VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Win 7 Security 2012

https://forum.viry.cz:443/viewtopic.php?t=118275

Stránka 2 z 2

Re: Win 7 Security 2012

Napsal: 02 led 2012 12:07
od Abcak
už to mam vyřešený
on ten takzvanej antispyware byl celý vir...
PC už mi jde v pohodě

Re: Win 7 Security 2012

Napsal: 02 led 2012 15:31
od Abcak
OTL logfile created on: 2.1.2012 15:19:18 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pavel\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,81% Memory free
3,98 Gb Paging File | 2,81 Gb Available in Paging File | 70,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,81 Gb Total Space | 171,33 Gb Free Space | 57,53% Space Free | Partition Type: NTFS

Computer Name: PAVEL-PC | User Name: Pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.02 15:03:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
PRC - [2012.01.01 22:31:22 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2012.01.01 22:31:20 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011.11.28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011.08.15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.03 16:47:58 | 000,141,368 | ---- | M] (Software602) -- C:\Program Files\Software602\Print2PDF\Print2PDF.exe
PRC - [2010.08.25 07:49:20 | 000,049,152 | ---- | M] (UltiDev LLC) -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
PRC - [2010.07.22 14:18:08 | 002,636,800 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\OscarEditor.exe
PRC - [2010.04.14 10:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.10.30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009.09.02 16:29:58 | 000,218,384 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.01 22:31:20 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2010.12.02 01:13:18 | 000,214,528 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\Software602.dll
MOD - [2010.07.22 14:18:08 | 002,636,800 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\OscarEditor.exe
MOD - [2010.06.01 11:41:38 | 000,098,816 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_MouseDeviceManager.dll
MOD - [2010.05.07 23:05:57 | 000,042,496 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\Data\X7\Forms\OSD_Text\OSD_Text.dll
MOD - [2010.04.03 11:37:14 | 000,127,488 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_Wheel4D.dll
MOD - [2010.04.03 11:37:09 | 000,094,208 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_ZoomControl.dll
MOD - [2010.04.03 11:37:07 | 000,062,976 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_ScrollbarControl.dll
MOD - [2010.04.03 11:37:02 | 000,069,632 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_AnalyzeGesturesInRight.dll
MOD - [2010.04.03 11:36:58 | 000,069,632 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_AnalyzeGesturesInOne.dll
MOD - [2007.10.02 14:41:38 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)
SRV - [2012.01.01 22:31:22 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010.08.25 07:49:20 | 000,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2010.06.26 23:06:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.14 10:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011.10.04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.09.13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.07.11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.07.11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.07.11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.07.04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 12:32:32 | 000,025,432 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 12:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.07.04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.11.19 10:23:10 | 000,914,816 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2010.07.28 11:09:12 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2008.09.17 13:36:26 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2008.05.02 09:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 09:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 09:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.01.19 05:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2006.03.01 18:51:15 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.02.21 13:48:05 | 000,049,664 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.02.14 15:48:36 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2612669
IE - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ea614400-e918-4741-9a97-7a972ff7c30b}:2.0.10
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.7.108
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?clien ... e=en_US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.01.02 08:47:56 | 000,000,000 | ---D | M]

[2011.12.31 21:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Extensions
[2010.06.25 23:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.01.01 22:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions
[2010.12.16 17:23:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.16 17:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}12162010172328
[2012.01.01 22:31:39 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions\avg@toolbar
[2010.08.27 19:40:02 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions\battlefieldheroespatcher@ea.com
[2010.08.29 10:58:22 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions\radiobar@toolbar
[2010.10.18 14:00:43 | 000,002,252 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\searchplugins\askcom.xml
[2010.10.19 16:32:33 | 000,000,950 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\searchplugins\icqplugin-1.xml
[2010.09.16 21:38:12 | 000,000,950 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\searchplugins\icqplugin-2.xml
[2010.06.27 10:11:15 | 000,000,168 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\searchplugins\icqplugin.gif
[2010.06.27 10:11:15 | 000,000,618 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\searchplugins\icqplugin.src
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\searchplugins\icqplugin.xml
[2011.12.31 21:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.26 12:30:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
File not found (No name found) -- C:\USERS\PAVEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8VXYQXNO.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2011.07.04 22:39:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012.01.01 17:02:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Print2PDF Print Monitor] C:\Program Files\Software602\Print2PDF\Print2PDF.exe (Software602)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002..\Run: [OscarEditor] C:\Program Files\OSCAR Editor X7\OscarEditor.exe ()
O4 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002..\Run: [RemoTerm.exe] C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe (PCTV Systems S.à r.l.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1F60D0D-1FC3-40AD-9BBB-1940E6023D17}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012.01.02 15:03:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
[2012.01.02 14:40:08 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Malwarebytes
[2012.01.02 14:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.02 14:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.02 14:40:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.02 14:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.02 14:25:37 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Desktop\RK_Quarantine
[2012.01.01 22:33:12 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\AVG2012
[2012.01.01 22:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012.01.01 22:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.01.01 22:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.01.01 22:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.01.01 22:25:49 | 161,523,848 | ---- | C] (AVG Technologies) -- C:\Users\Pavel\Desktop\avg_free_x86_all_2012_1834a4565.exe
[2012.01.01 22:24:22 | 000,317,200 | ---- | C] (AVAST Software) -- C:\Users\Pavel\Desktop\aswclear.exe
[2012.01.01 21:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2012.01.01 21:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.01.01 18:32:24 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Pavel\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.01 17:49:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.01.01 17:04:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.01 17:04:25 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Local\temp
[2011.12.31 17:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2011.12.31 15:53:08 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Local\Application Data
[2011.12.29 19:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TopCD
[2011.12.29 12:40:40 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Creative Assembly
[2011.12.27 00:25:36 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\DivX
[2011.12.25 01:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sanny Builder 3
[2011.12.22 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.12.22 19:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011.12.18 18:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.12.17 15:46:44 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Local\PCTV Systems
[2011.12.17 15:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTV Systems
[2011.12.17 15:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\PCTV Systems
[2011.12.17 15:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCTV Systems
[2011.12.17 15:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PCTV Systems
[2011.12.17 15:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011.12.17 15:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.12.14 13:41:13 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.12.14 13:41:13 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 13:41:13 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.14 13:41:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.14 13:41:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 13:41:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.14 13:41:12 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 13:41:12 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.14 13:41:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 13:41:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 13:41:12 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.14 13:41:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.12.14 13:39:46 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 13:39:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 13:39:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 13:39:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 13:39:34 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 13:39:34 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.09 18:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011.12.09 18:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011.12.09 18:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011.12.03 16:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2011.12.03 16:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2011.12.03 16:01:10 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Desktop\GTA
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.02 15:03:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
[2012.01.02 14:40:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.02 14:37:32 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012.01.02 14:35:19 | 000,776,704 | ---- | M] () -- C:\Users\Pavel\Desktop\RogueKiller.exe
[2012.01.02 14:28:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.02 14:20:44 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.02 14:20:44 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.02 14:19:44 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.02 14:17:44 | 000,634,308 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.01.02 14:17:44 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.02 14:17:44 | 000,122,898 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.01.02 14:17:44 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.02 14:13:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.02 14:13:28 | 1602,347,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.02 08:47:57 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.01.02 08:44:14 | 085,707,157 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.01.01 22:28:25 | 161,523,848 | ---- | M] (AVG Technologies) -- C:\Users\Pavel\Desktop\avg_free_x86_all_2012_1834a4565.exe
[2012.01.01 22:24:22 | 000,317,200 | ---- | M] (AVAST Software) -- C:\Users\Pavel\Desktop\aswclear.exe
[2012.01.01 21:59:12 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.01.01 19:28:57 | 000,006,656 | ---- | M] () -- C:\Users\Pavel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.01 19:20:53 | 000,008,792 | -HS- | M] () -- C:\Users\Pavel\AppData\Local\8q5c12m22degs6fvao0u6t5lk47ml5686550lp
[2012.01.01 19:20:53 | 000,008,792 | -HS- | M] () -- C:\ProgramData\8q5c12m22degs6fvao0u6t5lk47ml5686550lp
[2012.01.01 18:22:38 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Pavel\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.01 17:02:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.01.01 15:52:24 | 000,011,390 | -HS- | M] () -- C:\Users\Pavel\AppData\Local\v4i7rk6gq0374i6162f0a3o28lp28gpxxrqu33
[2012.01.01 15:52:24 | 000,011,390 | -HS- | M] () -- C:\ProgramData\v4i7rk6gq0374i6162f0a3o28lp28gpxxrqu33
[2011.12.31 21:12:02 | 000,502,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.31 17:33:08 | 000,000,611 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2011.12.31 15:54:43 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.12.21 13:08:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.18 18:49:48 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.12.18 18:49:48 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.12.17 15:40:58 | 000,002,431 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vyhledat aktualizace.lnk
[2011.12.17 15:40:58 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\TVCenter.lnk
[2011.12.15 19:03:34 | 000,619,898 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.06 23:46:00 | 000,000,590 | ---- | M] () -- C:\Users\Pavel\Documents\cc_20111206_234557.reg
[2011.12.06 23:45:46 | 000,017,316 | ---- | M] () -- C:\Users\Pavel\Documents\cc_20111206_234541.reg
[2011.12.03 16:57:33 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.02 14:40:01 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.02 14:25:25 | 000,776,704 | ---- | C] () -- C:\Users\Pavel\Desktop\RogueKiller.exe
[2012.01.01 22:31:39 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.01.01 21:59:12 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.01.01 19:19:17 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012.01.01 17:45:13 | 000,008,792 | -HS- | C] () -- C:\Users\Pavel\AppData\Local\8q5c12m22degs6fvao0u6t5lk47ml5686550lp
[2012.01.01 17:45:13 | 000,008,792 | -HS- | C] () -- C:\ProgramData\8q5c12m22degs6fvao0u6t5lk47ml5686550lp
[2011.12.31 20:52:24 | 000,011,390 | -HS- | C] () -- C:\Users\Pavel\AppData\Local\v4i7rk6gq0374i6162f0a3o28lp28gpxxrqu33
[2011.12.31 20:52:24 | 000,011,390 | -HS- | C] () -- C:\ProgramData\v4i7rk6gq0374i6162f0a3o28lp28gpxxrqu33
[2011.12.31 17:33:08 | 000,000,611 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2011.12.18 18:49:48 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.12.17 15:41:40 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.12.17 15:40:58 | 000,002,431 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vyhledat aktualizace.lnk
[2011.12.17 15:40:58 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\TVCenter.lnk
[2011.12.09 18:48:55 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.12.06 23:45:59 | 000,000,590 | ---- | C] () -- C:\Users\Pavel\Documents\cc_20111206_234557.reg
[2011.12.06 23:45:44 | 000,017,316 | ---- | C] () -- C:\Users\Pavel\Documents\cc_20111206_234541.reg
[2011.07.31 15:57:02 | 000,025,432 | ---- | C] () -- C:\Windows\System32\drivers\aswRdr.sys
[2011.07.24 14:40:44 | 000,016,864 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.07.01 21:03:48 | 000,006,656 | ---- | C] () -- C:\Users\Pavel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.25 18:03:44 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.08.24 07:12:54 | 000,000,500 | ---- | C] () -- C:\Windows\eReg.dat
[2010.08.02 16:31:19 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.08.02 07:42:11 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.02 07:42:11 | 000,138,056 | ---- | C] () -- C:\Users\Pavel\AppData\Roaming\PnkBstrK.sys
[2010.08.02 07:41:50 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.08.02 07:41:46 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.08.02 07:41:46 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.07.03 19:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.29 18:06:08 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.11.18 10:26:38 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.11.18 10:01:47 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2009.07.14 09:44:22 | 000,634,308 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.07.14 09:44:22 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.07.14 09:44:22 | 000,122,898 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.07.14 09:44:22 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,502,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.17 23:30:06 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.17 23:30:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.09.06 01:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007.08.23 17:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2011.03.17 19:38:20 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\602Installer
[2011.03.17 19:38:23 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\602XML
[2011.07.21 17:21:14 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\AVG10
[2010.10.18 15:57:44 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\IrfanView
[2011.02.02 22:59:20 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\SoftGate
[2011.07.18 13:44:41 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\AVG10
[2012.01.01 22:33:12 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\AVG2012
[2011.11.07 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\AVI ReComp
[2010.09.12 17:56:19 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\DAEMON Tools Lite
[2011.07.13 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\go
[2011.10.20 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Hornil
[2012.01.02 14:12:06 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\ICQ
[2011.01.24 19:02:31 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\IrfanView
[2011.09.21 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Jane s Hotel 3
[2010.07.03 20:43:39 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Leadertech
[2011.12.31 11:17:39 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Opera
[2011.09.11 15:57:42 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Red Alert 3
[2011.09.10 21:44:55 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Red Alert 3 Demo
[2011.11.09 16:51:31 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Serif
[2010.12.21 08:23:54 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\SoftGate
[2011.05.14 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\TS3Client
[2010.06.26 16:58:06 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Vivox
[2011.11.18 08:05:42 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 424 bytes -> C:\Users\Pavel\Documents\Publikace2.ppp:SummaryInformation

< End of report >

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.0.1800
www.malwarebytes.org

Verze databáze: v2012.01.02.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Pavel :: PAVEL-PC [administrátor]

Ochrana: Povolena

2.1.2012 14:42:15
mbam-log-2012-01-02 (14-42-15).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 187951
Uplynulý čas: 3 minut, 21 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)


RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Pavel [Admin rights]
Mode: Remove -- Date : 01/02/2012 14:37:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Users\Pavel\AppData\Local\xxw.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> REPLACED ("")
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\Pavel\AppData\Local\upl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED ("" -safe-mode)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] d59a836cdf7fd4f24f6304e5f7f79c88
[BSP] b1c16881d27939723d03c67655b4e32b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 296 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 581632 | Size: 319772 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Re: Win 7 Security 2012

Napsal: 02 led 2012 16:20
od Abcak
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3654916310-1201210475-2310256920-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3654916310-1201210475-2310256920-1002_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3654916310-1201210475-2310256920-1002_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

OTL by OldTimer - Version 3.2.31.0 log created on 01022012_161955

Re: Win 7 Security 2012

Napsal: 02 led 2012 18:30
od Abcak
pokud nebude moc odborná tak bych to mohl zvládnout

Re: Win 7 Security 2012

Napsal: 02 led 2012 19:00
od Abcak
tak s tímhle si neporadím, a ani z překladače nejsem moudřejší

Re: Win 7 Security 2012

Napsal: 02 led 2012 20:53
od Abcak
byly tam dva a oba vysoké závažnosti
máš kvalitní paranoju

Re: Win 7 Security 2012

Napsal: 04 led 2012 13:46
od Abcak
OTL logfile created on: 4.1.2012 13:37:59 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pavel\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,69% Memory free
3,98 Gb Paging File | 2,71 Gb Available in Paging File | 68,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,81 Gb Total Space | 167,92 Gb Free Space | 56,39% Space Free | Partition Type: NTFS
Drive F: | 931,28 Gb Total Space | 284,71 Gb Free Space | 30,57% Space Free | Partition Type: FAT32

Computer Name: PAVEL-PC | User Name: Pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.02 15:03:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,127,192 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.10.26 16:29:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011.10.26 16:22:02 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011.10.19 11:18:26 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.10.19 11:18:18 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011.08.15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.03 16:47:58 | 000,141,368 | ---- | M] (Software602) -- C:\Program Files\Software602\Print2PDF\Print2PDF.exe
PRC - [2010.08.25 07:49:20 | 000,049,152 | ---- | M] (UltiDev LLC) -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
PRC - [2010.07.22 14:18:08 | 002,636,800 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\OscarEditor.exe
PRC - [2010.04.14 10:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.09.02 16:29:58 | 000,218,384 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2010.12.02 01:13:18 | 000,214,528 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\Software602.dll
MOD - [2010.07.22 14:18:08 | 002,636,800 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\OscarEditor.exe
MOD - [2010.06.01 11:41:38 | 000,098,816 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_MouseDeviceManager.dll
MOD - [2010.05.07 23:05:57 | 000,042,496 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\Data\X7\Forms\OSD_Text\OSD_Text.dll
MOD - [2010.04.03 11:37:14 | 000,127,488 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_Wheel4D.dll
MOD - [2010.04.03 11:37:09 | 000,094,208 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_ZoomControl.dll
MOD - [2010.04.03 11:37:07 | 000,062,976 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_ScrollbarControl.dll
MOD - [2010.04.03 11:37:02 | 000,069,632 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_AnalyzeGesturesInRight.dll
MOD - [2010.04.03 11:36:58 | 000,069,632 | ---- | M] () -- C:\Program Files\OSCAR Editor X7\dll\DLL_AnalyzeGesturesInOne.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.28 19:01:23 | 000,127,192 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.10.26 16:29:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.10.19 11:18:26 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.08.25 07:49:20 | 000,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2010.06.26 23:06:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.14 10:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.28 18:54:38 | 000,111,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:53:22 | 000,195,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 18:26:19 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2011.10.19 11:18:14 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.05.07 17:51:28 | 000,455,256 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.11.19 10:23:10 | 000,914,816 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2010.07.28 11:09:12 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2008.09.17 13:36:26 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2008.05.02 09:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 09:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 09:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.01.19 05:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2006.03.01 18:51:15 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.02.21 13:48:05 | 000,049,664 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.02.14 15:48:36 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2645238
IE - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.01.02 18:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.02 16:29:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.03 17:51:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.04 22:39:44 | 000,000,000 | ---D | M]

[2011.12.31 21:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Extensions
[2010.06.25 23:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.01.01 22:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions
[2010.12.16 17:23:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.16 17:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}12162010172328
[2010.08.27 19:40:02 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions\battlefieldheroespatcher@ea.com
[2010.08.29 10:58:22 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions\radiobar@toolbar
[2012.01.03 17:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.26 12:30:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.17 06:06:17 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.04 22:39:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.17 03:57:21 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.12.17 03:57:21 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.12.17 03:57:21 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.12.17 03:57:21 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.12.17 03:57:21 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2012.01.01 17:02:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Print2PDF Print Monitor] C:\Program Files\Software602\Print2PDF\Print2PDF.exe (Software602)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002..\Run: [OscarEditor] C:\Program Files\OSCAR Editor X7\OscarEditor.exe ()
O4 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002..\Run: [RemoTerm.exe] C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe (PCTV Systems S.à r.l.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3654916310-1201210475-2310256920-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1F60D0D-1FC3-40AD-9BBB-1940E6023D17}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.31 17:50:56 | 000,000,023 | ---- | M] () - F:\autorun.inf.txt -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012.01.03 17:47:27 | 015,133,912 | ---- | C] (Mozilla) -- C:\Users\Pavel\Desktop\FirefoxSetup9.0cz.exe
[2012.01.03 17:10:19 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Documents\DonationCoder
[2012.01.03 17:10:19 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\DonationCoder
[2012.01.03 17:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenshotCaptor
[2012.01.03 17:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenshotCaptor
[2012.01.03 17:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DonationCoder
[2012.01.02 18:43:38 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Documents\ForceField Shared Files
[2012.01.02 18:43:36 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\CheckPoint
[2012.01.02 18:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2012.01.02 18:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012.01.02 18:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012.01.02 18:42:21 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.01.02 18:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012.01.02 16:42:05 | 000,111,320 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012.01.02 16:39:06 | 000,195,416 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012.01.02 16:39:04 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012.01.02 16:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.01.02 16:29:39 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.01.02 16:29:38 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.01.02 16:29:34 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.01.02 16:29:33 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.01.02 16:29:32 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.01.02 16:29:32 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.01.02 16:29:23 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.01.02 16:29:23 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.01.02 16:19:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.02 15:03:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
[2012.01.02 14:40:08 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Malwarebytes
[2012.01.02 14:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.02 14:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.02 14:40:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.02 14:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.02 14:25:37 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Desktop\RK_Quarantine
[2012.01.01 22:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012.01.01 22:25:49 | 161,523,848 | ---- | C] (AVG Technologies) -- C:\Users\Pavel\Desktop\avg_free_x86_all_2012_1834a4565.exe
[2012.01.01 21:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2012.01.01 21:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.01.01 18:32:24 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Pavel\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.01 17:49:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.01.01 17:04:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.01 17:04:25 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Local\temp
[2011.12.31 17:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2011.12.31 15:53:08 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Local\Application Data
[2011.12.29 19:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TopCD
[2011.12.29 12:40:40 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Creative Assembly
[2011.12.27 00:25:36 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\DivX
[2011.12.25 01:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sanny Builder 3
[2011.12.22 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.12.22 19:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011.12.18 18:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.12.17 15:46:44 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Local\PCTV Systems
[2011.12.17 15:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTV Systems
[2011.12.17 15:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\PCTV Systems
[2011.12.17 15:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCTV Systems
[2011.12.17 15:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PCTV Systems
[2011.12.17 15:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011.12.17 15:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.12.14 13:41:13 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.12.14 13:41:13 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 13:41:13 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.14 13:41:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.14 13:41:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 13:41:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.14 13:41:12 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 13:41:12 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.14 13:41:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 13:41:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 13:41:12 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.14 13:41:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.12.14 13:39:46 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 13:39:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 13:39:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 13:39:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 13:39:34 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 13:39:34 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.09 18:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011.12.09 18:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011.12.09 18:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.04 13:36:21 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 13:36:21 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 13:33:14 | 000,634,308 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.01.04 13:33:14 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.04 13:33:14 | 000,122,898 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.01.04 13:33:14 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.04 13:31:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.04 13:28:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.04 13:27:53 | 1602,347,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.03 23:28:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.03 20:55:01 | 226,732,884 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.03 20:29:10 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.01.03 17:51:08 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.03 17:47:43 | 015,133,912 | ---- | M] (Mozilla) -- C:\Users\Pavel\Desktop\FirefoxSetup9.0cz.exe
[2012.01.03 17:10:19 | 000,000,058 | ---- | M] () -- C:\Users\Pavel\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.01.03 17:10:03 | 000,001,065 | ---- | M] () -- C:\Users\Pavel\Desktop\Screenshot Captor.lnk
[2012.01.02 18:48:16 | 000,415,859 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012.01.02 16:39:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.01.02 16:35:18 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.01.02 15:03:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
[2012.01.02 14:40:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.02 14:37:32 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012.01.02 14:35:19 | 000,776,704 | ---- | M] () -- C:\Users\Pavel\Desktop\RogueKiller.exe
[2012.01.01 22:28:25 | 161,523,848 | ---- | M] (AVG Technologies) -- C:\Users\Pavel\Desktop\avg_free_x86_all_2012_1834a4565.exe
[2012.01.01 21:59:12 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.01.01 19:28:57 | 000,006,656 | ---- | M] () -- C:\Users\Pavel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.01 19:20:53 | 000,008,792 | -HS- | M] () -- C:\Users\Pavel\AppData\Local\8q5c12m22degs6fvao0u6t5lk47ml5686550lp
[2012.01.01 19:20:53 | 000,008,792 | -HS- | M] () -- C:\ProgramData\8q5c12m22degs6fvao0u6t5lk47ml5686550lp
[2012.01.01 18:22:38 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Pavel\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.01 17:02:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.01.01 15:52:24 | 000,011,390 | -HS- | M] () -- C:\Users\Pavel\AppData\Local\v4i7rk6gq0374i6162f0a3o28lp28gpxxrqu33
[2012.01.01 15:52:24 | 000,011,390 | -HS- | M] () -- C:\ProgramData\v4i7rk6gq0374i6162f0a3o28lp28gpxxrqu33
[2011.12.31 21:12:02 | 000,502,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.31 17:33:08 | 000,000,611 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2011.12.21 13:08:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.18 18:49:48 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.12.18 18:49:48 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.12.17 15:40:58 | 000,002,431 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vyhledat aktualizace.lnk
[2011.12.17 15:40:58 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\TVCenter.lnk
[2011.12.15 19:03:34 | 000,619,898 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.06 23:46:00 | 000,000,590 | ---- | M] () -- C:\Users\Pavel\Documents\cc_20111206_234557.reg
[2011.12.06 23:45:46 | 000,017,316 | ---- | M] () -- C:\Users\Pavel\Documents\cc_20111206_234541.reg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.03 20:55:01 | 226,732,884 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.03 17:51:08 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.03 17:51:08 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.03 17:10:19 | 000,000,058 | ---- | C] () -- C:\Users\Pavel\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2012.01.03 17:10:03 | 000,001,065 | ---- | C] () -- C:\Users\Pavel\Desktop\Screenshot Captor.lnk
[2012.01.02 18:43:52 | 000,415,859 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012.01.02 16:35:18 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.01.02 14:40:01 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.02 14:25:25 | 000,776,704 | ---- | C] () -- C:\Users\Pavel\Desktop\RogueKiller.exe
[2012.01.01 21:59:12 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.01.01 19:19:17 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012.01.01 17:45:13 | 000,008,792 | -HS- | C] () -- C:\Users\Pavel\AppData\Local\8q5c12m22degs6fvao0u6t5lk47ml5686550lp
[2012.01.01 17:45:13 | 000,008,792 | -HS- | C] () -- C:\ProgramData\8q5c12m22degs6fvao0u6t5lk47ml5686550lp
[2011.12.31 20:52:24 | 000,011,390 | -HS- | C] () -- C:\Users\Pavel\AppData\Local\v4i7rk6gq0374i6162f0a3o28lp28gpxxrqu33
[2011.12.31 20:52:24 | 000,011,390 | -HS- | C] () -- C:\ProgramData\v4i7rk6gq0374i6162f0a3o28lp28gpxxrqu33
[2011.12.31 17:33:08 | 000,000,611 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2011.12.18 18:49:48 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.12.17 15:41:40 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.12.17 15:40:58 | 000,002,431 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vyhledat aktualizace.lnk
[2011.12.17 15:40:58 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\TVCenter.lnk
[2011.12.09 18:48:55 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.12.06 23:45:59 | 000,000,590 | ---- | C] () -- C:\Users\Pavel\Documents\cc_20111206_234557.reg
[2011.12.06 23:45:44 | 000,017,316 | ---- | C] () -- C:\Users\Pavel\Documents\cc_20111206_234541.reg
[2011.07.24 14:40:44 | 000,016,864 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.07.01 21:03:48 | 000,006,656 | ---- | C] () -- C:\Users\Pavel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.25 18:03:44 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.08.24 07:12:54 | 000,000,500 | ---- | C] () -- C:\Windows\eReg.dat
[2010.08.02 16:31:19 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.08.02 07:42:11 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.02 07:42:11 | 000,138,056 | ---- | C] () -- C:\Users\Pavel\AppData\Roaming\PnkBstrK.sys
[2010.08.02 07:41:50 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.08.02 07:41:46 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.08.02 07:41:46 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.07.03 19:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.29 18:06:08 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.11.18 10:26:38 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.11.18 10:01:47 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2009.07.14 09:44:22 | 000,634,308 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.07.14 09:44:22 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.07.14 09:44:22 | 000,122,898 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.07.14 09:44:22 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,502,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.17 23:30:06 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.17 23:30:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.09.06 01:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007.08.23 17:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2011.03.17 19:38:20 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\602Installer
[2011.03.17 19:38:23 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\602XML
[2011.07.21 17:21:14 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\AVG10
[2010.10.18 15:57:44 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\IrfanView
[2011.02.02 22:59:20 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\SoftGate
[2011.07.18 13:44:41 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\AVG10
[2011.11.07 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\AVI ReComp
[2012.01.02 18:43:36 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\CheckPoint
[2010.09.12 17:56:19 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\DAEMON Tools Lite
[2012.01.03 17:10:19 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\DonationCoder
[2011.07.13 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\go
[2011.10.20 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Hornil
[2012.01.02 14:12:06 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\ICQ
[2011.01.24 19:02:31 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\IrfanView
[2011.09.21 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Jane s Hotel 3
[2010.07.03 20:43:39 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Leadertech
[2011.12.31 11:17:39 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Opera
[2011.09.11 15:57:42 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Red Alert 3
[2011.09.10 21:44:55 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Red Alert 3 Demo
[2011.11.09 16:51:31 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Serif
[2010.12.21 08:23:54 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\SoftGate
[2011.05.14 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\TS3Client
[2010.06.26 16:58:06 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Vivox
[2011.11.18 08:05:42 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2009.10.30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
"OscarEditor" = "C:\Program Files\OSCAR Editor X7\OscarEditor.exe" Minimum -- [2010.07.22 14:18:08 | 002,636,800 | ---- | M] ()
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup -- [2004.06.16 05:03:26 | 000,221,184 | ---- | M] (InstallShield Software Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.10.13 08:27:14 | 017,351,304 | R--- | M] (Skype Technologies S.A.)
"RemoTerm.exe" = C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe -- [2009.09.02 16:29:58 | 000,218,384 | ---- | M] (PCTV Systems S.à r.l.)

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost /s >
"RPCSS" = RpcEptMapperRpcSs [binary data]
"defragsvc" = defragsvc [binary data] -- [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
"LocalSystemNetworkRestricted" = [Binary data over 100 bytes]
"LocalService" = [Binary data over 100 bytes]
"netsvcs" = [Binary data over 100 bytes]
"WerSvcGroup" = wersvc [binary data] -- [2009.07.14 02:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation)
"LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data]
"termsvcs" = TermService [binary data]
"swprv" = swprv [binary data] -- [2009.07.14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = [Binary data over 100 bytes]
"LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data]
"NetworkServiceAndNoImpersonation" = KtmRm [binary data]
"regsvc" = RemoteRegistry [binary data]
"LocalServiceAndNoImpersonation" = [Binary data over 100 bytes]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"NetworkService" = [Binary data over 100 bytes]
"sdrsvc" = sdrsvc [binary data] -- [2009.07.14 02:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation)
"WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"AxInstSVGroup" = AxInstSV [binary data] -- [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation)
"secsvcs" = WinDefend [binary data]
"bthsvcs" = bthserv [binary data] -- [2009.07.14 02:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AxInstSVGroup]
"ImpersonationLevel" = 3
"CoInitializeSecurityParam" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\defragsvc]
"CoInitializeSecurityParam" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"AuthenticationCapabilities" = 8192
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation]
"AuthenticationCapabilities" = 8192
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNetworkRestricted]
"CoInitializeSecurityParam" = 1
"DefaultRpcStackSize" = 64
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNoNetwork]
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted]
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"AuthenticationCapabilities" = 12320
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService]
"CoInitializeSecurityParam" = 1
"DefaultRpcStackSize" = 28
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopHyperVAgent]
"CoInitializeSecurityParam" = 1
"AuthenticationCapabilities" = 8192
"AuthenticationLevel" = 6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopPublishing]
"CoInitializeSecurityParam" = 1
"AuthenticationCapabilities" = 8192
"AuthenticationLevel" = 6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\SDRSVC]
"CoInitializeSecurityParam" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\swprv]
"CoInitializeSecurityParam" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc]
"CoInitializeSecurityParam" = 1
"CoInitializeSecurityAppID" = {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wercplsupport]
"AuthenticationCapabilities" = 12320
"CoInitializeSecurityParam" = 1

< >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc /s >
"DisplayName" = @%SystemRoot%\system32\cryptsvc.dll,-1001
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\cryptsvc.dll,-1002
"ObjectName" = NT Authority\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009.07.14 02:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters]
"ServiceDll" = %SystemRoot%\system32\cryptsvc.dll -- [2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation)
"ServiceMain" = CryptServiceMain
"ServiceDllUnloadOnStop" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security]
"Security" = 00 00 0E 00 01 [binary data]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog /s >
"ServiceDll" = %SystemRoot%\System32\wevtsvc.dll -- [2009.07.14 02:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ServiceMain
"PlugPlayServiceType" = 3
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%SystemRoot%\system32\wevtsvc.dll,-200
"Group" = Event Log
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -- [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\wevtsvc.dll,-201
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImpersonatePrivilege [binary data]
"FailureActionsOnNonCrashFailures" = 1
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"DisplayNameFile" = %SystemRoot%\system32\wevtapi.dll -- [2009.07.14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation)
"DisplayNameID" = 256
"PrimaryModule" = Application
"File" = %SystemRoot%\system32\winevt\Logs\Application.evtx -- [2012.01.04 13:28:01 | 015,798,272 | ---- | M] ()
"MaxSize" = 20971520
"Retention" = 0
"RestrictGuestAccess" = 1
"Sources" = MSDMine [binary data]
"AutoBackupLogFiles" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime]
"TypesSupported" = 7
"EventMessageFile" = C:\Windows\system32\mscoree.dll -- [2009.11.25 11:47:34 | 000,297,808 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime Optimization Service]
"TypesSupported" = 7
"EventMessageFile" = C:\Windows\system32\mscoree.dll -- [2009.11.25 11:47:34 | 000,297,808 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\602XML Updater]
"EventMessageFile" = C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- [2010.04.14 10:28:44 | 000,073,728 | ---- | M] (Software602 a.s.)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application]
"CategoryCount" = 7
"CategoryMessageFile" = %SystemRoot%\system32\wevtapi.dll -- [2009.07.14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Error]
"EventMessageFile" = %SystemRoot%\System32\wer.dll -- [2009.07.14 02:16:18 | 000,377,856 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"CategoryMessageFile" = %SystemRoot%\System32\wer.dll -- [2009.07.14 02:16:18 | 000,377,856 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang]
"EventMessageFile" = %SystemRoot%\System32\wersvc.dll -- [2009.07.14 02:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 2.0.50727.0]
"TypesSupported" = 7
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll -- [2009.06.10 22:22:45 | 000,081,232 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 5
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll -- [2009.06.10 22:22:45 | 000,081,232 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AutoEnrollment]
"ProviderGuid" = {F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg10Alrt]
"EventMessageFile" = C:\Program Files\AVG\AVG10\avgameh.dll
"CategoryMessageFile" = C:\Program Files\AVG\AVG10\avgameh.dll
"CategoryCount" = 1
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 3.0.0.0]
"CategoryCount" = 1
"CategoryMessageFile" = C:\Windows\System32\icardres.dll -- [2009.06.10 22:14:08 | 000,008,000 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll;C:\Windows\System32\icardres.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0]
"CategoryCount" = 1
"CategoryMessageFile" = icardres.dll.mui
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll;icardres.dll.mui
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CertCli]
"ProviderGuid" = {98BF1CD3-583E-4926-95EE-A61BF3F46470}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CertEnroll]
"ProviderGuid" = {54164045-7C50-4905-963F-E5BC1EEF0CCA}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chkdsk]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\ulib.dll -- [2009.07.14 02:16:17 | 000,108,544 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM]
"providerGuid" = {bf406804-6afa-46e7-8a48-6c357e1d6d61}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+]
"providerGuid" = {0f177893-4a9c-4709-b921-f432d67f43d5}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Customer Experience Improvement Program]
"providerGuid" = {A402FE09-DA6E-45F2-82AF-3CB37170EE0C}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager]
"EventMessageFile" = %SystemRoot%\system32\dwm.exe -- [2009.07.14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DiskQuota]
"EventMessageFile" = %SystemRoot%\System32\dskquota.dll -- [2009.07.14 02:15:13 | 000,087,040 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 0x00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker]
"TypesSupported" = 7
"EventMessageFile" = %ProgramFiles%\DVD Maker\DVDMaker.exe -- [2009.07.14 02:14:19 | 001,971,200 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = %systemroot%\system32\esent.dll -- [2011.03.11 06:39:35 | 001,686,016 | ---- | M] (Microsoft Corporation)
"CategoryMessageFile" = %systemroot%\system32\esent.dll -- [2011.03.11 06:39:35 | 001,686,016 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 16
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EventSystem]
"providerGuid" = {899daace-4868-4295-afcd-9eb8fb497561}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Family Safety Service]
"EventMessageFile" = C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection]
"EventMessageFile" = %SystemRoot%\System32\fdeploy.dll -- [2009.07.14 02:15:20 | 000,058,880 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {7D7B0C39-93F6-4100-BD96-4DDA859652C5}
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\fsssvc]
"EventMessageFile" = C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy]
"EventMessageFile" = %SystemRoot%\System32\gpapi.dll -- [2009.07.14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition]
"TypesSupported" = 7
"CategoryCount" = 7
"CategoryMessageFile" = %CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll -- [2009.07.14 02:06:10 | 000,002,048 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll -- [2009.07.14 02:06:10 | 000,002,048 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection]
"EventMessageFile" = %SystemRoot%\System32\UI0Detect.exe -- [2009.07.14 02:14:43 | 000,035,840 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LoadPerf]
"ProviderGuid" = {122EE297-BB47-41AE-B265-1CA8D1886D40}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LocationNotifications]
"ProviderGuid" = {5b93cdfa-5f51-45e0-9fde-296983129e6c}
"EventMessageFile" = %SystemRoot%\System32\LocationNotifications.exe -- [2009.07.14 02:14:22 | 000,089,600 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax]
"publisherGuid" = {9F8639E0-9EEF-4125-9B1C-86109BDD8289}
"TypesSupported" = 7
"CategoryCount" = 4
"CategoryMessageFile" = %systemroot%\system32\fxsevent.dll -- [2009.07.14 02:05:30 | 000,007,680 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %systemroot%\system32\fxsevent.dll -- [2009.07.14 02:05:30 | 000,007,680 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Office 12]
"EventMessageFile" = C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE -- [2008.11.04 01:44:24 | 000,814,464 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Application-Experience]
"ProviderGuid" = {eef54e71-0661-422d-9a98-82fd4940b820}
"EventMessageFile" = %SystemRoot%\system32\aeevts.dll -- [2009.07.14 02:03:48 | 000,023,040 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-ApplicationExperienceInfrastructure]
"ProviderGuid" = {5ec13d8e-4b3f-422e-a7e7-3121a1d90c7a}
"EventMessageFile" = %SystemRoot%\system32\apphelp.dll -- [2009.12.08 12:32:02 | 000,292,864 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Audio]
"ProviderGuid" = {ae4bd3be-f36f-45b6-8d21-bdd6fb832853}
"EventMessageFile" = %SystemRoot%\System32\audioses.dll -- [2009.07.14 02:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService]
"ProviderGuid" = {dab3b18c-3c0f-43e8-80b1-e44bc0dad901}
"EventMessageFile" = %SystemRoot%\System32\AxInstSv.dll -- [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup]
"ProviderGuid" = {1db28f2e-8f80-4027-8c5a-a11f7f10f62d}
"EventMessageFile" = %windir%\system32\BlbEvents.dll -- [2009.07.14 02:04:04 | 000,052,224 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CAPI2]
"ProviderGuid" = {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
"EventMessageFile" = %SystemRoot%\System32\crypt32.dll -- [2009.07.14 02:15:07 | 001,151,488 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CertificateServicesClient]
"ProviderGuid" = {73370bd6-85e5-430b-b60a-fea1285808a7}
"EventMessageFile" = %SystemRoot%\system32\dimsjob.dll -- [2009.07.14 02:15:11 | 000,033,792 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CertificateServicesClient-AutoEnrollment]
"ProviderGuid" = {f0db7ef8-b6f3-4005-9937-feb77b9e1b43}
"EventMessageFile" = %SystemRoot%\system32\pautoenr.dll -- [2009.07.14 02:16:12 | 000,044,032 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CertificateServicesClient-CertEnroll]
"ProviderGuid" = {54164045-7c50-4905-963f-e5bc1eef0cca}
"EventMessageFile" = %SystemRoot%\system32\certenroll.dll -- [2009.09.03 08:04:15 | 001,320,960 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CertificateServicesClient-CredentialRoaming]
"ProviderGuid" = {89a2278b-c662-4aff-a06c-46ad3f220bca}
"EventMessageFile" = %SystemRoot%\system32\dimsroam.dll -- [2009.07.14 02:15:11 | 000,036,864 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CertificationAuthorityClient-CertCli]
"ProviderGuid" = {98bf1cd3-583e-4926-95ee-a61bf3f46470}
"EventMessageFile" = %SystemRoot%\system32\certcli.dll -- [2009.07.14 02:15:01 | 000,335,360 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Crypto-RNG]
"providerGuid" = {54d5ac20-e14f-4fda-92da-ebf7556ff176}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag]
"TypesSupported" = 7
"EventMessageFile" = %systemroot%\system32\defragsvc.dll -- [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-DirectShow-Core]
"ProviderGuid" = {968f313b-097f-4e09-9cdd-bc62692d138b}
"EventMessageFile" = %SystemRoot%\system32\quartz.dll -- [2009.12.19 10:02:48 | 001,328,640 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-DirectShow-KernelSupport]
"ProviderGuid" = {3cc2d4af-da5e-4ed4-bcbe-3cf995940483}
"EventMessageFile" = ksproxy.ax -- [2009.07.14 02:14:11 | 000,194,048 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost]
"ProviderGuid" = {6eb8db94-fe96-443f-a366-5fe0cee7fb1c}
"EventMessageFile" = %systemroot%\system32\eapsvc.dll -- [2009.07.14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EFS]
"ProviderGuid" = {3663a992-84be-40ea-bba9-90c7ed544222}
"EventMessageFile" = %SystemRoot%\system32\efscore.dll -- [2009.07.14 02:15:13 | 000,204,800 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector]
"ProviderGuid" = {b977cf02-76f6-df84-cc1a-6a4b232322b6}
"EventMessageFile" = %SystemRoot%\system32\wecsvc.dll -- [2009.07.14 02:16:18 | 000,147,968 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Folder Redirection]
"ProviderGuid" = {7d7b0c39-93f6-4100-bd96-4dda859652c5}
"EventMessageFile" = %SystemRoot%\System32\fdeploy.dll -- [2009.07.14 02:15:20 | 000,058,880 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-LoadPerf]
"ProviderGuid" = {122ee297-bb47-41ae-b265-1ca8d1886d40}
"EventMessageFile" = %SystemRoot%\system32\loadperf.dll -- [2009.07.14 02:15:36 | 000,115,712 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-PerfCtrs]
"ProviderGuid" = {973143dd-f3c7-4ef5-b156-544ac38c39b6}
"EventMessageFile" = %SystemRoot%\system32\perfctrs.dll -- [2009.07.14 02:16:12 | 000,039,424 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-PerfNet]
"ProviderGuid" = {cab2b8a5-49b9-4eec-b1b0-fac21da05a3b}
"EventMessageFile" = %SystemRoot%\system32\perfnet.dll -- [2009.07.14 02:16:12 | 000,020,992 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-PerfOS]
"ProviderGuid" = {f82fb576-e941-4956-a2c7-a0cf83f6450a}
"EventMessageFile" = %SystemRoot%\system32\perfos.dll -- [2009.07.14 02:16:12 | 000,028,672 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-PerfProc]
"ProviderGuid" = {72d211e1-4c54-4a93-9520-4901681b2271}
"EventMessageFile" = %SystemRoot%\system32\perfproc.dll -- [2009.07.14 02:16:12 | 000,035,328 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-propsys]
"ProviderGuid" = {9485FA1E-23CD-49A1-84E3-11D8BC550CB7}
"EventMessageFile" = %SystemRoot%\system32\propsys.dll -- [2009.07.14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-RemoteApp and Desktop Connections]
"ProviderGuid" = {1b8b402d-78dc-46fb-bf71-46e64aedf165}
"EventMessageFile" = %SystemRoot%\system32\TSWorkspace.dll -- [2009.07.14 02:16:16 | 000,594,432 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-RemoteAssistance]
"ProviderGuid" = {5b0a651a-8807-45cc-9656-7579815b6af0}
"EventMessageFile" = %systemroot%\system32\msra.exe -- [2009.07.14 02:14:26 | 000,536,576 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-RestartManager]
"ProviderGuid" = {0888e5ef-9b98-4695-979d-e92ce4247224}
"EventMessageFile" = %SystemRoot%\System32\RstrtMgr.dll -- [2009.07.14 02:16:13 | 000,152,064 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-RPC-Events]
"ProviderGuid" = {f4aed7c7-a898-4627-b053-44a7caa12fcd}
"EventMessageFile" = %SystemRoot%\system32\rpcrt4.dll -- [2009.07.14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies]
"ProviderGuid" = {7d29d58a-931a-40ac-8743-48c733045548}
"EventMessageFile" = %SystemRoot%\system32\advapi32.dll -- [2009.07.14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-TerminalServices-ClientActiveXCore]
"ProviderGuid" = {28aa95bb-d444-4719-a36f-40462168127e}
"EventMessageFile" = %SystemRoot%\system32\mstscax.dll -- [2010.12.18 06:30:20 | 002,690,560 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles General]
"ProviderGuid" = {db00dfb6-29f9-4a9c-9b3b-1f4f9e7d9770}
"EventMessageFile" = %SystemRoot%\System32\userenv.dll -- [2009.07.14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service]
"ProviderGuid" = {89b1e9f0-5aff-44a6-9b44-0a07a7ce5845}
"EventMessageFile" = %SystemRoot%\System32\profsvc.dll -- [2009.07.14 02:16:12 | 000,162,816 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Video-For-Windows]
"ProviderGuid" = {712abb2d-d806-4b42-9682-26da01d8b307}
"EventMessageFile" = %SystemRoot%\system32\mciavi32.dll -- [2009.12.19 10:02:40 | 000,084,480 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WBioSrvc]
"providerGuid" = {A0E3D8EA-C34F-4419-A1DB-90435B8B21D0}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool]
"ProviderGuid" = {11a75546-3234-465e-bec8-2d301cb501ac}
"EventMessageFile" = %SystemRoot%\system32\WINSAT.EXE -- [2009.07.14 02:14:46 | 003,367,424 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv]
"ProviderGuid" = {9d55b53d-449b-4824-a637-24f9d69aa02f}
"EventMessageFile" = %SystemRoot%\system32\winsrv.dll -- [2011.07.16 05:37:32 | 000,169,984 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-XWizards]
"ProviderGuid" = {777ba8fe-2498-4875-933a-3067de883070}
"EventMessageFile" = %windir%\system32\xwizards.dll -- [2009.07.14 02:16:21 | 000,354,816 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0]
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft.Transactions.Bridge 4.0.0.0]
"CategoryCount" = 15
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDMine]
"EventMessageFile" = C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL -- [2005.05.04 00:06:30 | 001,411,816 | ---- | M] (Microsoft Corporation)
"CategoryMessageFile" = C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL -- [2005.05.04 00:06:30 | 001,411,816 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 00 12 B8 58 [binary data]
"CategoryCount" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC]
"providerGuid" = {719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC 2]
"providerGuid" = {5D9E0020-3761-4f36-90C8-38CE6511BD12}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client]
"providerGuid" = {7A67066E-193F-4D3A-82D3-322FEE5259DE}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client 2]
"providerGuid" = {155CB334-3D7F-4ff1-B107-DF8AFC3C0363}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MsiInstaller]
"EventMessageFile" = C:\Windows\system32\msimsg.dll -- [2009.07.14 02:07:12 | 000,025,088 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSSOAP]
"TypesSupported" = 1
"CategoryCount" = 4
"EventMessageFile" = C:\Program Files\Common Files\MSSoap\Binaries\MSSOAP30.dll -- [2002.06.25 03:36:42 | 000,437,760 | ---- | M] (Microsoft Corporation)
"CategoryMessageFile" = C:\Program Files\Common Files\MSSoap\Binaries\MSSOAP30.dll -- [2002.06.25 03:36:42 | 000,437,760 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Outlook]
"EventMessageFile" = C:\PROGRA~1\MICROS~4\Office12\1029\MAPIR.DLL -- [2009.02.21 11:39:32 | 001,254,768 | ---- | M] (Microsoft Corporation)
"Version" = 13

Re: Win 7 Security 2012

Napsal: 04 led 2012 13:50
od Abcak
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PDH]
"ProviderGuid" = {04D66358-C4A1-419B-8023-23B73902DE2C}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfCtrs]
"ProviderGuid" = {973143DD-F3C7-4EF5-B156-544AC38C39B6}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfDisk]
"ProviderGuid" = {7F9D83DE-8ABB-457F-98E8-4AD161449ECC}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perflib]
"ProviderGuid" = {13B197BD-7CEE-4B4E-8DD0-59314CE374CE}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfNet]
"ProviderGuid" = {CAB2B8A5-49B9-4EEC-B1B0-FAC21DA05A3B}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfOs]
"ProviderGuid" = {F82FB576-E941-4956-A2C7-A0CF83F6450A}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfProc]
"ProviderGuid" = {72D211E1-4C54-4A93-9520-4901681B2271}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Process Exit Monitor]
"providerGuid" = {FD771D53-8492-4057-8E35-8C02813AF49B}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc]
"EventMessageFile" = %SystemRoot%\System32\profsvc.dll -- [2009.07.14 02:16:12 | 000,162,816 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RasClient]
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009.07.14 02:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceCli]
"EventMessageFile" = %SystemRoot%\System32\scecli.dll -- [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceSrv]
"EventMessageFile" = %SystemRoot%\System32\scesrv.dll -- [2009.07.14 02:16:13 | 000,307,712 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\wscsvc.dll -- [2010.12.21 06:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ServiceModel Audit 3.0.0.0]
"TypesSupported" = 31
"CategoryCount" = 2
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ServiceModel Audit 4.0.0.0]
"TypesSupported" = 31
"CategoryCount" = 2
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SideBySide]
"EventMessageFile" = %SystemRoot%\System32\sxs.dll -- [2009.07.14 02:16:15 | 000,380,416 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service]
"EventMessageFile" = %windir%\system32\sppsvc.exe -- [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SPP]
"TypesSupported" = 7
"EventMessageFile" = %systemroot%\system32\sxproxy.dll -- [2009.07.14 02:16:15 | 000,031,744 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Standard TCP/IP Port]
"ProviderGuid" = {CAD2D809-03D9-4F46-9CF4-72AA4F04B6B9}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore]
"TypesSupported" = 7
"EventMessageFile" = %systemroot%\system32\srcore.dll -- [2009.07.14 02:16:15 | 000,400,896 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IdentityModel 3.0.0.0]
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IdentityModel 4.0.0.0]
"CategoryCount" = 15
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IO.Log 3.0.0.0]
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IO.Log 4.0.0.0]
"CategoryCount" = 15
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.Runtime.Serialization 3.0.0.0]
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.Runtime.Serialization 4.0.0.0]
"CategoryCount" = 15
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.ServiceModel 3.0.0.0]
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.ServiceModel 4.0.0.0]
"CategoryCount" = 15
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\UltiDev Cassini 2.0 Service]
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2009.06.10 22:22:52 | 000,794,976 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\UltiDev Cassini Service]
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2009.06.10 22:22:52 | 000,794,976 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\UltiDev Cassini Web Server for ASP.NET 2.0]
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2009.06.10 22:22:52 | 000,794,976 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\usbperf]
"EventMessageFile" = %SystemRoot%\system32\usbperf.dll -- [2009.07.14 02:16:17 | 000,011,264 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userenv]
"EventMessageFile" = %SystemRoot%\System32\userenv.dll -- [2009.07.14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime]
"EventMessageFile" = C:\Windows\system32\msvbvm60.dll -- [2009.07.14 02:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\VSSVC.EXE -- [2009.07.14 02:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup]
"EventMessageFile" = C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE -- [2008.11.04 01:44:24 | 000,814,464 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc]
"EventMessageFile" = %SystemRoot%\System32\wersvc.dll -- [2009.07.14 02:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Activation Technologies]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\system32\Wat\WatUX.exe -- [2010.06.26 23:06:40 | 000,249,768 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup]
"TypesSupported" = 7
"EventMessageFile" = %systemroot%\system32\sdengin2.dll -- [2009.07.14 02:16:13 | 000,907,264 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Error Reporting]
"EventMessageFile" = %SystemRoot%\System32\wer.dll -- [2009.07.14 02:16:18 | 000,377,856 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service]
"ProviderGuid" = {CA4E628D-8567-4896-AB6B-835B221F373F}
"TypesSupported" = 7
"CategoryCount" = 7
"CategoryMessageFile" = %systemroot%\system32\tquery.dll -- [2011.05.04 05:53:10 | 001,553,920 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %systemroot%\system32\tquery.dll -- [2011.05.04 05:53:10 | 001,553,920 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification]
"ProviderGuid" = {FC6F77DD-769A-470E-BCF9-1B6555A118BE}
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\system32\wsepno.dll -- [2009.07.14 02:16:20 | 000,027,136 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wininit]
"EventMessageFile" = %SystemRoot%\System32\wininit.exe -- [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {206f6dea-d3c5-4d10-bc72-989f03c8b84b}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon]
"EventMessageFile" = %SystemRoot%\System32\winlogon.exe -- [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {DBE9B383-7CF3-4331-91CC-A3CB16A3B538}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinMgmt]
"ProviderGuid" = {1edeee53-0afe-4609-b846-d8c0b2075b1f}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy]
"EventMessageFile" = %SystemRoot%\System32\winlogon.exe -- [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {DBE9B383-7CF3-4331-91CC-A3CB16A3B538}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WMI.NET Provider Extension]
"TypesSupported" = 7
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll -- [2010.03.18 13:16:28 | 000,794,464 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WSH]
"EventMessageFile" = %SystemRoot%\System32\wshext.dll -- [2009.07.14 02:16:20 | 000,080,896 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents]
"DisplayNameFile" = %SystemRoot%\system32\wecsvc.dll -- [2009.07.14 02:16:18 | 000,147,968 | ---- | M] (Microsoft Corporation)
"DisplayNameID" = 256
"File" = %systemroot%\system32\winevt\logs\HardwareEvents.evtx -- [2009.11.18 09:50:56 | 000,069,632 | ---- | M] ()
"MaxSize" = 20971520
"Retention" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Internet Explorer]
"CustomSD" = O:BAG:SYD:(A;;0x07;;;WD)S:(ML;;0x1;;;LW)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service]
"MaxSize" = 20971520
"Retention" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests]
"EventMessageFile" = %windir%\system32\sppsvc.exe -- [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center]
"MaxSize" = 8388608
"File" = %SystemRoot%\System32\winevt\Logs\Media Center.evtx -- [2011.12.11 01:19:01 | 001,118,208 | ---- | M] ()
"Retention" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehExtHost]
"EventMessageFile" = %SystemRoot%\ehome\ehepgres.dll -- [2009.07.14 02:04:56 | 000,004,096 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehRecvr]
"EventMessageFile" = %SystemRoot%\ehome\ehRecvr.exe -- [2010.08.04 07:15:16 | 000,556,032 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehSched]
"EventMessageFile" = %SystemRoot%\ehome\ehSched.exe -- [2009.07.14 02:14:19 | 000,094,720 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehshell]
"EventMessageFile" = %SystemRoot%\ehome\ehepgres.dll -- [2009.07.14 02:04:56 | 000,004,096 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\mcstore]
"EventMessageFile" = %SystemRoot%\ehome\ehepgres.dll -- [2009.07.14 02:04:56 | 000,004,096 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\MCUpdate]
"EventMessageFile" = %SystemRoot%\ehome\ehepgres.dll -- [2009.07.14 02:04:56 | 000,004,096 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\Recording]
"EventMessageFile" = %SystemRoot%\ehome\ehepgres.dll -- [2009.07.14 02:04:56 | 000,004,096 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ODiag]
"DisplayNameFile" = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2009.04.02 12:02:00 | 000,012,616 | ---- | M] ()
"DisplayNameID" = 101
"MaxSize" = 16777216
"PrimaryModule" = ODiag
"Retention" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ODiag\Microsoft Office 12 Diagnostics]
"EventMessageFile" = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2009.04.02 12:02:00 | 000,012,616 | ---- | M] ()
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\OSession]
"DisplayNameFile" = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2009.04.02 12:02:00 | 000,012,616 | ---- | M] ()
"DisplayNameID" = 100
"MaxSize" = 16777216
"PrimaryModule" = OSessions
"Retention" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\OSession\Microsoft Office 12 Sessions]
"EventMessageFile" = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2009.04.02 12:02:00 | 000,012,616 | ---- | M] ()
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security]
"DisplayNameFile" = %SystemRoot%\system32\wevtapi.dll -- [2009.07.14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation)
"DisplayNameID" = 257
"Isolation" = 2
"PrimaryModule" = Security -- [2009.07.14 02:09:53 | 000,004,608 | ---- | M] (Microsoft Corporation)
"File" = %SystemRoot%\System32\winevt\Logs\Security.evtx -- [2012.01.04 13:28:01 | 020,975,616 | ---- | M] ()
"MaxSize" = 20971520
"Retention" = 0
"Security" = [Binary data over 100 bytes]
"RestrictGuestAccess" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS]
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009.07.14 02:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames]
"Directory Service Object" = 7680
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA]
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009.07.14 02:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames]
"PolicyObject" = 5632
"SecretObject" = 5648
"TrustedDomainObject" = 5664
"UserAccountObject" = 5680
"AdtSecurity" = 7936
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog]
"ProviderGuid" = {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}
"EventMessageFile" = %SystemRoot%\System32\wevtsvc.dll -- [2009.07.14 02:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Security-Auditing]
"ProviderGuid" = {54849625-5478-4994-a5ba-3e3b0328c30d}
"EventMessageFile" = %SystemRoot%\system32\adtschema.dll -- [2009.07.14 02:03:48 | 000,680,448 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager]
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009.07.14 02:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames]
"SC_MANAGER Object" = 7168
"SERVICE Object" = 7184
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security]
"CategoryCount" = 9
"CategoryMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2009.07.14 02:06:53 | 000,145,920 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2009.07.14 02:06:53 | 000,145,920 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009.07.14 02:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 28
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames]
"Channel" = 5120
"Desktop" = 6672
"Device" = 4352
"Directory" = 4368
"Event" = 4384
"EventPair" = 4400
"File" = 4416
"IoCompletion" = 4864
"Job" = 5136
"Key" = 4432
"KeyedEvent" = 5696
"MailSlot" = 4416
"Mutant" = 4448
"NamedPipe" = 4416
"Port" = 4464
"Process" = 4480
"Profile" = 4496
"Section" = 4512
"Semaphore" = 4528
"SymbolicLink" = 4544
"Thread" = 4560
"Timer" = 4576
"Token" = 4592
"Type" = 4608
"WaitablePort" = 4464
"ALPC Port" = 4464
"WindowStation" = 6656
"WMI Namespace" = 16896
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager]
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009.07.14 02:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames]
"SAM_ALIAS" = 5424
"SAM_DOMAIN" = 5392
"SAM_GROUP" = 5408
"SAM_SERVER" = 5376
"SAM_USER" = 5440
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0]
"ParameterMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
"CategoryCount" = 3
"CategoryMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2009.07.14 02:06:53 | 000,145,920 | ---- | M] (Microsoft Corporation)
"EventSourceFlags" = 1
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 4.0.0.0]
"TypesSupported" = 31
"CategoryMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2009.07.14 02:06:53 | 000,145,920 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 3
"ParameterMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
"EventSourceFlags" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler]
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009.07.14 02:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames]
"Document" = 6944
"Printer" = 6928
"Server" = 6912
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\TCP/IP]
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009.07.14 02:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\TCP/IP\ObjectNames]
"InternetPort" = 8064
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit]
"EventMessageFile" = %SystemRoot%\System32\VSSVC.EXE -- [2009.07.14 02:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation)
"EventSourceFlags" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System]
"DisplayNameFile" = %SystemRoot%\system32\wevtapi.dll -- [2009.07.14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation)
"DisplayNameID" = 258
"PrimaryModule" = System
"File" = %SystemRoot%\system32\winevt\Logs\System.evtx -- [2012.01.04 13:28:01 | 020,975,616 | ---- | M] ()
"MaxSize" = 20971520
"Retention" = 0
"RestrictGuestAccess" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adp94xx]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpahci]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpu320]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc]
"EventMessageFile" = %SystemRoot%\System32\aelupsvc.dll -- [2009.07.14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78xx]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdk8.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdppm.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amdsata]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amdsbs]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amdxata]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup]
"EventMessageFile" = %SystemRoot%\System32\ntdll.dll -- [2010.10.27 05:40:24 | 001,289,536 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\arc]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\arcsas]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AsyncMac]
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009.07.14 02:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atapi]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv]
"eventmessagefile" = %SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\bxvbdx.sys
"typessupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\b57nd60x]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\b57nd60x.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\beep]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Bowser]
"EventMessageFile" = %systemroot%\system32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Browser]
"EventMessageFile" = %systemroot%\system32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BugCheck]
"providerGuid" = {ABCE23E7-DE45-4366-8631-84FA6C525952}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdrom]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DCOM]
"providerGuid" = {1B562E86-B7AA-4131-BADC-B6F3A001407E}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsSvc]
"ProviderGuid" = {7DA4FE0E-FD42-4708-9AA5-89B77A224885}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp]
"providerGuid" = {15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}
"EventMessageFile" = %SystemRoot%\System32\dhcpcore.dll -- [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2011.07.16 05:34:28 | 000,868,352 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcpv6]
"providerGuid" = {6A1F2B00-6A90-4C38-95A5-5CAB3B056778}
"EventMessageFile" = %SystemRoot%\system32\dhcpcore6.dll -- [2009.07.14 02:15:11 | 000,191,488 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\system32\kernelbase.dll -- [2011.07.16 05:34:28 | 000,290,816 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp_QEC]
"EventMessageFile" = %Systemroot%\System32\dhcpqec.dll -- [2009.07.14 02:15:11 | 000,081,920 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %Systemroot%\System32\dhcpqec.dll -- [2009.07.14 02:15:11 | 000,081,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
"providerGuid" = {F6DA35CE-D312-41C8-9828-5A2E173C91B6}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\disk]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Display]
"EventMessageFile" = %SystemRoot%\System32\DispCI.dll -- [2009.07.14 02:15:11 | 000,042,496 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnsapi]
"ParameterMessageFile" = %Systemroot%\system32\kernel32.dll -- [2011.07.16 05:34:28 | 000,868,352 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %Systemroot%\system32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnscache]
"ParameterMessageFile" = %Systemroot%\system32\kernel32.dll -- [2011.07.16 05:34:28 | 000,868,352 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %Systemroot%\system32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv]
"eventmessagefile" = %SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\evbdx.sys
"typessupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\elxstor]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\eventlog]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\exFAT]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\drivers\fltmgr.sys;%SystemRoot%\System32\IoLogMsg.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fvevol]
"ProviderGuid" = {651DF93B-5053-4D1E-94C5-F6E6D25908D0}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\hidbth.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\HpSAMD]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Http]
"ProviderGuid" = {7b6bc78c-898b-4170-bbf8-1a469ea43fc5}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStorV.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iirsp]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\intelppm.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMGM]
"providerGuid" = {29D13147-1C2E-48EC-9994-E29DFE496EB3}
"EventMessageFile" = %SystemRoot%\System32\rtm.dll -- [2009.07.14 02:16:13 | 000,115,200 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV]
"EventMessageFile" = %SystemRoot%\System32\drivers\ipmidrv.sys -- [2009.07.14 00:30:59 | 000,065,536 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP]
"providerGuid" = {A6F32731-9A38-4159-A220-3D9B7FC5FE5D}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRouterManager]
"providerGuid" = {F2C628AE-D26C-4352-9C45-74754E1E2F9F}
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009.07.14 02:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\irevents]
"CategoryCount" = 1
"TypesSupported" = 7
"CategoryMessageFile" =
"EventMessageFile" = %SystemRoot%\System32\irmon.dll -- [2009.07.14 02:15:34 | 000,019,968 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\irsir]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt]
"EventMessageFile" = %SystemRoot%\System32\iscsilog.dll -- [2009.07.14 02:06:12 | 000,016,384 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdhid.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Kerberos]
"EventMessageFile" = %SystemRoot%\System32\kerberos.dll -- [2010.12.18 06:29:31 | 000,541,184 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\L1C]
"EventMessageFile" = %SystemRoot%\System32\Drivers\L1C62x86.sys -- [2009.07.13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lltdio]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LmHosts]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv]
"ProviderGuid" = {199fe037-2b82-40a9-82ac-e1d46c792b99}
"EventMessageFile" = %windir%\System32\lsasrv.dll -- [2009.12.11 08:38:58 | 001,037,312 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_FC]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_SAS]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_SAS2]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_SCSI]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM]
"EventMessageFile" = %SystemRoot%\system32\lsm.exe -- [2009.07.14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {5d896912-022d-40aa-a3a8-4fa5515c76d7}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\megasas]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MegaSR]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Application-Experience]
"ProviderGuid" = {eef54e71-0661-422d-9a98-82fd4940b820}
"EventMessageFile" = %SystemRoot%\system32\aeevts.dll -- [2009.07.14 02:03:48 | 000,023,040 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API]
"ProviderGuid" = {5d674230-ca9f-11da-a94d-0800200c9a66}
"EventMessageFile" = %SystemRoot%\system32\fveapi.dll -- [2009.07.14 02:17:54 | 000,271,864 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver]
"ProviderGuid" = {651df93b-5053-4d1e-94c5-f6e6d25908d0}
"EventMessageFile" = %SystemRoot%\system32\drivers\fvevol.sys -- [2009.09.26 06:58:35 | 000,194,488 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client]
"ProviderGuid" = {ef1cc15b-46c1-414e-bb95-e76b077bd51e}
"EventMessageFile" = %systemroot%\system32\qmgr.dll -- [2009.07.14 02:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client]
"ProviderGuid" = {ba093605-3909-4345-990b-26b746adee0a}
"EventMessageFile" = %SystemRoot%\system32\cofiredm.dll -- [2009.07.14 02:15:07 | 000,027,136 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server]
"ProviderGuid" = {d6f68875-cdf5-43a5-a3e3-53ffd683311c}
"EventMessageFile" = %SystemRoot%\system32\cofiredm.dll -- [2009.07.14 02:15:07 | 000,027,136 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DfsSvc]
"ProviderGuid" = {7da4fe0e-fd42-4708-9aa5-89b77a224885}
"EventMessageFile" = %SystemRoot%\system32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Dhcp-Client]
"ProviderGuid" = {15a7a4f8-0072-4eab-abad-f98a4d666aed}
"EventMessageFile" = %SystemRoot%\system32\dhcpcore.dll -- [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Dhcp-Nap-Enforcement-Client]
"ProviderGuid" = {f6da35ce-d312-41c8-9828-5a2e173c91b6}
"EventMessageFile" = %Systemroot%\system32\dhcpqec.dll -- [2009.07.14 02:15:11 | 000,081,920 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DHCPv6-Client]
"ProviderGuid" = {6a1f2b00-6a90-4c38-95a5-5cab3b056778}
"EventMessageFile" = %systemroot%\system32\dhcpcore6.dll -- [2009.07.14 02:15:11 | 000,191,488 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Diagnostics-Networking]
"ProviderGuid" = {36c23e18-0e66-11d9-bbeb-505054503030}
"EventMessageFile" = %windir%\system32\netdiagfx.dll -- [2009.07.14 02:16:02 | 000,225,792 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM]
"ProviderGuid" = {0d4fdc09-8c27-494a-bda0-505e4fd8adae}
"EventMessageFile" = %SystemRoot%\System32\samsrv.dll -- [2009.07.14 02:16:13 | 000,550,912 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic]
"ProviderGuid" = {e670a5a2-ce74-4ab4-9347-61b815319f4c}
"EventMessageFile" = %windir%\system32\dfdts.dll -- [2009.07.14 02:15:11 | 000,039,936 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DNS-Client]
"ProviderGuid" = {1c95126e-7eea-49a9-a3fe-a378b03ddb4d}
"EventMessageFile" = %SystemRoot%\system32\dnsapi.dll -- [2011.03.03 06:29:23 | 000,269,824 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode]
"ProviderGuid" = {2e35aaeb-857f-4beb-a418-2e6c0e54d988}
"EventMessageFile" = %SystemRoot%\system32\WUDFPlatform.dll -- [2009.07.14 02:16:21 | 000,162,304 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorCertDrv]
"ProviderGuid" = {bd2d1dae-d678-4e10-9667-21cba2aa70c3}
"EventMessageFile" = %SystemRoot%\System32\EhStorAuthn.exe -- [2009.07.14 02:14:19 | 000,130,560 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector]
"ProviderGuid" = {b977cf02-76f6-df84-cc1a-6a4b232322b6}
"EventMessageFile" = %SystemRoot%\system32\wecsvc.dll -- [2009.07.14 02:16:18 | 000,147,968 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog]
"ProviderGuid" = {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}
"EventMessageFile" = %SystemRoot%\System32\wevtsvc.dll -- [2009.07.14 02:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap]
"ProviderGuid" = {6b93bf66-a922-4c11-a617-cf60d95c133d}
"EventMessageFile" = %SystemRoot%\system32\fthsvc.dll -- [2009.07.14 02:15:21 | 000,179,712 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager]
"ProviderGuid" = {f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}
"EventMessageFile" = %SystemRoot%\system32\drivers\fltmgr.sys -- [2009.07.14 02:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall]
"ProviderGuid" = {e595f735-b42a-494b-afcd-b68666945cd3}
"EventMessageFile" = %SystemRoot%\system32\mpssvc.dll -- [2009.07.14 02:15:41 | 000,565,760 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FMS]
"ProviderGuid" = {dea07764-0790-44de-b9c4-49677b17174f}
"EventMessageFile" = %SystemRoot%\system32\fms.dll -- [2009.07.14 02:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost]
"ProviderGuid" = {538cbbad-4877-4eb2-b26e-7caee8f0f8cb}
"EventMessageFile" = %SystemRoot%\system32\fdphost.dll -- [2009.07.14 02:15:20 | 000,012,800 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy]
"ProviderGuid" = {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}
"EventMessageFile" = %systemroot%\system32\gpsvc.dll -- [2009.07.14 02:15:24 | 000,591,360 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL]
"ProviderGuid" = {63d1e632-95cc-4443-9312-af927761d52a}
"EventMessageFile" = %systemroot%\system32\microsoft-windows-hal-events.dll -- [2009.07.14 02:06:27 | 000,006,144 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent]
"ProviderGuid" = {7b6bc78c-898b-4170-bbf8-1a469ea43fc5}
"EventMessageFile" = %SystemRoot%\system32\drivers\HTTP.SYS -- [2009.07.14 00:12:59 | 000,513,024 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IPBusEnum]
"ProviderGuid" = {cd032e15-15ad-4da4-afc6-03bf83516195}
"EventMessageFile" = %systemroot%\system32\ipbusenum.dll -- [2009.07.14 02:15:33 | 000,078,848 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc]
"ProviderGuid" = {66a5c15c-4f8e-4044-bf6e-71d896038977}
"EventMessageFile" = %windir%\system32\iphlpsvc.dll -- [2009.07.14 02:15:33 | 000,497,152 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Boot]
"ProviderGuid" = {15ca44ff-4d7a-4baa-bba5-0998955e531e}
"EventMessageFile" = %SystemRoot%\system32\advapi32.dll -- [2009.07.14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-General]
"ProviderGuid" = {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}
"EventMessageFile" = %SystemRoot%\system32\advapi32.dll -- [2009.07.14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-PnP]
"ProviderGuid" = {9c205a39-1250-487d-abd7-e831c6290539}
"EventMessageFile" = %SystemRoot%\system32\advapi32.dll -- [2009.07.14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power]
"ProviderGuid" = {331c3b3a-2005-44c2-ac5e-77220c37d6b4}
"EventMessageFile" = %systemroot%\system32\microsoft-windows-kernel-power-events.dll -- [2009.07.14 02:06:27 | 000,051,712 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power]
"ProviderGuid" = {0f67e49f-fe51-4e9f-b490-6f2948cc6027}
"EventMessageFile" = %systemroot%\system32\microsoft-windows-kernel-processor-power-events.dll -- [2009.07.14 02:06:27 | 000,025,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Tm]
"ProviderGuid" = {4cec9c95-a65f-4591-b5c4-30100e51d870}
"EventMessageFile" = %SystemRoot%\system32\ktmw32.dll -- [2009.07.14 02:15:35 | 000,020,480 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-WHEA]
"ProviderGuid" = {7b563579-53c8-44e7-8236-0f87b9fe6594}
"EventMessageFile" = %SystemRoot%\system32\PSHED.DLL -- [2009.07.14 02:19:03 | 000,052,816 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup]
"ProviderGuid" = {7237fff9-a08a-4804-9c79-4a8704b70b87}
"EventMessageFile" = %SystemRoot%\system32\lpksetup.exe -- [2009.07.14 02:14:22 | 000,477,696 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results]
"ProviderGuid" = {5f92bc59-248f-4111-86a9-e393e12c6139}
"EventMessageFile" = %SystemRoot%\System32\relpost.exe -- [2009.07.14 02:14:30 | 000,182,784 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule]
"ProviderGuid" = {73e9c9de-a148-41f7-b1db-4da051fdc327}
"EventMessageFile" = %SystemRoot%\System32\mdsched.exe -- [2009.07.14 02:14:23 | 000,132,608 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Power-Troubleshooter]
"ProviderGuid" = {cdc05e28-c449-49c6-b9d2-88cf761644df}
"EventMessageFile" = %systemroot%\system32\pots.dll -- [2009.07.14 02:16:12 | 000,022,528 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp]
"ProviderGuid" = {6c260f2c-049a-43d8-bf4d-d350a4e6611a}
"EventMessageFile" = %SystemRoot%\System32\sstpsvc.dll -- [2009.07.14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Recovery]
"ProviderGuid" = {9e95e4d0-4cb4-4b5d-a936-c972d7d08d90}
"EventMessageFile" = %SystemRoot%\system32\recovery.dll -- [2009.07.14 02:16:13 | 000,135,680 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Resource-Exhaustion-Detector]
"ProviderGuid" = {9988748e-c2e8-4054-85f6-0c3e1cad2470}
"EventMessageFile" = %SystemRoot%\system32\radardt.dll -- [2009.07.14 02:16:12 | 000,085,504 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication]

Re: Win 7 Security 2012

Napsal: 04 led 2012 13:51
od Abcak
"ProviderGuid" = {74c2135f-cc76-45c3-879a-ef3bb1eeaf86}
"EventMessageFile" = %SystemRoot%\system32\fdrespub.dll -- [2009.07.14 02:15:20 | 000,028,160 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP]
"ProviderGuid" = {9f650c63-9409-453c-a652-83d7185a2e83}
"EventMessageFile" = %SystemRoot%\system32\certprop.dll -- [2009.07.14 02:15:02 | 000,067,584 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Servicing]
"EventMessageFile" = %SystemRoot%\servicing\cbsmsg.dll -- [2009.07.14 02:15:01 | 000,028,672 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {bd12f3b8-fc40-4a61-a307-b7a013a069c1}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup]
"ProviderGuid" = {75ebc33e-997f-49cf-b49f-ecc50184b75d}
"EventMessageFile" = %SystemRoot%\system32\oobe\winsetup.dll -- [2009.07.14 02:16:14 | 001,794,048 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-StartupRepair]
"ProviderGuid" = {c914f0df-835a-4a22-8c70-732c9a80c634}
"EventMessageFile" = %SystemRoot%\System32\reagent.dll -- [2009.07.14 02:16:13 | 000,247,808 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS]
"ProviderGuid" = {43e63da5-41d1-4fbf-aded-1bbed98fdd1d}
"EventMessageFile" = %windir%\system32\csrsrv.dll -- [2011.10.26 05:25:28 | 000,038,912 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler]
"ProviderGuid" = {de7b24ea-73c8-4a09-985d-5bdadcfa9017}
"EventMessageFile" = %SystemRoot%\system32\schedsvc.dll -- [2010.11.02 05:39:32 | 000,749,056 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TBS]
"ProviderGuid" = {51480c1a-90aa-416e-98fd-4c11f735349b}
"EventMessageFile" = %SystemRoot%\system32\tbssvc.dll -- [2009.07.14 02:16:15 | 000,055,808 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager]
"ProviderGuid" = {5d896912-022d-40aa-a3a8-4fa5515c76d7}
"EventMessageFile" = %SystemRoot%\system32\lsm.exe -- [2009.07.14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager]
"ProviderGuid" = {c76baa63-ae81-421c-b425-340b4b24157f}
"EventMessageFile" = %SystemRoot%\system32\termsrv.dll -- [2009.07.14 02:16:15 | 000,543,232 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service]
"ProviderGuid" = {06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}
"EventMessageFile" = %SystemRoot%\system32\w32time.dll -- [2009.07.14 02:16:17 | 000,288,768 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TPM-WMI]
"ProviderGuid" = {7d5387b0-cbe0-11da-a94d-0800200c9a66}
"EventMessageFile" = %SystemRoot%\system32\wbem\Win32_Tpm.dll -- [2009.07.14 02:17:54 | 000,102,448 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp]
"ProviderGuid" = {96f4a050-7e31-453c-88be-9634f4e02139}
"EventMessageFile" = %SystemRoot%\system32\umpnpmgr.dll -- [2011.05.24 11:35:34 | 000,294,912 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WHEA-Logger]
"ProviderGuid" = {c26c4f3c-3f66-4e99-8f8a-39405cfed220}
"EventMessageFile" = %systemroot%\system32\whealogr.dll -- [2009.07.14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient]
"ProviderGuid" = {945a8954-c147-4acd-923f-40c45405a658}
"EventMessageFile" = %systemroot%\system32\wuaueng.dll -- [2009.07.14 02:16:21 | 001,912,832 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Wininit]
"ProviderGuid" = {206f6dea-d3c5-4d10-bc72-989f03c8b84b}
"EventMessageFile" = %SystemRoot%\system32\wininit.exe -- [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon]
"ProviderGuid" = {dbe9b383-7cf3-4331-91cc-a3cb16a3b538}
"EventMessageFile" = %SystemRoot%\system32\winlogon.exe -- [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig]
"ProviderGuid" = {9580d7dd-0379-4658-9870-d5be7d52d6de}
"EventMessageFile" = %windir%\system32\wlansvc.dll -- [2009.07.14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouhid.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mpio.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mrxsmb]
"EventMessageFile" = %systemroot%\system32\netevent.dll;%systemroot%\system32\iologmsg.dll
"TypesSupported" = 7
"ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2011.07.16 05:34:28 | 000,868,352 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC Gateway]
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2009.06.10 22:22:52 | 000,794,976 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC WS-AT Protocol]
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2009.06.10 22:22:52 | 000,794,976 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI]
"EventMessageFile" = %systemroot%\System32\iscsiexe.dll -- [2009.07.14 02:15:34 | 000,114,688 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\MTConfig.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Mup]
"EventMessageFile" = C:\Windows\system32\netevent.dll;C:\Windows\system32\iologmsg.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NAPIPSecEnf]
"providerGuid" = {8115579E-2BEA-4C9E-9AB1-821CC2C98AB0}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NdisWan]
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009.07.14 02:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBIOS]
"EventMessageFile" = %SystemRoot%\System32\iologmsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBT]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Netlogon]
"EventMessageFile" = %SystemRoot%\System32\netmsg.dll -- [2009.07.14 02:07:56 | 000,002,048 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2011.07.16 05:34:28 | 000,868,352 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nfrd960]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs]
"EventMessageFile" = %SystemRoot%\system32\drivers\ntfs.sys -- [2011.03.11 06:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nvraid]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nvstor.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\P2PIMSvc]
"ProviderGuid" = {2992E9CF-4F99-48f5-A0B6-B99B11CD387D}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\partmgr]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Parvdm]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parVdm.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager]
"EventMessageFile" = %SystemRoot%\System32\umpnpmgr.dll -- [2011.05.24 11:35:34 | 000,294,912 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PNRPSvc]
"ProviderGuid" = {BBE94F36-F8DC-4C33-8227-81602B7A3D53}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Power]
"EventMessageFile" = %SystemRoot%\System32\umpo.dll -- [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PptpMiniport]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Print]
"EventMessageFile" = %SystemRoot%\System32\ntprint.dll -- [2009.07.14 02:16:11 | 000,297,472 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {747EF6FD-E535-4d16-B510-42C90F6873A1}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc]
"ProviderGuid" = {5B33145C-1C66-49F3-B4CA-F563C165F2C0}
"TypesSupported" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\processr.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql2300]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql40xx]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasAuto]
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009.07.14 02:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Rasman]
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009.07.14 02:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp]
"TypesSupported" = 28
"EventMessageFile" = %systemroot%\system32\sstpsvc.dll -- [2009.07.14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {6c260f2c-049a-43d8-bf4d-d350a4e6611a}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\rdbss]
"EventMessageFile" = C:\Windows\system32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RemoteAccess]
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009.07.14 02:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\System32\iassvcs.dll -- [2009.07.14 02:15:26 | 000,077,824 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\rspndr]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RTL8167]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM]
"EventMessageFile" = %SystemRoot%\System32\samsrv.dll -- [2009.07.14 02:16:13 | 000,550,912 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sbp2port.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SCardSvr]
"providerGuid" = {4FCBF664-A33A-4652-B436-9D558983D955}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel]
"ProviderGuid" = {1f678132-5938-4686-9fdc-c8ff68f15c85}
"EventMessageFile" = %windir%\System32\lsasrv.dll -- [2009.12.11 08:38:58 | 001,037,312 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sermouse.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Server]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager]
"ProviderGuid" = {555908d1-a6d7-4695-8e1e-26931d2012f4}
"EventMessageFile" = %SystemRoot%\system32\services.exe -- [2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SiSRaid2]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SiSRaid4]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Smb]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SMSvcHost 3.0.0.0]
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009.06.10 22:14:03 | 000,008,024 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SMSvcHost 4.0.0.0]
"CategoryCount" = 15
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll -- [2010.03.18 13:16:28 | 000,008,032 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP]
"EventMessageFile" = %SystemRoot%\System32\snmptrap.exe -- [2009.07.14 02:14:39 | 000,012,800 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sptd]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Srv]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\stexstor]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\wiaservc.dll -- [2009.07.14 02:16:18 | 000,462,336 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\System]
"CategoryCount" = 7
"CategoryMessageFile" = %SystemRoot%\system32\wevtapi.dll -- [2009.07.14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip6]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\tcpmon.dll -- [2009.07.14 02:16:15 | 000,148,992 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermDD]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\system32\ntdll.dll -- [2010.10.27 05:40:24 | 001,289,536 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService]
"EventMessageFile" = %SystemRoot%\system32\termsrv.dll -- [2009.07.14 02:16:15 | 000,543,232 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {C76BAA63-AE81-421C-B425-340B4B24157F}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tunnel]
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009.07.14 02:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\USER32]
"EventMessageFile" = %SystemRoot%\System32\user32.dll -- [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Basic Provider]
"EventMessageFile" = %SystemRoot%\System32\vdsbas.dll -- [2009.07.14 02:16:17 | 000,160,256 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Dynamic Provider]
"EventMessageFile" = %SystemRoot%\System32\vdsdyn.dll -- [2009.07.14 02:16:17 | 000,518,144 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Virtual Disk Provider]
"EventMessageFile" = %SystemRoot%\System32\vdsvd.dll -- [2009.07.14 02:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vga]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\vgapnp.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ViaC7]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\viac7.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service]
"EventMessageFile" = %SystemRoot%\System32\vds.exe -- [2009.07.14 02:14:43 | 000,452,608 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\volmgr]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\VolSnap.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vsmraid]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time]
"EventMessageFile" = %Systemroot%\system32\w32time.dll -- [2009.07.14 02:16:17 | 000,288,768 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wacompen.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd]
"EventMessageFile" = %SystemRoot%\System32\drivers\wd.sys -- [2009.07.14 02:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000]
"EventMessageFile" = \SystemRoot\system32\drivers\Wdf01000.sys
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc]
"EventMessageFile" = %SystemRoot%\System32\wecsvc.dll -- [2009.07.14 02:16:18 | 000,147,968 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k]
"EventMessageFile" = %SystemRoot%\System32\win32k.sys -- [2011.11.24 05:23:31 | 002,340,352 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend]
"ParameterMessageFile" = %ProgramFiles%\Windows Defender\MpEvMsg.dll -- [2009.07.14 02:06:49 | 000,052,224 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}
"TypesSupported" = 7
"EventMessageFile" = %ProgramFiles%\Windows Defender\MpEvMsg.dll -- [2009.07.14 02:06:49 | 000,052,224 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\DFDTS.dll -- [2009.07.14 02:15:11 | 000,039,936 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Script Host]
"EventMessageFile" = %SystemRoot%\System32\wshext.dll -- [2009.07.14 02:16:20 | 000,080,896 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 24
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WinHttpAutoProxySvc]
"EventMessageFile" = winhttp.dll -- [2010.12.21 06:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {7D44233D-3055-4B9C-BA64-0D47CA40A232}
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WinRM]
"ProviderGuid" = {A7975C8F-AC13-49F1-87DA-5A984A4AB417}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WMIxWDM]
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009.07.14 02:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WMPNetworkSvc]
"ProviderGuid" = {6A2DC7C1-930A-4FB5-BB44-80B30AEBED6C}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Workstation]
"EventMessageFile" = C:\Windows\system32\netmsg.dll -- [2009.07.14 02:07:56 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WPC]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\wpcsvc.dll -- [2009.07.14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WPDClassInstaller]
"ProviderGuid" = {AD5162D8-DAF0-4A25-88A7-01CBEB33902E}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Windows PowerShell]
"AutoBackupLogFiles" = 0
"MaxSize" = 15728640
"Sources" = PowerShell [binary data]
"Retention" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Windows PowerShell\PowerShell]
"CategoryCount" = 8
"CategoryMessageFile" = %SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll -- [2009.07.14 02:06:47 | 000,002,048 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll -- [2009.07.14 02:06:47 | 000,002,048 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DPS /s >
"DisplayName" = @%systemroot%\system32\dps.dll,-500
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -- [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\dps.dll,-501
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"ServiceSidType" = 3
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"DelayedAutoStart" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DPS\Parameters]
"ServiceDll" = %SystemRoot%\system32\dps.dll -- [2009.07.14 02:15:12 | 000,143,360 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ServiceMain
"ServiceDllUnloadOnStop" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DPS\Security]
"Security" = [Binary data over 100 bytes]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PLA /s >
"DisplayName" = @%systemroot%\system32\pla.dll,-500
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -- [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\pla.dll,-501
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RPCSS [binary data] -- [2009.07.14 02:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 3
"RequiredPrivileges" = SeImpersonatePrivilege [binary data]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PLA\Configuration]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PLA\Parameters]
"ServiceDll" = %systemroot%\system32\pla.dll -- [2009.07.14 02:16:12 | 001,508,864 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PLA\Security]
"Security" = [Binary data over 100 bytes]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE /s >
"DisplayName" = @%SystemRoot%\system32\bfe.dll,-1001
"Group" = NetworkProvider
"ImagePath" = %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork -- [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\bfe.dll,-1002
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009.07.14 02:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 3
"RequiredPrivileges" = SeAuditPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters]
"ServiceDll" = %SystemRoot%\System32\bfe.dll -- [2009.07.14 02:14:59 | 000,493,568 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = BfeServiceMain
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\BootTime]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\BootTime\Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\Callout]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\Provider]
"{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}" = [Binary data over 100 bytes]
"{4b153735-1049-4480-aab4-d1b9bdc03710}" = [Binary data over 100 bytes]
"{1bebc969-61a5-4732-a177-847a0817862a}" = [Binary data over 100 bytes]
"{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}" = [Binary data over 100 bytes]
"{d4bd4a0f-7591-4da2-ae67-3aa97c3c34c2}" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\SubLayer]
"{b3cdd441-af90-41ba-a745-7c6008ff2300}" = [Binary data over 100 bytes]
"{b3cdd441-af90-41ba-a745-7c6008ff2301}" = [Binary data over 100 bytes]
"{b3cdd441-af90-41ba-a745-7c6008ff2302}" = [Binary data over 100 bytes]
"{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}" = [Binary data over 100 bytes]
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc /s >
"DisplayName" = @%SystemRoot%\system32\FirewallAPI.dll,-23090
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -- [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\FirewallAPI.dll,-23091
"ObjectName" = NT Authority\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = mpsdrvbfe [binary data]
"ServiceSidType" = 3
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters]
"ServiceDll" = %SystemRoot%\system32\mpssvc.dll -- [2009.07.14 02:15:41 | 000,565,760 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\DHCP]
"Collection" = 22 02 01 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\IPTLSIn]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\IPTLSOut]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\RPC-EPMap]
"Collection" = 87 00 01 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\Teredo]
"Collection" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Security]
"Security" = [Binary data over 100 bytes]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WwanSvc /s >
"DisplayName" = @%SystemRoot%\System32\wwansvc.dll,-257
"ErrorControl" = 1
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -- [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%SystemRoot%\System32\wwansvc.dll,-258
"DependOnService" = PlugPlayRpcSsNdisUioNlaSvc [binary data]
"ObjectName" = NT Authority\LocalService
"ServiceSidType" = 3
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 2C 01 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters]
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = WwanSvcMain
"ServiceDll" = %SystemRoot%\System32\wwansvc.dll -- [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation)

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Nabídka Start\*.lnk /x >

< %ALLUSERSPROFILE%\Data Aplikácií\*.* >

< %ALLUSERSPROFILE%\Data Aplikácií\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %APPDATA%\*. >
[2010.06.25 22:26:10 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Adobe
[2011.07.18 13:44:41 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\AVG10
[2011.11.07 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\AVI ReComp
[2012.01.02 18:43:36 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\CheckPoint
[2010.09.12 17:56:19 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\DAEMON Tools Lite
[2011.12.27 00:25:36 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\DivX
[2012.01.03 17:10:19 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\DonationCoder
[2011.07.13 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\go
[2011.10.20 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Hornil
[2012.01.02 14:12:06 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\ICQ
[2010.06.25 21:02:03 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Identities
[2011.01.24 19:02:31 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\IrfanView
[2011.09.21 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Jane s Hotel 3
[2010.07.03 20:43:39 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Leadertech
[2010.06.25 22:26:10 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Macromedia
[2012.01.02 14:40:08 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Malwarebytes
[2009.07.14 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Media Center Programs
[2012.01.01 16:52:23 | 000,000,000 | --SD | M] -- C:\Users\Pavel\AppData\Roaming\Microsoft
[2010.06.25 21:23:57 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Mozilla
[2011.12.31 11:17:39 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Opera
[2011.09.11 15:57:42 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Red Alert 3
[2011.09.10 21:44:55 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Red Alert 3 Demo
[2010.10.10 19:02:26 | 000,000,000 | RH-D | M] -- C:\Users\Pavel\AppData\Roaming\SecuROM
[2011.11.09 16:51:31 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Serif
[2012.01.04 13:33:04 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Skype
[2011.05.28 15:02:41 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\skypePM
[2010.12.21 08:23:54 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\SoftGate
[2010.10.13 18:11:19 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\teamspeak2
[2011.05.14 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\TS3Client
[2010.06.26 16:58:06 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Vivox
[2010.07.03 18:12:32 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\WinRAR

< %APPDATA%\*.* >
[2010.12.17 21:40:08 | 000,138,056 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\PnkBstrK.sys

< %APPDATA%\*.exe /s >
[2011.11.10 15:54:19 | 000,003,638 | R--- | M] () -- C:\Users\Pavel\AppData\Roaming\Microsoft\Installer\{40247AAC-AB0D-449C-882F-90401C3351E8}\_69525f90.exe
[2010.10.23 08:02:45 | 000,010,134 | R--- | M] () -- C:\Users\Pavel\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
[2010.12.21 08:23:08 | 000,004,286 | R--- | M] () -- C:\Users\Pavel\AppData\Roaming\Microsoft\Installer\{D6615307-A73A-49C5-B90F-D97E027F034A}\_6FEFF9B68218417F98F549.exe
[2010.08.19 22:46:28 | 001,312,120 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\8vxyqxno.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe

< %SYSTEMDRIVE%\*.exe >

< C:\Users\Pavel\AppData\Local\*.* >
[2012.01.01 19:20:53 | 000,008,792 | -HS- | M] () -- C:\Users\Pavel\AppData\Local\8q5c12m22degs6fvao0u6t5lk47ml5686550lp
[2012.01.01 19:28:57 | 000,006,656 | ---- | M] () -- C:\Users\Pavel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.03 17:10:19 | 000,000,058 | ---- | M] () -- C:\Users\Pavel\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.12.31 14:59:52 | 000,155,824 | ---- | M] () -- C:\Users\Pavel\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.01.03 23:30:55 | 001,258,012 | -H-- | M] () -- C:\Users\Pavel\AppData\Local\IconCache.db
[2012.01.01 15:52:24 | 000,011,390 | -HS- | M] () -- C:\Users\Pavel\AppData\Local\v4i7rk6gq0374i6162f0a3o28lp28gpxxrqu33

========== Alternate Data Streams ==========

@Alternate Data Stream - 424 bytes -> C:\Users\Pavel\Documents\Publikace2.ppp:SummaryInformation

< End of report >

Re: Win 7 Security 2012

Napsal: 04 led 2012 13:53
od Abcak
OTL Extras logfile created on: 4.1.2012 13:37:59 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pavel\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,69% Memory free
3,98 Gb Paging File | 2,71 Gb Available in Paging File | 68,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,81 Gb Total Space | 167,92 Gb Free Space | 56,39% Space Free | Partition Type: NTFS
Drive F: | 931,28 Gb Total Space | 284,71 Gb Free Space | 30,57% Space Free | Partition Type: FAT32

Computer Name: PAVEL-PC | User Name: Pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3654916310-1201210475-2310256920-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Pavel\Downloads\P17535732.JPG-www.facebook.exe" = C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor
"C:\Users\Pavel\Downloads\facebook-pic000163927.exe" = c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0F3BEAD5-4368-4CBC-9876-11B8475DE285}" = OSCAR Editor
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Pomocník pro přihlášení ke službě Windows Live ID
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F082EA8-0F22-40CA-9FA8-8F85458026AF}" = Windows Live Fotogalerie
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{20D0CDB1-5F03-4A5D-86EB-7C218053B157}" = Windows Live Messenger
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{32C74893-0243-4235-A6F3-201F0E5D2C03}" = Software602 Print2PDF
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40247AAC-AB0D-449C-882F-90401C3351E8}" = UltiDev Cassini Web Server Explorer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{54FEAF1A-8F2A-44C1-95CA-5C1C21F4F934}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E5EEE1B-3907-44C3-83BA-AD4B8CE40F76}" = Windows Live Writer
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{741F98CD-A082-47C1-84CA-2D9B30204B7D}" = ZoneAlarm Security
"{7426D8C8-7323-4A3D-9F94-2465B95C26B5}" = TVCenter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77287C02-9B72-4EA1-B3C3-D6AEAB36C381}" = ZoneAlarm Firewall
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8423B39C-AC5F-45F3-AC90-204F891CBF3A}" = Heroes of Might and Magic® II
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B2E83D4-ABED-4709-B908-4B5022FDED9B}" = Serif PagePlus X5
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROHYBRIDR_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROHYBRIDR_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROHYBRIDR_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93028F9A-1EC0-467A-981B-DE93D96897C6}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9601039B-E012-42DA-9EF1-42E914734E1A}" = Windows Live Zabezpečení rodiny
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{D387C31D-971F-4EEC-8734-382B39AD04F0}" = Software602 Form Filler
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D6615307-A73A-49C5-B90F-D97E027F034A}" = Nova Stahovák
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D8E5D8F5-6252-4092-8513-38BE27A1D975}" = Windows Live Movie Maker Beta
"{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}" = Command & Conquer™ Red Alert™ 3 Demo
"{DCF5C463-BD5C-4982-91F9-2C3F8F9E9C88}" = Vietcong & Vietcong: Fist Alpha
"{E570CB6B-1CBC-4ADD-969F-7B3338A6BDB6}" = Windows Live Sync
"{EDFB64A7-5BFD-4137-943D-5663149A15F5}" = Heroes of Might and Magic III Complete
"{F01B7EF4-F487-4948-AA18-5332FE5495C9}" = Medieval - Total War - Gold Edition
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6C8DAED-8CC7-43FD-9DA4-1F629B873A17}" = UltiDev Cassini Web Server for ASP.NET 2.0
"{FE885545-2A5A-4522-9823-C5FFAB953118}" = SoftGate Download Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AtlasSkolstvi" = Atlas školství
"avast" = avast! Internet Security
"AVI ReComp" = AVI ReComp 1.4.5
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Farm Frenzy 3" = Farm Frenzy 3
"Feudalism_is1" = Feudalism
"Foto2Avi" = Foto2Avi 2.3
"girls1024x768" = girls1024x768 Screen Saver
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"InstallShield_{0F3BEAD5-4368-4CBC-9876-11B8475DE285}" = X7 Oscar Editor
"InstallShield_{8423B39C-AC5F-45F3-AC90-204F891CBF3A}" = Heroes of Might and Magic® II
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{EDFB64A7-5BFD-4137-943D-5663149A15F5}" = Heroes of Might and Magic III Complete
"InstallShield_{F01B7EF4-F487-4948-AA18-5332FE5495C9}" = Medieval - Total War - Gold Edition
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Money S3" = Ekonomický systém Money S3
"Mozilla Firefox 9.0 (x86 cs)" = Mozilla Firefox 9.0 (x86 cs)
"Network Play System (Patching)" = Network Play System (Patching)
"OpenAL" = OpenAL
"Opera 11.10.2092" = Opera 11.10
"PROHYBRIDR" = 2007 Microsoft Office system
"ScreenshotCaptor_is1" = Screenshot Captor 2.95.01
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The KMPlayer" = The KMPlayer (remove only)
"TVWiz" = Intel(R) TV Wizard
"VobSub" = VobSub 2.23
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.1
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3654916310-1201210475-2310256920-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Hornil StylePix" = Hornil StylePix

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
tohle je EXTRAS
To předtim OTL
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz