VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

vicenasobny iexplore.exe + jeho padani

https://forum.viry.cz:443/viewtopic.php?t=108568

Stránka 2 z 2

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 16:37
od vyosek
:arrow: Stahnete OTL (viz muj podpis) a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 5 az 10 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 17:00
od vas.heza
OTL.txt - 1. cast

OTL logfile created on: 1/17/2011 4:44:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\vachez\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.41 Gb Total Space | 349.28 Gb Free Space | 75.05% Space Free | Partition Type: NTFS

Computer Name: MILVACHEZ | User Name: vachez | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/17 16:42:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vachez\Desktop\OTL.exe
PRC - [2010/12/20 08:32:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\vachez\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/12/13 15:55:09 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/12/13 15:55:08 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/12/13 15:55:03 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/12/13 15:55:02 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/11/27 13:44:29 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/11/27 13:44:29 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010/11/27 13:44:28 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2010/11/27 00:07:57 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/11/18 03:26:58 | 006,392,832 | ---- | M] (DonationCoder) -- C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
PRC - [2010/11/16 13:45:24 | 002,005,288 | ---- | M] () -- C:\Program Files\Backblaze\bztransmit.exe
PRC - [2010/11/16 13:45:24 | 000,529,704 | ---- | M] () -- C:\Program Files\Backblaze\bzbui.exe
PRC - [2010/11/16 13:45:24 | 000,264,488 | ---- | M] () -- C:\Program Files\Backblaze\bzserv.exe
PRC - [2010/11/01 19:55:30 | 000,094,008 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
PRC - [2010/11/01 19:54:40 | 000,336,184 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\PTIM.exe
PRC - [2010/08/11 18:26:10 | 003,417,480 | ---- | M] (IBM) -- C:\Notes\nsd.exe
PRC - [2010/07/21 14:33:00 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2010/07/21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010/07/02 22:29:28 | 000,703,080 | ---- | M] (Fortinet Inc.) -- C:\Windows\System32\FortiSSLVPNdaemon.exe
PRC - [2010/05/27 18:11:12 | 000,373,248 | ---- | M] () -- C:\Program Files\Wi-Fi Sync\wifisync.exe
PRC - [2010/05/24 08:39:40 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010/04/05 17:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/04/05 17:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2010/03/06 22:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2010/03/03 23:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 23:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/03/03 23:46:50 | 001,114,648 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2010/02/26 19:06:28 | 002,726,528 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\FortiClient\FortiTray.exe
PRC - [2010/02/26 19:05:16 | 000,077,842 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\FortiClient\fcappdb.exe
PRC - [2010/02/26 18:59:20 | 000,331,794 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\FortiClient\FortiProxy.exe
PRC - [2010/02/26 18:54:30 | 000,143,378 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
PRC - [2010/02/26 18:52:58 | 000,966,674 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\FortiClient\FortiVPNSt.exe
PRC - [2010/02/26 18:48:54 | 000,053,266 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\FortiClient\scheduler.exe
PRC - [2010/02/25 22:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2010/02/18 22:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2009/12/29 21:31:32 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/12/29 21:31:32 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/12/29 21:31:32 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/22 09:27:28 | 000,053,248 | ---- | M] (HP) -- C:\Program Files\Hp\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2009/09/22 20:42:16 | 002,453,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hp\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/01 09:26:34 | 000,136,192 | ---- | M] (HP) -- C:\Program Files\Hp\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/03/28 02:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/08/08 07:04:10 | 001,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2008/02/08 05:47:54 | 000,070,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2007/01/30 01:52:06 | 000,688,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/01/23 15:44:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe


========== Modules (SafeList) ==========

MOD - [2011/01/17 16:42:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vachez\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/13 15:55:09 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/12/13 15:55:09 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/12/13 15:55:03 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/12/13 15:55:02 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/12/13 15:55:02 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/12/10 09:40:03 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/27 13:44:29 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010/11/27 13:44:28 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2010/11/27 00:07:57 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/16 13:45:24 | 000,264,488 | ---- | M] () [Auto | Running] -- C:\Program Files\Backblaze\bzserv.exe -- (bzserv)
SRV - [2010/09/07 16:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/08/11 18:26:10 | 003,417,480 | ---- | M] (IBM) [Auto | Running] -- C:\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2010/07/21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/07/02 22:29:28 | 000,703,080 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Windows\System32\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon)
SRV - [2010/05/26 00:24:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/05 17:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 21:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 21:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 21:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 21:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/06 22:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/03/03 23:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 23:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/02/26 18:48:54 | 000,053,266 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Program Files\Fortinet\FortiClient\scheduler.exe -- (FA_Scheduler)
SRV - [2010/02/18 22:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/12/29 21:31:32 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/01 09:26:34 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/03/28 02:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/01/06 18:20:04 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/29 11:38:04 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110116.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/29 11:38:04 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/12/29 11:38:04 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110116.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/13 15:55:11 | 000,043,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/12/13 15:55:10 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/12/13 15:55:10 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/12/13 15:55:10 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/12/13 15:55:04 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/12/13 15:55:04 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/11/27 13:44:29 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/10/28 15:04:56 | 010,361,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/10/18 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/07/14 12:42:23 | 006,814,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2010/06/21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/06/04 03:18:58 | 001,303,728 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/05/31 20:04:29 | 006,766,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2010/05/12 10:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2010/05/12 10:05:45 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2010/05/12 10:05:35 | 000,332,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2010/05/12 10:05:10 | 000,080,264 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2010/05/12 10:05:10 | 000,022,408 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2010/04/30 12:01:48 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/04/30 12:01:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/30 12:01:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/04/05 17:21:50 | 000,331,288 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2010/03/24 08:47:26 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2010/02/27 04:34:18 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/02/27 04:33:56 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/02/26 19:11:04 | 000,035,432 | ---- | M] (Fortinet Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\FortiRdr2.sys -- (FortiRdr)
DRV - [2010/02/26 19:10:48 | 000,037,480 | ---- | M] (Fortinet Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\FortiShield.sys -- (FortiShield)
DRV - [2010/02/26 19:10:46 | 000,098,024 | ---- | M] (Fortinet Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fortips.sys -- (Fortips)
DRV - [2010/02/26 19:10:34 | 000,013,416 | ---- | M] (Fortinet Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\fortiapd.sys -- (fortiapd)
DRV - [2010/02/25 22:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/01/07 18:36:28 | 000,215,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
DRV - [2010/01/07 18:21:06 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2010/01/07 18:21:02 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2010/01/07 18:20:58 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2010/01/07 18:20:56 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2010/01/04 19:35:56 | 000,022,504 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fortidrv.sys -- (Fortidrv2)
DRV - [2009/12/18 23:23:18 | 001,758,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/12/12 05:54:16 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/29 01:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/10/26 22:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/09/17 21:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/22 01:53:06 | 000,036,384 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pppop.sys -- (pppop)
DRV - [2009/07/21 22:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 23:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/26 00:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/26 00:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/26 00:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/02/16 22:23:26 | 000,014,496 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftvnic.sys -- (ft_vnic)
DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1791516072-1313480856-604069369-6105\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
IE - HKU\S-1-5-21-1791516072-1313480856-604069369-6105\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.idnes.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {899DF1F8-2F43-4394-8315-37F6744E6319}:1.0.5
FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.9
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2.5
FF - prefs.js..extensions.enabledItems: ocplugin@webex.com:1.1
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/20 08:32:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/23 21:29:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/11/17 19:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vachez\AppData\Roaming\mozilla\Extensions
[2011/01/16 21:42:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vachez\AppData\Roaming\mozilla\Firefox\Profiles\7bk6srs8.default\extensions
[2010/12/01 22:01:50 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\vachez\AppData\Roaming\mozilla\Firefox\Profiles\7bk6srs8.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010/12/29 18:52:02 | 000,000,000 | ---D | M] (NewsFox) -- C:\Users\vachez\AppData\Roaming\mozilla\Firefox\Profiles\7bk6srs8.default\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}
[2011/01/06 22:08:12 | 000,000,000 | ---D | M] (Sage) -- C:\Users\vachez\AppData\Roaming\mozilla\Firefox\Profiles\7bk6srs8.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}
[2011/01/11 10:27:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\vachez\AppData\Roaming\mozilla\Firefox\Profiles\7bk6srs8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/26 19:15:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\vachez\AppData\Roaming\mozilla\Firefox\Profiles\7bk6srs8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/17 22:15:01 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\vachez\AppData\Roaming\mozilla\Firefox\Profiles\7bk6srs8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/12/29 18:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vachez\AppData\Roaming\mozilla\Firefox\Profiles\7bk6srs8.default\extensions\brief@mozdev.org
[2010/12/01 21:20:44 | 000,001,741 | ---- | M] () -- C:\Users\vachez\AppData\Roaming\Mozilla\Firefox\Profiles\7bk6srs8.default\searchplugins\ask.uk.xml
[2010/12/01 22:02:18 | 000,002,062 | ---- | M] () -- C:\Users\vachez\AppData\Roaming\Mozilla\Firefox\Profiles\7bk6srs8.default\searchplugins\qip-search.xml
[2011/01/04 21:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/23 21:29:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/04 10:51:14 | 000,000,000 | ---D | M] (ocplugin) -- C:\PROGRAM FILES\WEBEX\PRODUCTIVITY TOOLS
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/27 06:19:36 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010/10/27 06:19:36 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010/10/27 06:19:36 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010/10/27 06:19:36 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010/10/27 06:19:36 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 17:01
od vas.heza
2. cast

O1 HOSTS File: ([2011/01/07 16:10:20 | 000,001,093 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (no name) - {395610AE-C624-4f58-B89E-23733EA00F9A} - No CLSID value found.
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\vachez\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IBM Lotus Notes Preloader] C:\Notes\nntspreld.exe (IBM Corp)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [Wi-Fi Sync] C:\Program Files\Wi-Fi Sync\wifisync.exe ()
O4 - HKU\S-1-5-21-1791516072-1313480856-604069369-6105..\Run: [Backblaze] C:\Program Files\Backblaze\bzbui.exe ()
O4 - HKU\S-1-5-21-1791516072-1313480856-604069369-6105..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe (Cisco WebEx LLC)
O4 - HKU\S-1-5-21-1791516072-1313480856-604069369-6105..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1791516072-1313480856-604069369-6105..\Run: [Screenshot Captor] C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe (DonationCoder)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\vachez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\vachez\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\vachez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkypeLauncher.lnk = C:\Program Files\SkypeLauncher\SkypeLauncher.exe (binaerkombinat)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1791516072-1313480856-604069369-6105\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {59D8A93A-CA6A-4F2B-9398-2E620678726F} http://pntbpc01/osoft/installation/OSoftDiag.CAB (ClientDiag.OSoftDiagnostic)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FB1A5DF-578D-4302-BDD7-9E92BE61CA30} http://pntbpc01/osoft/installation/OSoftInst.CAB (ClientInstallControl.OSoftInstall)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pyrotek-inc.webex.com/client/T2 ... atgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.100.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pyrotek-europe.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\rkotrem: DllName - rkotrem.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2011/01/17 16:42:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vachez\Desktop\OTL.exe
[2011/01/17 16:31:10 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/01/17 14:55:37 | 000,000,000 | ---D | C] -- C:\Users\vachez\AppData\Roaming\Malwarebytes
[2011/01/17 14:55:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/17 14:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/17 14:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/17 14:55:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/17 14:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/17 14:36:06 | 000,000,000 | ---D | C] -- C:\Users\vachez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2011/01/17 13:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/17 13:35:02 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/17 08:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/14 15:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
[2011/01/14 15:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Xiph.Org
[2011/01/14 15:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\piPOol
[2011/01/06 21:34:13 | 000,000,000 | ---D | C] -- C:\Users\vachez\AppData\Roaming\ScanSpyware
[2011/01/06 13:16:21 | 000,000,000 | ---D | C] -- C:\Users\vachez\AppData\Local\ESET
[2011/01/04 11:59:53 | 000,000,000 | ---D | C] -- C:\Users\vachez\AppData\Local\WebEx
[2011/01/04 10:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebEx
[2011/01/04 10:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2011/01/01 17:34:37 | 000,000,000 | ---D | C] -- C:\Users\vachez\AppData\Roaming\Hewlett-Packard
[2010/12/31 10:35:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/12/29 13:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sharp World Clock
[2010/12/29 13:02:39 | 000,000,000 | ---D | C] -- C:\Users\vachez\AppData\Local\IsolatedStorage
[2010/12/29 12:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\ActiveEarth 2.0
[2010/12/29 12:53:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/12/23 21:29:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/12/23 21:29:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/12/23 21:29:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/12/21 09:48:39 | 000,000,000 | --SD | C] -- C:\Users\vachez\Documents\My Data Sources
[2010/12/19 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\LightScribe
[2010/12/19 20:25:45 | 000,000,000 | ---D | C] -- C:\Users\vachez\Documents\My SureThing Projects
[2010/12/19 20:25:43 | 000,000,000 | ---D | C] -- C:\Users\vachez\AppData\Local\MicroVision Applications
[2010/12/19 20:25:26 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll
[2010/12/19 20:25:26 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2010/12/19 20:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2010/12/19 14:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/05/22 06:14:39 | 000,256,560 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010/05/22 06:14:39 | 000,213,040 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[13 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/17 16:42:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vachez\Desktop\OTL.exe
[2011/01/17 16:40:45 | 000,020,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 16:40:45 | 000,020,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 16:32:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/17 16:31:50 | 2407,952,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/17 15:36:07 | 000,002,042 | -H-- | M] () -- C:\Users\vachez\Documents\Default.rdp
[2011/01/17 14:55:32 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/16 19:53:39 | 000,400,435 | ---- | M] () -- C:\Users\vachez\Documents\Krasicka byt 134095_klient.pdf
[2011/01/15 20:22:52 | 000,659,618 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/15 20:22:52 | 000,123,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/06 22:33:04 | 000,000,805 | ---- | M] () -- C:\Windows\ScanSpyware.INI
[2011/01/06 18:20:04 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/01/06 18:20:04 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/01/06 18:20:04 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/01/06 18:09:59 | 188,139,250 | ---- | M] () -- C:\Users\vachez\Documents\Full_Reg_Bckup.reg
[2011/01/06 18:09:59 | 188,139,250 | ---- | M] () -- C:\Users\vachez\Desktop\Full_Reg_Bckup.reg
[2011/01/03 14:47:46 | 001,393,664 | ---- | M] () -- C:\Users\vachez\Documents\Rpt Monthly Trend_24months.xls
[2010/12/21 08:33:27 | 000,026,624 | ---- | M] () -- C:\Users\vachez\Documents\expenses.xls
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 16:52:35 | 000,000,162 | -H-- | M] () -- C:\Users\vachez\Desktop\~$counting for Currency Gain & Loss.docx
[2010/12/20 08:15:20 | 000,576,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[13 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/17 14:55:32 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/16 19:53:39 | 000,400,435 | ---- | C] () -- C:\Users\vachez\Documents\Krasicka byt 134095_klient.pdf
[2011/01/06 22:33:04 | 000,000,805 | ---- | C] () -- C:\Windows\ScanSpyware.INI
[2011/01/06 18:29:09 | 188,139,250 | ---- | C] () -- C:\Users\vachez\Documents\Full_Reg_Bckup.reg
[2011/01/06 18:09:50 | 188,139,250 | ---- | C] () -- C:\Users\vachez\Desktop\Full_Reg_Bckup.reg
[2011/01/03 14:04:53 | 001,393,664 | ---- | C] () -- C:\Users\vachez\Documents\Rpt Monthly Trend_24months.xls
[2010/12/20 16:52:35 | 000,000,162 | -H-- | C] () -- C:\Users\vachez\Desktop\~$counting for Currency Gain & Loss.docx
[2010/12/14 15:39:03 | 000,000,058 | ---- | C] () -- C:\Users\vachez\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010/12/03 10:40:51 | 000,000,094 | ---- | C] () -- C:\Users\vachez\AppData\Local\fusioncache.dat
[2010/11/16 10:57:05 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2010/11/16 10:57:05 | 000,000,222 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2010/11/16 10:55:16 | 000,000,135 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2010/11/16 10:54:47 | 000,000,774 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2010/11/16 10:23:13 | 000,002,345 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/16 09:09:22 | 000,000,000 | ---- | C] () -- C:\Users\vachez\AppData\Local\QSwitch.txt
[2010/11/16 09:09:22 | 000,000,000 | ---- | C] () -- C:\Users\vachez\AppData\Local\DSwitch.txt
[2010/11/16 09:09:22 | 000,000,000 | ---- | C] () -- C:\Users\vachez\AppData\Local\AtStart.txt
[2010/11/16 08:59:18 | 000,017,871 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/29 23:42:20 | 000,000,076 | ---- | C] () -- C:\Windows\notes.ini
[2010/06/10 19:26:58 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/06/08 01:47:34 | 000,408,168 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll
[2010/05/26 00:30:40 | 000,000,161 | ---- | C] () -- C:\Windows\System32\HPWA.ini
[2010/05/22 06:14:39 | 001,758,464 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010/05/22 06:14:39 | 000,034,480 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010/05/22 06:14:39 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010/02/19 17:43:00 | 000,000,256 | ---- | C] () -- C:\Windows\System32\vcsAPIShared.dll.hpsign
[2009/08/03 23:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini

========== LOP Check ==========

[2010/11/17 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Autodesk
[2010/12/14 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\DonationCoder
[2011/01/17 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Dropbox
[2010/12/08 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\GHISLER
[2010/12/03 14:11:12 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\ICAClient
[2010/12/01 22:02:33 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\QIP
[2011/01/06 22:34:24 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\ScanSpyware
[2011/01/04 22:05:03 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\webex
[2010/11/27 00:09:28 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Wi-Fi Sync
[2010/12/29 13:41:01 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"LightScribe Control Panel" = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -- [2010/08/16 21:45:02 | 002,736,128 | ---- | M] (Hewlett-Packard Company)
"Backblaze" = "C:\Program Files\Backblaze\bzbui.exe" -quiet -- [2010/11/16 13:45:24 | 000,529,704 | ---- | M] ()
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010/10/11 16:49:48 | 014,940,040 | R--- | M] (Skype Technologies S.A.)
"Screenshot Captor" = "C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun -- [2010/11/18 03:26:58 | 006,392,832 | ---- | M] (DonationCoder)
"RESTART_STICKY_NOTES" = C:\Windows\System32\StikyNot.exe -- [2009/07/14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation)
"PTIM.exe" = C:\Program Files\WebEx\Productivity Tools\PTIM.exe -- [2010/11/01 19:54:40 | 000,336,184 | ---- | M] (Cisco WebEx LLC)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/11/16 09:22:37 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Adobe
[2010/11/26 23:45:48 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Apple Computer
[2010/11/17 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Autodesk
[2010/12/14 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\DonationCoder
[2011/01/17 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Dropbox
[2010/12/08 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\GHISLER
[2011/01/01 18:16:56 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Hewlett-Packard
[2010/11/16 12:02:34 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\HP
[2011/01/01 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\hpqLog
[2011/01/15 10:16:00 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\HpUpdate
[2010/12/03 14:11:12 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\ICAClient
[2010/11/16 09:09:07 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Identities
[2010/11/17 21:56:16 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Logitech
[2010/11/16 09:10:29 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Macromedia
[2011/01/17 14:55:37 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Malwarebytes
[2009/07/14 08:20:18 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Media Center Programs
[2011/01/12 11:10:41 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Media Player Classic
[2010/12/21 09:48:39 | 000,000,000 | --SD | M] -- C:\Users\vachez\AppData\Roaming\Microsoft
[2010/11/17 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Mozilla
[2010/12/01 22:02:33 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\QIP
[2011/01/06 22:34:24 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\ScanSpyware
[2011/01/17 16:35:31 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Skype
[2011/01/17 16:00:00 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\skypePM
[2011/01/04 22:05:03 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\webex
[2010/11/27 00:09:28 | 000,000,000 | ---D | M] -- C:\Users\vachez\AppData\Roaming\Wi-Fi Sync

< %APPDATA%\*.exe /s >
[2010/12/17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\vachez\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010/12/17 03:24:34 | 000,153,176 | ---- | M] (Dropbox, Inc.) -- C:\Users\vachez\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010/11/17 21:55:33 | 000,010,134 | R--- | M] () -- C:\Users\vachez\AppData\Roaming\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
[2010/11/17 21:55:25 | 000,010,134 | R--- | M] () -- C:\Users\vachez\AppData\Roaming\Microsoft\Installer\{C89C8D86-4423-4A58-AA40-DD259ACE07C1}\ARPPRODUCTICON.exe


< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_2a08db1f70fe2af8\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_5de92ce2616f0111\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_6f03dc4684b4aef0\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_dd2bf0ef82c7be83\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_dd01b18982e7479e\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_ddb1bfd49be72b9f\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_dde1cf9a9bc40507\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_dda3f0f09bf1f8b2\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/10/01 08:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\System32\autochk.exe
[2009/10/01 08:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.20538_none_e28cf2983c0715a1\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTOR.SYS >
[2010/04/05 17:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2010/04/05 17:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\Windows\System32\drivers\iaStor.sys
[2010/04/05 17:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_051822fa83a754a3\iaStor.sys
[2010/04/05 17:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_edff5f7f3a6a240c\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/05/12 10:05:35 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\System32\drivers\iaStorV.sys
[2010/05/12 10:05:35 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_c9199d57075f47a9\iaStorV.sys
[2010/05/12 10:05:35 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/05/12 10:20:41 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009/07/14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/05/12 10:20:52 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=841339E8B477F52311C5A7AFD5AA2388 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvraid.sys
[2010/05/12 10:05:45 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=D71FEB6FCB0912EB238F0CFE5CB085B8 -- C:\Windows\System32\drivers\nvraid.sys
[2010/05/12 10:05:45 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=D71FEB6FCB0912EB238F0CFE5CB085B8 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_c09ee40f078b4594\nvraid.sys
[2010/05/12 10:05:45 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=D71FEB6FCB0912EB238F0CFE5CB085B8 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2010/05/12 10:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\System32\drivers\nvstor.sys
[2010/05/12 10:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_c09ee40f078b4594\nvstor.sys
[2010/05/12 10:05:45 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2010/05/12 10:20:52 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009/07/14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/06/14 07:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll
[2010/09/08 05:28:01 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[13 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll
[2010/09/08 05:28:01 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[13 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011/01/17 16:40:45 | 000,020,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 16:40:45 | 000,020,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 16:32:20 | 000,000,044 | ---- | M] () -- C:\Windows\System32\log.txt
[2011/01/15 20:22:52 | 000,123,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/15 20:22:52 | 000,659,618 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/15 20:22:52 | 000,789,634 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[13 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 17:05
od vas.heza
Extras.txt - 1. cast


OTL Extras logfile created on: 1/17/2011 4:44:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\vachez\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.41 Gb Total Space | 349.28 Gb Free Space | 75.05% Space Free | Partition Type: NTFS

Computer Name: MILVACHEZ | User Name: vachez | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1791516072-1313480856-604069369-6105\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- %SystemRoot%\system32\cmd.exe /k cd /d "%L" & Title Command Prompt (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 17:07
od vas.heza
2. cast

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312
"{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E4AC948-E542-40E7-8A4A-7F89E0811AE5}" = WebEx Productivity Tools
"{1C292266-E054-4090-84D5-869649E4F9C7}" = HP Power Data
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D30D92F-AD5C-428F-8029-5A913104F262}" = hppTLBXFXCM1312
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34D6AD5A-C03D-45FF-AA8A-8B306E01B96D}" = FortiClient Endpoint Security
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76D6189D-1532-0400-0000-DFC2EE337EAC}" = Autodesk Inventor View 2011
"{76D6189D-1532-0400-0001-DFC2EE337EAC}" = Autodesk Inventor View 2011 English Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78365FC6-09CA-4AC3-BC01-70FB46596047}" = Validity Fingerprint Driver
"{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312
"{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}" = WMPTagSupportExtender
"{7BDA669F-7154-4EDE-A426-BAD34EFF1702}" = .print Client Windows (ICA)
"{84B70C16-7032-41EE-965C-3C8D9D566CBB}" = Symantec Endpoint Protection
"{86BBD345-0CE6-4AB1-8ADE-FB12D86EAB90}" = 32 Bit HP CIO Components Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 5.1
"{8F7A766B-9E2E-4895-B4B2-958D035F09B9}" = Autodesk Design Review DGN Importer
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{A34DCE59-0004-0000-2084-3F8A9926B752}" = FortiClient SSL VPN v4.0.2084
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7285D92-27EE-4D91-AB57-5EF326B572C6}" = hpzTLBXFX
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312
"{B962DFD6-45C1-49D8-AEBA-197BF6576D29}" = HP Wireless Assistant
"{BA3A0273-4E98-47A2-BCE9-4D3C1C4C4792}" = HP ESU for Microsoft Windows 7
"{C02A47C0-8F30-4193-88E6-957FB8AFE4CA}" = HP SoftPaq Download Manager
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEEECCDA-D9BB-4DDC-9CA8-2A6ECC49131C}" = Intel(R) Network Connections 15.4.89.0
"{E11DFB27-BAF4-46D6-AD76-D5519C0E6786}" = Lotus Notes 8.5.2
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBC3147B-36BE-4846-9A3D-0C6292B78350}" = hppPQVideoCM1312
"{EC8753EF-EE78-48B5-A4D0-FBBD237B5D53}" = SAP Business Planning and Consolidation for Office Client
"{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F4C0A7CD-3A4C-4275-9CF1-9CD5136E2FE2}" = Autodesk Design Review JT Importer
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"0973B297E079B467E3776E59F763D63FD557795B" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Inventor View 2011" = Autodesk Inventor View 2011 English
"Autodesk Inventor View 2011 SP1" = Autodesk Inventor View 2011 SP1
"Backblaze" = Backblaze
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"DWG TrueView 2011" = DWG TrueView 2011
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist Corporate
"HP Battery Check" = HP Battery Check
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"Lexicon 4.0" = Lingea Lexicon 2002
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"PDF Complete" = PDF Complete Special Edition
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel(R) Network Connections 15.4.89.0
"ScreenshotCaptor_is1" = Screenshot Captor 2.89.01
"SkypeLauncher" = SkypeLauncher
"Stanza" = Stanza
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Wi-Fi Sync" = Wi-Fi Sync
"WZCLINE" = WinZip Command Line Support Add-On 3.2

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 17:10
od vas.heza
3. cast - dam pozdeji (cca 40 min) - nejak mi pri tom pada firefox (offline) a nevim proc, kdyz ostatni net bezi normalne.

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 17:11
od vyosek
:arrow: V pohode, ta uz neni treba - je tam jen vypis nainstalovanych veci...Hlavni byl log.txt a zacatek extras.

:arrow: Spustte znovu OTL
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    :otl
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
[2010/12/01 21:20:44 | 000,001,741 | ---- | M] () -- C:\Users\vachez\AppData\Roaming\Mozilla\Firefox\Profiles\7bk6srs8.default\searchplugins\ask.uk.xml
[2010/12/01 22:02:18 | 000,002,062 | ---- | M] () -- C:\Users\vachez\AppData\Roaming\Mozilla\Firefox\Profiles\7bk6srs8.default\searchplugins\qip-search.xml
O2 - BHO: (no name) - {395610AE-C624-4f58-B89E-23733EA00F9A} - No CLSID value found.
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\vachez\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O4 - HKLM..\Run: [] File not found
O13 - gopher Prefix: missing
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\rkotrem: DllName - rkotrem.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[13 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
""=-
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
 
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
  • Nasledne kliknete na Opravit
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 18:24
od vas.heza
All processes killed
========== OTL ==========
Prefs.js: "QIP Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.qip.ru/search?from=FF&query=" removed from keyword.URL
C:\Users\vachez\AppData\Roaming\Mozilla\Firefox\Profiles\7bk6srs8.default\searchplugins\ask.uk.xml moved successfully.
C:\Users\vachez\AppData\Roaming\Mozilla\Firefox\Profiles\7bk6srs8.default\searchplugins\qip-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{395610AE-C624-4f58-B89E-23733EA00F9A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
C:\Users\vachez\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rkotrem\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\System32\SET11E1.tmp deleted successfully.
C:\Windows\System32\SET1F3.tmp deleted successfully.
C:\Windows\System32\SET5F77.tmp deleted successfully.
C:\Windows\System32\SET6A26.tmp deleted successfully.
C:\Windows\System32\SET835A.tmp deleted successfully.
C:\Windows\System32\SET8BAE.tmp deleted successfully.
C:\Windows\System32\SETA7D0.tmp deleted successfully.
C:\Windows\System32\SETB413.tmp deleted successfully.
C:\Windows\System32\SETCEE9.tmp deleted successfully.
C:\Windows\System32\SETD714.tmp deleted successfully.
C:\Windows\System32\SETF240.tmp deleted successfully.
C:\Windows\System32\SETF765.tmp deleted successfully.
C:\Windows\System32\SETFAC4.tmp deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian\ deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD48E.tmp folder moved successfully.
C:\Windows\Installer\MSI15C5.tmp moved successfully.
C:\Windows\Installer\MSI2F50.tmp moved successfully.
C:\Windows\Installer\MSI3BF0.tmp moved successfully.
C:\Windows\Installer\MSI3FA5.tmp moved successfully.
C:\Windows\Installer\MSI918F.tmp moved successfully.
C:\Windows\Installer\MSI9999.tmp moved successfully.
C:\Windows\Installer\MSIAD75.tmp moved successfully.
C:\Windows\Installer\MSIC62.tmp moved successfully.
C:\Windows\Installer\MSIE4C9.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\f2f5a3c7981a325c95b8845ee00ab46d\BIT5992.tmp moved successfully.
File move failed. C:\Windows\Temp\nsd_tmp_2656.tmp scheduled to be moved on reboot.
C:\Windows\Temp\nsd_tmp_2688.tmp moved successfully.
C:\Windows\Temp\nsd_tmp_2884.tmp moved successfully.
C:\Windows\Temp\nsd_tmp_2968.tmp moved successfully.
C:\Windows\Temp\nsd_tmp_3056.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Licenced User
->Temp folder emptied: 225277 bytes
->Temporary Internet Files folder emptied: 1663080 bytes
->Java cache emptied: 0 bytes

User: Public

User: vachez
->Temp folder emptied: 147599612 bytes
->Temporary Internet Files folder emptied: 31887982 bytes
->Java cache emptied: 148777 bytes
->FireFox cache emptied: 56153877 bytes
->Flash cache emptied: 6408 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19981 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 227.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Licenced User

User: Public

User: vachez
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.2 log created on 01172011_181947

Files\Folders moved on Reboot...
File\Folder C:\Windows\Temp\nsd_tmp_2656.tmp not found!

Registry entries deleted on Reboot...

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 18:29
od vyosek
Jak se chova PC :???:

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 18:48
od vas.heza
restart, mene aplikaci v task managerovi. ale IE se zda porad nestabilni (prvni spusteni bez odezvy a spousti se 2x v task managerovi). diky za trpelivost. combofix radeji nezkousim aby zase nespadl pc

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 18:50
od vyosek
Mate instalacni DVD od windows, zkusil bych opravnou instalaci...

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 18:55
od vas.heza
jojo, diky, zkusim preinstalovat. ale virem nebo nejakou haveti by to byt uz nemelo ze?

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 18:56
od vyosek
Havet by tam byt nemela...ja nemel na mysli kompletni preinstalovani Windows, ale jen opravnou instalaci - data by Vam zustala - navod mame zde http://www.viry.cz/forum/viewtopic.php?f=46&t=106339

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 17 led 2011 22:46
od vas.heza
moc diky za pomoc, po oprave vypada, ze se IE chova normalne...nicmene uvidime zitra. jeste jednou diky

Re: vicenasobny iexplore.exe + jeho padani

Napsal: 18 led 2011 05:06
od vyosek
dobre, pc sledujte a napiste...
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz