VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola logu

https://forum.viry.cz:443/viewtopic.php?t=106895

Stránka 1 z 1

Kontrola logu

Napsal: 23 lis 2010 16:32
od jurencak.romeo
Prosim o nekoho aby me skontroloval log Diky moc


info.txt logfile of random's system information tool 1.08 2010-11-23 16:37:45

======Uninstall list======

-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
AC3Filter 1.63b-->"C:\Program Files (x86)\AC3Filter\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader 9.4.1 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A94000000001}
AIDA64 Extreme Edition v1.20-->"C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\unins000.exe"
Aktualizace pro Microsoft Outlook Social Connector (KB2289116)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{E09910D9-C94A-410B-9ACB-6F350F2BF9E7}" "1029" "0"
Catalyst Control Center - Branding-->MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Color Efex Pro 3.0 Complete-->C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Plug-ins\Nik Software\Color Efex Pro 3.0 Complete\uninstall.exe
Combined Community Codec Pack 2010-10-10-->"C:\Program Files (x86)\Combined Community Codec Pack\unins000.exe"
Corel WinDVD 2010-->MsiExec.exe /X{5C1F18D2-F6B7-4242-B803-B5A78648185D}
Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{820F2EBF-0AEC-46F1-9DCD-66CAAD8344D3}" "1029" "0"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
ICQ7.2-->"C:\Program Files (x86)\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
JPEG Resampler Vs 5.0-->"C:\Program Files (x86)\JPEG Resampler\unins000.exe"
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2010-->MsiExec.exe /X{90140000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mozilla Firefox (3.6.12)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Ultra Edition-->MsiExec.exe /X{91C0B95B-B83A-4828-A775-BBE2DD421029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Security Update for Microsoft Office 2010 (KB2289161)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{F134C2C6-30B3-4169-A325-58482B4CE6FC}" "1029" "0"
Security Update for Microsoft Word 2010 (KB2345000)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}" "1029" "0"
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Soluto-->MsiExec.exe /X{47381488-49C5-414A-B49F-FBCC633AF8E3}
Splash PRO-->MsiExec.exe /I{DE2679C3-CAC9-4089-B8F2-C0337E533857}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
TeamViewer 5-->C:\Program Files (x86)\TeamViewer\Version5\uninstall.exe
Topaz Adjust 4-->MsiExec.exe /I{9FDC7042-CB9F-4336-A14C-DF10F53762E2}
TuneUp Utilities 2011-->C:\Program Files (x86)\TuneUp Utilities 2011\TUInstallHelper.exe --Trigger-Uninstall
Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2288640)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{521AB5E8-5FFF-45C8-B750-6967F8C0A2B9}" "1029" "0"
Update for Microsoft Outlook Social Connector (KB2289116)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}" "1029" "0"
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Cryptographic Services byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Modules Installer byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Software Protection byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Volume Shadow Copy byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 900
Message: Služba Ochrana softwaru se spouští.

Record Number: 5
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100810114714.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100810114516.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100810114511.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100810114506.484375-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100810114506.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100810114448.093750-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100810114448.078125-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x32029
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100810114447.578125-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100810114445.328125-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100810114445.250000-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303

-----------------EOF-----------------





Logfile of random's system information tool 1.08 (written by random/random)
Run by ROMAN at 2010-11-23 16:37:30
Microsoft Windows 7 Ultimate
System drive C: has 62 GB (78%) free of 80 GB
Total RAM: 4094 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:37:43, on 23.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\trend micro\ROMAN.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6101 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-00241994-17d5-4b8e-988b-d11a64c5926c -SystemEventPortName:HostProcess-eea71b52-bce0-4357-942a-e0be008c5dbd -IoCancelEventPortName:HostProcess-96634bf9-49d9-4343-8316-e9925a644de4 -NonStateChangingEventPortName:HostProcess-8ed5844f-c1e5-4ac8-9c30-6aed5f47982a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:eba38b70-cd5b-459f-b28d-1451c9435b1a
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
Ati2evxx.exe -Client
"taskhost.exe"
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe" /TUStart /pid:1680
"C:\Program Files\Soluto\soluto.exe" /userinit
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Soluto\SolutoService.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"D:\Stažené soubory\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-01 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-02 11545192]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-11-08 2919168]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DelayedDesktopSwitchTimeout"=5

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-23 16:37:30 ----D---- C:\rsit
2010-11-23 16:37:30 ----D---- C:\Program Files\trend micro
2010-11-23 15:46:09 ----N---- C:\Windows\system32\MpSigStub.exe
2010-11-23 15:32:00 ----D---- C:\Program Files (x86)\Trend Micro
2010-11-23 14:46:49 ----D---- C:\Program Files (x86)\FinalWire
2010-11-22 15:14:30 ----D---- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Apple Computer
2010-11-22 15:14:19 ----D---- C:\ProgramData\Apple Computer
2010-11-22 15:14:06 ----D---- C:\ProgramData\Apple
2010-11-22 15:06:43 ----SHD---- C:\Windows\system32\%APPDATA%
2010-11-16 11:30:20 ----D---- C:\Program Files (x86)\Combined Community Codec Pack
2010-11-16 11:29:42 ----D---- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Media Player Classic
2010-11-16 09:39:12 ----D---- C:\Program Files (x86)\FreeRapid-0.85
2010-11-16 09:26:34 ----D---- C:\ProgramData\ESET
2010-11-16 09:26:34 ----D---- C:\Program Files\ESET
2010-11-15 14:41:11 ----D---- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\NVIDIA 3D Vision Video Player
2010-11-15 14:20:40 ----D---- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Stereoscopic Player
2010-11-15 07:41:27 ----D---- C:\Program Files\Defraggler
2010-11-11 15:35:02 ----D---- C:\Program Files (x86)\TeamViewer
2010-11-10 14:20:58 ----D---- C:\Windows\SYSWOW64\RTCOM
2010-11-10 14:20:58 ----D---- C:\Program Files\Realtek
2010-11-10 14:20:37 ----A---- C:\Windows\SYSWOW64\SFCOM.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\WavesGUILib.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\SRSWOW64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\SRSTSX64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\SRSTSH64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\SRSHP64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\SFSS_APO.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\SFNHK64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\SFCOM64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\SFAPO64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RtPgEx64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RtkCfg64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RtkAPO64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RtkApi64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RTEEP64A.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RTEEL64A.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RTEEG64A.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RTEED64A.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RTCOM64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RP3DHT64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RP3DAA64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\RCoInst64.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\R4EEP64A.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\R4EEL64A.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\R4EEG64A.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\R4EED64A.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\R4EEA64A.dll
2010-11-10 14:20:37 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2010-11-10 14:20:36 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2010-11-10 14:20:36 ----A---- C:\Windows\system32\MaxxAudioRealtek.dll
2010-11-10 14:20:36 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2010-11-10 14:20:36 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2010-11-10 14:20:36 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2010-11-10 14:20:35 ----D---- C:\Program Files (x86)\Realtek
2010-11-10 14:20:35 ----A---- C:\Windows\system32\FMAPO64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSSymmetryDLL64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSGFXAPONS64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\AERTAR64.dll
2010-11-10 14:20:35 ----A---- C:\Windows\system32\AERTAC64.dll
2010-11-10 14:20:33 ----A---- C:\Windows\RtlExUpd.dll
2010-11-07 15:47:21 ----RD---- C:\Program Files (x86)\Skype
2010-11-05 12:24:11 ----D---- C:\Program Files\CCleaner
2010-11-02 16:43:04 ----D---- C:\ProgramData\Synetic
2010-11-02 16:42:34 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2010-11-02 16:42:34 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2010-11-02 16:42:34 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2010-11-02 16:42:34 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-11-02 16:42:34 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-11-02 16:42:34 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-11-02 16:42:33 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2010-11-02 16:42:33 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2010-11-02 16:42:33 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2010-11-02 16:42:33 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2010-11-02 16:42:33 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2010-11-02 16:42:33 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-11-02 16:42:33 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-11-02 16:42:33 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-11-02 16:42:33 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-11-02 16:42:33 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-11-02 16:42:32 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2010-11-02 16:42:32 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-11-02 16:42:31 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2010-11-02 16:42:31 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2010-11-02 16:42:31 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-11-02 16:42:31 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-11-02 16:42:30 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2010-11-02 16:42:30 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2010-11-02 16:42:30 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2010-11-02 16:42:30 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-11-02 16:42:30 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-11-02 16:42:30 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-11-02 16:42:29 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2010-11-02 16:42:29 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2010-11-02 16:42:29 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2010-11-02 16:42:29 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2010-11-02 16:42:29 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-11-02 16:42:29 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-11-02 16:42:29 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-11-02 16:42:29 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-11-02 16:42:28 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2010-11-02 16:42:28 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2010-11-02 16:42:28 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2010-11-02 16:42:28 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2010-11-02 16:42:28 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-11-02 16:42:28 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-11-02 16:42:28 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-11-02 16:42:28 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-11-02 16:42:27 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2010-11-02 16:42:27 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2010-11-02 16:42:27 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2010-11-02 16:42:27 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-11-02 16:42:27 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-11-02 16:42:27 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-11-02 16:42:26 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2010-11-02 16:42:26 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2010-11-02 16:42:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2010-11-02 16:42:26 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-11-02 16:42:26 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-11-02 16:42:26 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-11-02 16:42:25 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2010-11-02 16:42:25 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2010-11-02 16:42:25 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-11-02 16:42:25 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-11-02 16:42:24 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2010-11-02 16:42:24 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2010-11-02 16:42:24 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-11-02 16:42:24 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-11-02 16:42:23 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2010-11-02 16:42:23 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2010-11-02 16:42:23 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2010-11-02 16:42:23 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2010-11-02 16:42:23 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2010-11-02 16:42:23 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-11-02 16:42:23 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-11-02 16:42:23 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-11-02 16:42:23 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-11-02 16:42:23 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-11-02 16:42:22 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2010-11-02 16:42:22 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2010-11-02 16:42:22 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2010-11-02 16:42:22 ----A---- C:\Windows\system32\xinput1_3.dll
2010-11-02 16:42:22 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-11-02 16:42:22 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-11-02 16:42:21 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2010-11-02 16:42:21 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2010-11-02 16:42:21 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2010-11-02 16:42:21 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2010-11-02 16:42:21 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-11-02 16:42:21 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-11-02 16:42:21 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-11-02 16:42:21 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-11-02 16:42:20 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2010-11-02 16:42:20 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2010-11-02 16:42:20 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2010-11-02 16:42:20 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-11-02 16:42:20 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-11-02 16:42:20 ----A---- C:\Windows\system32\d3dx10.dll
2010-11-02 16:42:19 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2010-11-02 16:42:19 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2010-11-02 16:42:19 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2010-11-02 16:42:19 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2010-11-02 16:42:19 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2010-11-02 16:42:19 ----A---- C:\Windows\system32\xinput1_2.dll
2010-11-02 16:42:19 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-11-02 16:42:19 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-11-02 16:42:19 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-11-02 16:42:19 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-11-02 16:42:18 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2010-11-02 16:42:18 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2010-11-02 16:42:18 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2010-11-02 16:42:18 ----A---- C:\Windows\system32\xinput1_1.dll
2010-11-02 16:42:18 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-11-02 16:42:18 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-11-02 16:42:15 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2010-11-02 16:42:15 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-11-02 16:42:14 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2010-11-02 16:42:14 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2010-11-02 16:42:14 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2010-11-02 16:42:14 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-11-02 16:42:14 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-11-02 16:42:14 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-11-02 16:42:13 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2010-11-02 16:42:13 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2010-11-02 16:42:13 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-11-02 16:42:13 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-11-02 16:42:12 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2010-11-02 16:42:12 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2010-11-02 16:42:12 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-11-02 16:42:12 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-11-02 16:42:11 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2010-11-02 16:42:11 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-11-01 16:05:30 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-11-01 16:05:30 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-11-01 16:05:30 ----A---- C:\Windows\SYSWOW64\java.exe
2010-11-01 15:41:24 ----D---- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\VitySoft
2010-10-29 07:46:45 ----A---- C:\Windows\system32\TURegOpt.exe
2010-10-29 07:46:44 ----A---- C:\Windows\SYSWOW64\uxtuneup.dll
2010-10-29 07:46:44 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2010-10-29 07:46:44 ----A---- C:\Windows\system32\uxtuneup.dll
2010-10-29 07:46:44 ----A---- C:\Windows\system32\authuitu.dll
2010-10-29 07:46:36 ----D---- C:\Program Files (x86)\TuneUp Utilities 2011
2010-10-29 07:38:58 ----SHD---- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-10-28 16:54:15 ----D---- C:\Windows\Downloaded Installations
2010-10-28 16:54:05 ----D---- C:\ProgramData\Sling Media
2010-10-27 07:27:37 ----A---- C:\Windows\system32\drivers\Diskdump.sys

======List of files/folders modified in the last 1 months======

2010-11-23 16:37:31 ----D---- C:\Windows\Temp
2010-11-23 16:37:30 ----RD---- C:\Program Files
2010-11-23 16:34:42 ----D---- C:\Windows
2010-11-23 16:34:14 ----SD---- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft
2010-11-23 16:33:12 ----D---- C:\Windows\system32\config
2010-11-23 16:29:35 ----SHD---- C:\Config.Msi
2010-11-23 16:27:24 ----SHD---- C:\Windows\Installer
2010-11-23 16:24:01 ----RD---- C:\Program Files (x86)
2010-11-23 16:23:14 ----HD---- C:\ProgramData
2010-11-23 16:18:53 ----D---- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\ICQ
2010-11-23 15:53:05 ----D---- C:\Windows\system32\drivers\etc
2010-11-23 15:47:31 ----D---- C:\Windows\system32\drivers
2010-11-23 15:46:09 ----D---- C:\Windows\System32
2010-11-23 15:09:02 ----D---- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Skype
2010-11-23 14:11:45 ----D---- C:\Windows\inf
2010-11-23 14:11:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-22 19:16:12 ----D---- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\TeamViewer
2010-11-22 16:09:01 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-11-22 15:18:29 ----D---- C:\Program Files (x86)\Common Files
2010-11-22 15:14:34 ----D---- C:\Windows\SysWOW64
2010-11-20 16:00:37 ----D---- C:\ProgramData\boost_interprocess_ROMAN
2010-11-19 14:13:17 ----D---- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Winamp
2010-11-18 19:57:51 ----SHD---- C:\Boot
2010-11-18 19:48:14 ----D---- C:\Windows\system32\catroot2
2010-11-18 19:47:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-11-18 19:43:50 ----D---- C:\Windows\Tasks
2010-11-18 19:43:50 ----D---- C:\Windows\system32\Tasks
2010-11-16 13:28:45 ----D---- C:\Windows\SoftwareDistribution
2010-11-16 09:32:27 ----D---- C:\Windows\debug
2010-11-16 09:31:54 ----D---- C:\Windows\Prefetch
2010-11-16 09:27:02 ----D---- C:\Windows\system32\DriverStore
2010-11-16 09:27:02 ----D---- C:\Windows\system32\catroot
2010-11-10 14:21:09 ----HD---- C:\Program Files (x86)\Temp
2010-11-10 14:20:35 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-11-10 14:13:59 ----D---- C:\ProgramData\Microsoft Help
2010-11-10 14:13:08 ----A---- C:\Windows\system32\MRT.exe
2010-11-09 20:39:33 ----SHD---- C:\$Recycle.Bin
2010-11-02 22:19:50 ----D---- C:\Windows\rescache
2010-11-02 16:42:18 ----RSD---- C:\Windows\assembly
2010-11-01 16:05:26 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2010-11-01 14:35:02 ----D---- C:\Program Files (x86)\ICQ7.2
2010-11-01 13:43:33 ----D---- C:\Windows\system32\drivers\UMDF
2010-10-29 07:46:28 ----D---- C:\ProgramData\TuneUp Software
2010-10-29 07:39:26 ----D---- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\TuneUp Software
2010-10-27 07:31:21 ----D---- C:\Windows\winsxs
2010-10-27 07:31:19 ----D---- C:\Windows\AppPatch
2010-10-24 11:37:39 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PCGenFAM;PCGenFAM; C:\Windows\system32\DRIVERS\PCGenFAM.sys [2010-09-22 199112]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-17 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-08-31 314016]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-08-31 43680]
R2 regi;regi; \??\C:\Windows\system32\drivers\regi.sys [2007-01-15 14112]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 5352960]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-02 2536040]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-19 239616]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 avvqsc9p;avvqsc9p; C:\Windows\system32\drivers\avvqsc9p.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 952320]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-11-08 810144]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SolutoService;Soluto PCGenome Core Service; C:\Program Files\Soluto\SolutoService.exe [2010-09-22 330784]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-27 1974080]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-11-08 42360]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
S4 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S4 UxTuneUp;TuneUp Theme Extension; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Re: Kontrola logu

Napsal: 23 lis 2010 16:34
od vyosek
Zdravim, pekny den preji a vitam Vas u nas na foru :welcome:

:arrow: Prectete si pravidla fora

:arrow: Dejte log z RSIT, je podrobnejsi nez HJT - a poprosim o oba logy - log.txt i info.txt - budou ulozeny v c:\rsit

Re: Kontrola logu

Napsal: 23 lis 2010 16:57
od jurencak.romeo
vyosek píše:Zdravim, pekny den preji a vitam Vas u nas na foru :welcome:

:arrow: Prectete si pravidla fora

:arrow: Dejte log z RSIT, je podrobnejsi nez HJT - a poprosim o oba logy - log.txt i info.txt - budou ulozeny v c:\rsit

Dekuji a snad uz to mam vse spravne

Re: Kontrola logu

Napsal: 23 lis 2010 17:00
od vyosek
:arrow: Prosim needitujte, normalne vkladejte nove prispevky - nemusim si editace vsimnout, jelikoz se nezobrazuje jako novy prispevek...

:arrow: Predpokladam ze ten ESET Smart Security mate legalni = zakoupena licence :o :???:

Re: Kontrola logu

Napsal: 23 lis 2010 17:06
od jurencak.romeo
vyosek píše::arrow: Prosim needitujte, normalne vkladejte nove prispevky - nemusim si editace vsimnout, jelikoz se nezobrazuje jako novy prispevek...

:arrow: Predpokladam ze ten ESET Smart Security mate legalni = zakoupena licence :o :???:

Ano eset je legalni

Re: Kontrola logu

Napsal: 23 lis 2010 17:06
od vyosek
:arrow: Stahnete OTL (viz muj podpis) a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 5 az 10 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Re: Kontrola logu

Napsal: 23 lis 2010 17:24
od jurencak.romeo
OTL logfile created on: 23.11.2010 17:11:41 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = D:\Stažené soubory
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,13 Gb Total Space | 60,60 Gb Free Space | 77,57% Space Free | Partition Type: NTFS
Drive D: | 853,37 Gb Total Space | 435,86 Gb Free Space | 51,07% Space Free | Partition Type: NTFS

Computer Name: ROMAN-PC | User Name: ROMAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2010.11.23 17:09:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Stažené soubory\OTL.exe
PRC - [2010.11.08 09:50:48 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010.10.27 07:12:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010.11.23 17:09:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Stažené soubory\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.11.08 09:51:20 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010.11.08 09:50:48 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010.10.27 17:21:12 | 000,036,160 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.09.22 11:00:58 | 000,330,784 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2010.02.11 06:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.10.27 17:24:40 | 001,974,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.10.27 17:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.09.22 10:52:50 | 000,199,112 | R--- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\PCGenFAM.sys -- (PCGenFAM)
DRV:64bit: - [2010.09.03 06:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010.08.31 17:38:05 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.08.31 17:38:05 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.08.17 11:17:54 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.29 12:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010.07.29 12:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.07.29 12:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010.07.29 12:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010.02.11 08:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.19 08:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.01.15 13:36:18 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2010.10.07 12:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3423100142-988420093-3779546823-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-6665170634FE}:1.08
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.11.01 16:12:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.18 19:25:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.11.16 09:26:35 | 000,000,000 | ---D | M]

[2010.09.15 16:55:38 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\mozilla\Extensions
[2010.11.22 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\mozilla\Firefox\Profiles\kzoiclez.default\extensions
[2010.10.27 10:16:00 | 000,000,000 | ---D | M] (Public Fox) -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\mozilla\Firefox\Profiles\kzoiclez.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}
[2010.11.04 17:31:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\mozilla\Firefox\Profiles\kzoiclez.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.21 19:16:07 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\mozilla\Firefox\Profiles\kzoiclez.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010.11.22 17:00:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.11.01 16:05:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.01 16:05:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.27 06:19:36 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.10.27 06:19:36 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.10.27 06:19:36 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.10.27 06:19:36 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.10.27 06:19:36 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.11.23 15:53:06 | 000,425,937 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 14671 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 5
O7 - HKU\S-1-5-21-3423100142-988420093-3779546823-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.143.128.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\misc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nero.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\setupx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\windvd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\Winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\misc.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\mspub.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\windvd.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\Winword.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3ecd61b0-d6ba-11df-9b7b-000129d7ad81}\Shell - "" = AutoRun
O33 - MountPoints2\{3ecd61b0-d6ba-11df-9b7b-000129d7ad81}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d5e50bc9-a9e8-11df-97ff-000129d7ad81}\Shell - "" = AutoRun
O33 - MountPoints2\{d5e50bc9-a9e8-11df-97ff-000129d7ad81}\Shell\AutoRun\command - "" = J:\cdstart.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 7 Days ==========

[2010.11.23 16:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.11.23 16:37:30 | 000,000,000 | ---D | C] -- C:\rsit
[2010.11.23 15:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.11.23 14:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalWire
[2010.11.22 15:14:30 | 000,000,000 | ---D | C] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Apple Computer
[2010.11.22 15:14:30 | 000,000,000 | ---D | C] -- C:\Users\ROMAN.ROMAN-PC\AppData\Local\Apple Computer
[2010.11.22 15:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.11.22 15:14:07 | 000,000,000 | ---D | C] -- C:\Users\ROMAN.ROMAN-PC\AppData\Local\Apple
[2010.11.22 15:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.11.22 15:06:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2010.11.21 12:43:09 | 000,000,000 | ---D | C] -- C:\Users\ROMAN.ROMAN-PC\Desktop\fotky
[2010.11.16 19:30:59 | 000,000,000 | ---D | C] -- C:\Users\ROMAN.ROMAN-PC\Desktop\písničky!!!!!
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.11.23 16:35:46 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.23 16:35:46 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.23 16:29:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.23 15:53:06 | 000,425,937 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.11.23 14:47:01 | 000,001,238 | ---- | M] () -- C:\Users\ROMAN.ROMAN-PC\Desktop\AIDA64 Extreme Edition.lnk
[2010.11.23 14:11:45 | 001,445,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.23 14:11:45 | 000,622,422 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.11.23 14:11:45 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.23 14:11:45 | 000,118,604 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.11.23 14:11:45 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.22 16:12:46 | 000,007,605 | ---- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Local\Resmon.ResmonCfg
[2010.11.22 15:14:34 | 000,141,300 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.11.18 19:36:11 | 000,425,937 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101123-155305.backup
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.23 14:47:01 | 000,001,238 | ---- | C] () -- C:\Users\ROMAN.ROMAN-PC\Desktop\AIDA64 Extreme Edition.lnk
[2010.11.22 16:12:46 | 000,007,605 | ---- | C] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Local\Resmon.ResmonCfg
[2010.11.22 15:14:34 | 000,141,300 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.11.01 15:05:07 | 000,001,096 | ---- | C] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Local\SRDownloader.nast
[2010.10.16 20:50:33 | 000,000,132 | ---- | C] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Adobe Formát AIFF CS5 – předvolby
[2010.09.29 15:44:10 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010.08.31 17:23:17 | 000,000,008 | RHS- | C] () -- C:\ProgramData\4BC262ADE4.sys
[2010.08.31 17:23:16 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010.08.17 11:20:13 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\DAEMON Tools Lite
[2010.08.10 13:11:55 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\ESET
[2010.11.23 16:18:53 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\ICQ
[2010.08.10 19:34:09 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\IObit
[2010.10.10 22:26:33 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\JLC's Software
[2010.08.10 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Jpeg Resampler
[2010.09.22 17:24:08 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Mirillis
[2010.10.11 17:13:53 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.11.15 14:20:40 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Stereoscopic Player
[2010.11.22 19:16:12 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\TeamViewer
[2010.10.29 07:39:26 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\TuneUp Software
[2010.11.01 15:41:24 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\VitySoft
[2010.08.17 08:14:05 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Zoner
[2010.09.21 22:21:22 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.10.11 17:07:27 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Adobe
[2010.10.11 17:13:53 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Adobe Mini Bridge CS5
[2010.08.17 11:17:05 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Ahead
[2010.11.22 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Apple Computer
[2010.08.18 16:19:03 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\ATI
[2010.08.31 17:24:21 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Corel
[2010.08.17 11:20:13 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\DAEMON Tools Lite
[2010.08.10 13:11:55 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\ESET
[2010.11.23 16:18:53 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\ICQ
[2010.08.10 12:54:36 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Identities
[2010.08.10 19:34:09 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\IObit
[2010.10.10 22:26:33 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\JLC's Software
[2010.08.10 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Jpeg Resampler
[2010.08.10 13:00:34 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Macromedia
[2009.07.14 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Media Center Programs
[2010.11.22 15:20:06 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Media Player Classic
[2010.11.23 16:34:14 | 000,000,000 | --SD | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft
[2010.09.22 17:24:08 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Mirillis
[2010.09.15 16:55:38 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Mozilla
[2010.11.15 14:41:11 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\NVIDIA 3D Vision Video Player
[2010.11.23 15:09:02 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Skype
[2010.10.11 17:13:53 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.11.15 14:20:40 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Stereoscopic Player
[2010.11.22 19:16:12 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\TeamViewer
[2010.10.29 07:39:26 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\TuneUp Software
[2010.11.01 15:41:24 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\VitySoft
[2010.11.19 14:13:17 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Winamp
[2010.08.10 14:29:19 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\WinRAR
[2010.08.17 08:14:05 | 000,000,000 | ---D | M] -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_1E02B3D8732010A792DC8B.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_21F3885A18D238E15AAE81.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_2A2BDE0638974C45B9BDE9.exe
[2010.10.27 10:38:38 | 000,009,662 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_3B74DAE2345C4DB61BC22D.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_415493353D745EEA216D94.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_6FEFF9B68218417F98F549.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_806048DC66200FE6D24FF3.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_85972F4A73DF7EADFBAFC2.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_934312A2105DE40686D86A.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_A753214149FB4F8721C1CB.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_A7A1F24988209FFD6FF84A.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_C76EE2AF854C9227FD1C33.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_C7EFEC170C2E3BE8B9D183.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_CF15DB293FB3ABD44856FB.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_D707CE1C009F1381803C2C.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_F19FDA9D6F372448018D30.exe
[2010.10.27 10:38:38 | 000,287,934 | R--- | M] () -- C:\Users\ROMAN.ROMAN-PC\AppData\Roaming\Microsoft\Installer\{DE2679C3-CAC9-4089-B8F2-C0337E533857}\_FD8B6BA922FF5C34868F02.exe


< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.06.14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010.09.01 05:29:28 | 011,406,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2010.09.01 05:29:28 | 011,406,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.11.22 15:14:34 | 000,141,300 | -H-- | M] () -- C:\Windows\SysWOW64\mlfcache.dat

< End of report >

Re: Kontrola logu

Napsal: 23 lis 2010 17:24
od jurencak.romeo
OTL Extras logfile created on: 23.11.2010 17:11:41 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = D:\Stažené soubory
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,13 Gb Total Space | 60,60 Gb Free Space | 77,57% Space Free | Partition Type: NTFS
Drive D: | 853,37 Gb Total Space | 435,86 Gb Free Space | 51,07% Space Free | Partition Type: NTFS

Computer Name: ROMAN-PC | User Name: ROMAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3423100142-988420093-3779546823-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files (x86)\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files (x86)\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1BEA7447-4AA7-4E62-8FB2-4C6ED8F8D71E}" = ESET Smart Security
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{47381488-49C5-414A-B49F-FBCC633AF8E3}" = Soluto
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9D00A8DA-650F-21C6-E787-78756733F15F}" = ATI Catalyst Install Manager
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{E5A509B4-D9B1-4FD9-B3EF-EDB216AA8651}" = ccc-utility64
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{91C0B95B-B83A-4828-A775-BBE2DD421029}" = Nero 7 Ultra Edition
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.1 - Czech
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE2679C3-CAC9-4089-B8F2-C0337E533857}" = Splash PRO
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.20
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"JPEG Resampler_is1" = JPEG Resampler Vs 5.0
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamViewer 5" = TeamViewer 5
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Winamp" = Winamp

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.11.2010 8:10:25 | Computer Name = ROMAN-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 14.11.2010 9:02:22 | Computer Name = ROMAN-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 15.11.2010 9:35:05 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: StereoPlayer.exe, verze: 1.6.6.0, časové
razítko: 0x4cd03ea2 Název chybujícího modulu: atioglxx.dll, verze: 6.14.10.8545,
časové razítko: 0x4b738e57 Kód výjimky: 0xc0000005 Posun chyby: 0x00530730 ID chybujícího
procesu: 0xf84 Čas spuštění chybující aplikace: 0x01cb84c977a512e7 Cesta k chybující
aplikaci: C:\Program Files (x86)\Stereoscopic Player\StereoPlayer.exe Cesta k chybujícímu
modulu: C:\Windows\system32\atioglxx.dll ID zprávy: 27835070-f0bd-11df-a97d-000129d7ad81

Error - 16.11.2010 22:02:14 | Computer Name = ROMAN-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 18.11.2010 14:48:12 | Computer Name = ROMAN-PC | Source = ESENT | ID = 455
Description = wuaueng.dll (988) SUS20ClientDataStore: Při otevírání souboru protokolu
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log došlo k chybě -1811 (0xfffff8ed).

Error - 19.11.2010 8:04:07 | Computer Name = ROMAN-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 20.11.2010 12:48:58 | Computer Name = ROMAN-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 21.11.2010 5:24:54 | Computer Name = ROMAN-PC | Source = Application Hang | ID = 1002
Description = Program winamp.exe verze 5.5.8.2985 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
944 Čas spuštění: 01cb895d8d3cf148 Čas ukončení: 6453 Cesta k aplikaci: C:\Program
Files (x86)\Winamp\winamp.exe ID hlášení: 2e4afc83-f551-11df-8579-000129d7ad81

Error - 22.11.2010 10:18:06 | Computer Name = ROMAN-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Safari.exe, verze: 5.33.19.4, časové razítko:
0x4cd2131b Název chybujícího modulu: ntdll.dll, verze: 6.1.7600.16559, časové razítko:
0x4ba9b29c Kód výjimky: 0xc0000374 Posun chyby: 0x000cdc9b ID chybujícího procesu:
0xde8 Čas spuštění chybující aplikace: 0x01cb8a4f9469df77 Cesta k chybující aplikaci:
C:\Program Files (x86)\Safari\Safari.exe Cesta k chybujícímu modulu: C:\Windows\SysWOW64\ntdll.dll
ID
zprávy: 528fd0ae-f643-11df-8292-000129d7ad81

Error - 23.11.2010 11:27:10 | Computer Name = ROMAN-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Aplikaci nebo službu HijackThis nelze ukončit.

[ System Events ]
Error - 21.11.2010 5:24:30 | Computer Name = ROMAN-PC | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 21.11.2010 5:24:34 | Computer Name = ROMAN-PC | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 21.11.2010 5:24:38 | Computer Name = ROMAN-PC | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 21.11.2010 5:24:42 | Computer Name = ROMAN-PC | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 21.11.2010 5:24:48 | Computer Name = ROMAN-PC | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 21.11.2010 5:24:54 | Computer Name = ROMAN-PC | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 21.11.2010 5:33:31 | Computer Name = ROMAN-PC | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 21.11.2010 5:33:34 | Computer Name = ROMAN-PC | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 22.11.2010 4:56:00 | Computer Name = ROMAN-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (9:54:18, ?22.?11.?2010) bylo neočekávané.

Error - 22.11.2010 12:06:25 | Computer Name = ROMAN-PC | Source = Service Control Manager | ID = 7034
Description = Služba TuneUp Utilities Service byla neočekávaně ukončena. Tento stav
nastal již 1krát.


< End of report >

Re: Kontrola logu

Napsal: 23 lis 2010 19:15
od vyosek
:arrow: Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam :arrow: Spustte znovu OTL
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    :otl
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O33 - MountPoints2\{3ecd61b0-d6ba-11df-9b7b-000129d7ad81}\Shell - "" = AutoRun
O33 - MountPoints2\{d5e50bc9-a9e8-11df-97ff-000129d7ad81}\Shell - "" = AutoRun
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
  • Nasledne kliknete na Opravit
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Kontrola logu

Napsal: 23 lis 2010 20:22
od jurencak.romeo
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ecd61b0-d6ba-11df-9b7b-000129d7ad81}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ecd61b0-d6ba-11df-9b7b-000129d7ad81}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5e50bc9-a9e8-11df-97ff-000129d7ad81}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5e50bc9-a9e8-11df-97ff-000129d7ad81}\ not found.
C:\Windows\SysNative\uxtD23A.tmp deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\Debugger not found.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFB8E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9341.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD710.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\Temp\HTTABF.tmp moved successfully.
C:\Windows\Temp\HTTB64.tmp moved successfully.
C:\Windows\Temp\HTTEFDC.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: ROMAN.ROMAN-PC
->Temp folder emptied: 108360224 bytes
->Temporary Internet Files folder emptied: 601953 bytes
->Java cache emptied: 1065985 bytes
->FireFox cache emptied: 77961215 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 8396 bytes

User: ROMAN~1~ROM
->Temp folder emptied: 190041749 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12652 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50574 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 361,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: ROMAN.ROMAN-PC
->Flash cache emptied: 0 bytes

User: ROMAN~1~ROM

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11232010_201936

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Re: Kontrola logu

Napsal: 23 lis 2010 21:23
od vyosek
Jak se chova PC :???:

Re: Kontrola logu

Napsal: 23 lis 2010 21:37
od jurencak.romeo
vyosek píše:Jak se chova PC :???:


Zatim je vse ok...Pokud je to vse tak diky moc

Re: Kontrola logu

Napsal: 24 lis 2010 06:29
od vyosek
Tak jeste uklidime

:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za 14 dni

:arrow: A pokud nejsou problemy a ni dotazy, je to z me strany vse :turned:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz