]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 49680]
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-08-12 69152]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
R2 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\Peťo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-10-08 14544]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-02-12 2203136]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 37896]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 37384]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 25360]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 47368]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-07-09 140800]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-03-18 63568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-03-18 57936]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-28 28704]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 11264]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-08 347680]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 47120]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 63248]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition x64\SysInfoX64.sys [2007-09-25 18128]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2010-11-06 17440]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe [2008-03-19 166520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 HDDlife HDD Access service;HDDlife HDD Access service; C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 989800]
R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2010-09-10 3065160]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\SysWOW64\rpcnet.exe [2010-10-13 57752]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-10-09 1033255]
R2 Start BT in service;Start BT in service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2008-03-19 51816]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-14 1956136]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-27 1974080]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2003-04-18 8192]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-11-27 1375992]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 357456]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-09 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2010-12-04 12:32:00

======Uninstall list======

-->MsiExec.exe /X{95140000-007A-0409-0000-0000000FF1CE}
7-Zip 9.16 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0916-000001000000}
Ad-Aware-->"C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.4.1 - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AquaSnap-->MsiExec.exe /X{7D733DBC-1761-4EC9-831A-8976062B33CA}
Atheros Client Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0005 -removeonly
ATK Hotkey-->MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9}
ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-->MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B}
aTube Catcher-->C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\uninstall.exe
BlueJ 3.0.2-->"C:\BlueJ\uninst\unins000.exe"
Bluesoleil2.7.0.35 VoIP Release 080317-->MsiExec.exe /X{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Client for Google Translate-->"C:\Program Files (x86)\Translate Client\translateclient_uninst.exe"
Čumík - Tvoj virtuálny set-top box-->MsiExec.exe /X{0C6428F6-97B3-47A9-9B67-7F2E5A620E6D}
Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{820F2EBF-0AEC-46F1-9DCD-66CAAD8344D3}" "1051" "0"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
Digsby-->C:\Program Files (x86)\Digsby\uninstall.exe
Disk Cleaner (remove only)-->"C:\Program Files (x86)\Disk Cleaner\uninstall.exe"
doPDF 7.1 printer-->"C:\Program Files\Softland\doPDF 7\unins000.exe"
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
ETDWare PS/2-x64 7.0.5.7_WHQL-->C:\Program Files\Elantech\ETDUninst.exe
FM Screen Capture Codec (Remove Only)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\fmcodec.inf
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
GlassFish Server Open Source Edition 3.0.1-->"C:\Program Files\glassfish-3.0.1\uninstall.exe"
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Java(TM) 6 Update 23 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416023FF}
Java(TM) SE Development Kit 6 Update 23 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0160230}
KillWinamp 1.61-->"C:\Program Files (x86)\KillWinamp\unins000.exe"
K-Lite Codec Pack (64-bit) v4.1.0-->"C:\Program Files\KLCP64\unins000.exe"
Logitech SetPoint 6.15-->C:\Program Files\Common Files\LogiShrd\SP6_Uninstall\setup.exe
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
MediaCoder Audio Edition x64 0.7.5.4700-->C:\Program Files\MediaCoder Audio Edition x64\uninst.exe
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
Microsoft Help Viewer 1.0-->MsiExec.exe /X{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}
Microsoft Image Composite Editor-->MsiExec.exe /I{4ACA6F0A-97D9-4CD0-9F66-2CFB30A97E3C}
Microsoft Office Access MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0016-041B-0000-0000000FF1CE}
Microsoft Office Groove MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00BA-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0044-041B-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00A1-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2010-->MsiExec.exe /X{90140000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2010-->MsiExec.exe /X{90140000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Slovak) 2010-->MsiExec.exe /X{90140000-002A-041B-1000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2010-->MsiExec.exe /X{90140000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001B-041B-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{4E968D9C-21A7-4915-B698-F7AEB913541D}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Compact 3.5 SP2 x64 ENU-->MsiExec.exe /I{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}
Microsoft SQL Server System CLR Types-->MsiExec.exe /I{2A2F3AE8-246A-4252-BB26-1BEB45627074}
Microsoft Visual Basic 2010 Express - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual Basic 2010 Express - ENU\setup.exe
Microsoft Visual Basic 2010 Express - ENU-->MsiExec.exe /X{ED784556-66AA-3F17-9B58-7246ACB5C7E4}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319-->MsiExec.exe /X{94D70749-4281-39AC-AD90-B56A0E0A402E}
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools-->MsiExec.exe /X{14DD7530-CCD2-3798-B37D-3839ED6A441C}
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU-->MsiExec.exe /X{BCA26999-EC22-3007-BB79-638913079C9A}
NetBeans IDE 6.9.1-->"C:\Program Files\NetBeans 6.9.1\uninstall.exe"
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
O&O Defrag Professional-->MsiExec.exe /I{8027B1DD-D875-4315-8FE9-B2CFDD1BB8F1}
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Recuva-->"C:\Program Files\Recuva\uninst.exe"
Registry Mechanic 10.0-->"C:\Program Files (x86)\Registry Mechanic\unins000.exe" /Log
Revo Uninstaller Pro 2.4.3-->"C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft Office 2010 (KB2289161)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{F134C2C6-30B3-4169-A325-58482B4CE6FC}" "1051" "0"
Security Update for Microsoft Word 2010 (KB2345000)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}" "1051" "0"
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Speccy-->"C:\Program Files\Speccy\uninst.exe"
Splash PRO-->MsiExec.exe /I{453E7B8A-8329-4228-8499-DF78F0FC422C}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator-->"C:\Program Files (x86)\Spyware Terminator\unins000.exe"
SpywareBlaster 4.4-->"C:\Program Files (x86)\SpywareBlaster\unins000.exe"
StrokeIt (Czech)-->"C:\Program Files (x86)\TCB Networks\StrokeIt\Czech_uninstall.exe"
StrokeIt-->"C:\Program Files (x86)\TCB Networks\StrokeIt\uninstall.exe"
StrongDC++ 2.41-->"C:\Program Files\StrongDC++\uninstall.exe"
TeamViewer 5-->C:\Program Files (x86)\TeamViewer\Version5\uninstall.exe
TeraCopy 2.12-->"C:\Program Files\TeraCopy\unins000.exe"
TuneUp Utilities 2011-->C:\Program Files (x86)\TuneUp Utilities 2011\TUInstallHelper.exe --Trigger-Uninstall
Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1051" "0"
Update for Microsoft OneNote 2010 (KB2288640)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{521AB5E8-5FFF-45C8-B750-6967F8C0A2B9}" "1051" "0"
Update for Microsoft Outlook Social Connector (KB2289116)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}" "1051" "0"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\SysWOW64\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /X{112C23F2-C036-4D40-BED4-0CB47BF5555C}
VLC media player 1.1.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files (x86)\Vuze\uninstall.exe
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: PETONB
Event Code: 219
Message: The driver \Driver\IntcAzAudAddService failed to load for the device HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_104316F3&REV_1001\4&221652b5&0&0001.
Record Number: 543
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20101008170046.516800-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: PETONB
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 525
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20101008165947.009400-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: PETONB
Event Code: 10000
Message: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Record Number: 488
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20101008165750.196600-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: PETONB
Event Code: 10000
Message: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Record Number: 486
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20101008165747.607000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 7
Message: A hardware error occurred. The event contains the vendor-specific error code.
Record Number: 280
Source Name: BTHUSB
Time Written: 20101008164232.530000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: PETONB
Event Code: 513
Message: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.
Record Number: 286
Source Name: Microsoft-Windows-CAPI2
Time Written: 20101008171024.623600-000
Event Type: Error
User:

Computer Name: PETONB
Event Code: 513
Message: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.
Record Number: 266
Source Name: Microsoft-Windows-CAPI2
Time Written: 20101008170445.713800-000
Event Type: Error
User:

Computer Name: PETONB
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 848) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
Record Number: 257
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20101008170306.471200-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: PETONB
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-872177969-757071468-1379090124-1000:
Process 392 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-872177969-757071468-1379090124-1000
Process 2812 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-872177969-757071468-1379090124-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

Record Number: 242
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101008165943.639800-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: PETONB
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 129
Source Name: Microsoft-Windows-Search
Time Written: 20101008164644.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: PETONB
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x17556e3

Logon Type: 9

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 677645
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101123200358.240700-000
Event Type: Audit Success
User:

Computer Name: PETONB
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x17556e3

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 677644
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101123200358.240700-000
Event Type: Audit Success
User:

Computer Name: PETONB
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: PETONB$
Account Domain: DOMA
Logon ID: 0x3e7

Logon Type: 9

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x17556e3
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x368
Process Name: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 677643
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101123200358.240700-000
Event Type: Audit Success
User:

Computer Name: PETONB
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x17556bd

Logon Type: 9

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 677642
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101123200358.239700-000
Event Type: Audit Success
User:

Computer Name: PETONB
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x17556bd

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 677641
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101123200358.238700-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a

-----------------EOF-----------------

[motji]

Dobrý večer

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[alwil]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verzia databázy: 5300

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12. 12. 2010 17:32:47
mbam-log-2010-12-12 (17-32-47).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 384735
Uplynutý čas: 1 hod, 15 min, 46 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)

[motji]

Jaké máte problémy s počítačem?