VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

kontrola LOGU

https://forum.viry.cz:443/viewtopic.php?t=115726

Stránka 1 z 1

kontrola LOGU

Napsal: 28 zář 2011 17:58
od v.s.
ahojky mohu poprosit o kontrolu logu mého kolegi z práce??
děkuji mnohokráte

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:48, on 27.9.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\pdf24\pdf24.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\SysWOW64\conime.exe
C:\PROGRA~2\FREEDO~1\fdm.exe
C:\Downloads\Software\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 88.86.107.200 L2authd.Lineage2.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4600 Scan2PC] "C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files (x86)\pdf24\pdf24.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10873 bytes

Re: kontrola LOGU

Napsal: 28 zář 2011 18:02
od vyosek
Zdravim a pekny vecer preji :)

:arrow: Pokud jsem pochopil, tak se jedna o pracovni\firemni PC, je tak :???:

Re: kontrola LOGU

Napsal: 28 zář 2011 19:40
od v.s.
kolega z práce to je,ale stroj má doma jako domácí a přístup k němu má i manželka.

Re: kontrola LOGU

Napsal: 29 zář 2011 05:41
od vyosek
:arrow: Poprosim tedy o logy z RSIT (log.txt i info.txt), navod na rsit http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 logy budou v c:\rsit

Re: kontrola LOGU

Napsal: 29 zář 2011 18:43
od v.s.
Tady jsou ty logy-díky za pomoc

Logfile of random's system information tool 1.09 (written by random/random)
Run by Roman at 2011-09-29 17:08:18
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 18 GB (17%) free of 103 GB
Total RAM: 4094 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:08:36, on 29.9.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\pdf24\pdf24.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\PROGRA~2\FREEDO~1\fdm.exe
C:\Program Files\trend micro\Roman.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 88.86.107.200 L2authd.Lineage2.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4600 Scan2PC] "C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files (x86)\pdf24\pdf24.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10596 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe"
C:\Windows\system32\svchost.exe -k rpcss
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {E1F9DA83-2CB3-4BC8-9683-960C91E280D6}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {80F31F4F-56AA-489F-AA9A-1926DBE0C239}
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
"C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Windows\RAVCpl64.exe"
"C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files\Logitech\SetPoint\SetPoint.exe"
"C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe"
"C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\pdf24\pdf24.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
KHALMNPR.EXE /API
"C:\Program Files (x86)\iPod\bin\iPodService.exe"
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-65a41ccb-bab5-4960-8fdf-18ac1102170c -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-de865b14-7c62-4933-ac3e-92f549d82730 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-8f8c9b90-6159-4587-9b99-55fad25caa08 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d1178bec-22cc-423f-ad6a-0865e3cca85f
C:\PROGRA~2\FREEDO~1\fdm.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 636 640 648 65536 644
"C:\Downloads\Software\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
P2P Energy Toolbar - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll [2008-01-28 1555480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll [2008-01-28 1555480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1584184]
"LogMeIn GUI"=C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2007-08-03 57928]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2007-04-03 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1840720]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 242192]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2007-09-03 5424128]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-07-06 9048392]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-08 4030008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1555968]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 138240]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-01-26 15026056]
"fsm"= []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"=C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-06-05 292136]
"4600 Scan2PC"=C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe [2009-09-10 1968640]
"CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-01-04 336384]
"ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"PDFPrint"=C:\Program Files (x86)\pdf24\pdf24.exe [2011-04-28 220552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Nikon Monitor.lnk - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
Xfire.lnk - C:\Program Files (x86)\Xfire\xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-20 275360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-09-29 17:08:25 ----D---- C:\Program Files\trend micro
2011-09-29 17:08:18 ----D---- C:\rsit
2011-09-27 20:07:37 ----D---- C:\ProgramData\ESET
2011-09-27 19:57:51 ----D---- C:\Program Files\CCleaner
2011-09-21 21:53:07 ----D---- C:\Users\Roman\AppData\Roaming\Malwarebytes
2011-09-21 21:52:55 ----D---- C:\ProgramData\Malwarebytes
2011-09-21 21:52:52 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-21 21:52:52 ----A---- C:\Windows\system32\drivers\mbam.sys

======List of files/folders modified in the last 1 month======

2011-09-29 17:08:26 ----D---- C:\Windows\Temp
2011-09-29 17:08:25 ----RD---- C:\Program Files
2011-09-29 17:07:08 ----D---- C:\Windows\inf
2011-09-29 17:07:08 ----D---- C:\Windows\Debug
2011-09-29 17:07:08 ----D---- C:\Users\Roman\AppData\Roaming\Skype
2011-09-29 17:07:08 ----D---- C:\Users\Roman\AppData\Roaming\Free Download Manager
2011-09-29 17:04:24 ----D---- C:\Windows\System32
2011-09-29 17:04:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-29 17:02:07 ----D---- C:\Users\Roman\AppData\Roaming\skypePM
2011-09-29 14:29:50 ----D---- C:\Users\Roman\AppData\Roaming\Mumble
2011-09-29 12:29:27 ----D---- C:\Windows
2011-09-29 08:23:20 ----SHD---- C:\System Volume Information
2011-09-29 08:12:36 ----A---- C:\Windows\system32\mrt.exe
2011-09-27 20:09:55 ----SHD---- C:\Windows\Installer
2011-09-27 20:09:41 ----D---- C:\Windows\Prefetch
2011-09-27 20:09:33 ----D---- C:\Windows\system32\drivers
2011-09-27 20:09:33 ----D---- C:\Windows\system32\catroot
2011-09-27 20:07:37 ----HD---- C:\ProgramData
2011-09-27 19:58:39 ----D---- C:\Windows\Panther
2011-09-27 19:58:39 ----D---- C:\Windows\Logs
2011-09-27 19:58:39 ----D---- C:\Users\Roman\AppData\Roaming\Ventrilo
2011-09-27 19:58:39 ----D---- C:\Users\Roman\AppData\Roaming\uTorrent
2011-09-27 11:23:53 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2011-09-27 10:27:56 ----D---- C:\Program Files (x86)\TaxEdit2
2011-09-25 10:56:46 ----D---- C:\Downloads
2011-09-22 13:21:46 ----D---- C:\Windows\SYSWOW64\drivers
2011-09-21 21:52:52 ----RD---- C:\Program Files (x86)
2011-09-18 13:10:45 ----D---- C:\Windows\SysWOW64
2011-09-14 10:59:36 ----A---- C:\Windows\win.ini
2011-09-13 08:06:45 ----D---- C:\Windows\system32\catroot2
2011-09-08 09:59:42 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2008-01-19 161848]
R0 nvstor64;nvstor64; C:\Windows\system32\drivers\nvstor64.sys [2007-06-25 129056]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-02-06 860656]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-07-06 252344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-07-06 40176]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-07-06 92688]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2009-07-15 294232]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 63056]
R2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-02-16 53816]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2008-02-28 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-08-11 72216]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-02-16 11576]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-01-05 8283136]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-01-05 294400]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH6.sys [2010-11-17 111120]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 29544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2007-09-05 1214232]
R3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2008-02-29 35344]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 54800]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2007-08-03 11552]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 57360]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-24 261120]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx64.sys [2008-08-01 1498016]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 108544]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 58496]
S3 a19zcyfp;a19zcyfp; C:\Windows\system32\drivers\a19zcyfp.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-04-24 110904]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-01-05 8283136]
S3 Avc;Zařízení AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 48768]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 6144]
S3 dump_wmimmc;dump_wmimmc; \??\C:\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-03-02 24072]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-06-24 33344]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2007-08-14 202176]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 61568]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 7936]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 108296]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 19208]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 145160]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 98816]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 41984]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 46080]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-01-05 203776]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-04 354304]
R2 AMD Reservation Manager;AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-07-06 2528096]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-08 974944]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-17 373640]
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 PCLEPCI;PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [2005-02-09 14165]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 160272]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 27648]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2010-12-17 147336]
S4 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2010-12-17 407424]

-----------------EOF-----------------



a druhý

info.txt logfile of random's system information tool 1.09 2011-09-29 17:08:38

======Uninstall list======

@BIOS Ver.2.03-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\Setup.exe" -l0x9 -removeonly
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.4.6 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Apple Mobile Device Support-->MsiExec.exe /I{0E6C415F-7708-4A8F-9509-11C98988BDCA}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 6 FREE-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe"
ATI AVIVO64 Codecs-->MsiExec.exe /X{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}
ATI Catalyst Install Manager-->msiexec /q/x{C5970161-E13E-6661-BBDA-A08268313C83} REBOOT=ReallySuppress
ATI Catalyst Registration-->MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
ATI Stream SDK v2 Developer-->MsiExec.exe /I{22441735-5983-AD2A-5CC5-FA2CCD7EF732}
BDE 520 pro TaxEdit 25-->MsiExec.exe /I{28D35478-94B4-46E6-9E6E-809EA7004EF9}
Bonjour-->MsiExec.exe /I{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}
Boris Graffiti-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{262BF2CD-601D-4F43-919C-4B00B1D1F338}\setup.exe" -l0x9 -removeonly
Canon MP Navigator EX 1.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP220 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series /L0x0005
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini
Catalyst Control Center - Branding-->MsiExec.exe /I{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CloneCD-->"C:\Program Files (x86)\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files (x86)\SlySoft\CloneCD"
COMODO Internet Security-->MsiExec.exe /I{CC6B1BB4-4E06-4A5B-A166-B371B551324B}
COMODO livePCsupport-->MsiExec.exe /X{A31A5DFC-3439-48FC-99BB-5174168AE471}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DVDFab 6.2.0.5 (11/11/2009)-->"C:\Program Files (x86)\DVDFab 6\unins000.exe"
Foxit Reader-->MsiExec.exe /I{35D4B689-722A-413B-BC6E-8ACA8C1E8636}
Free Download Manager 3.0-->"C:\Program Files (x86)\Free Download Manager\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
i-Cool-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{28184E01-D57A-4933-A09B-F65403F16D82}\setup.exe" -l0x9 -uninst -removeonly
ICQ6.5-->"C:\Program Files (x86)\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{5AB0C6D3-E546-44C2-8B63-C9044FCC9AC0}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KhalInstallWrapper-->MsiExec.exe /I{F3F18612-7B5D-4C05-86C9-AB50F6F71727}
K-Lite Mega Codec Pack 3.7.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Logitech SetPoint-->C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
LogMeIn-->MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Magic Bullet Looks Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 12\Plugins\RTFx\mblooksstudio.log
Malwarebytes' Anti-Malware verze 1.51.2.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->C:\Windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Mozilla Firefox 6.0.2 (x86 cs)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0.11)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mumble and Murmur-->C:\Program Files (x86)\Mumble\Uninstall.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Ovladače videa společnosti Pinnacle-->MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415}
P2P Energy Toolbar-->C:\PROGRA~2\P2P_EN~1\UNWISE.EXE C:\PROGRA~2\P2P_EN~1\INSTALL.LOG
PDF24 Creator 3.0.0-->"C:\Program Files (x86)\pdf24\unins001.exe"
Pinnacle Studio 12 Ultimate Plugins-->MsiExec.exe /I{D1860E6E-520E-4380-8433-E58E8F88B473}
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
PIXMA Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R
proDAD Vitascene 1.0-->"C:\Program Files (x86)\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
PRR22010 - Elektronické výkaznictví ČSÚ 2.10-->"C:\epv32-csu\2010\PRR22010\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Readiris Pro 10-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}\setup.exe" -l0x9
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x5 -removeonly
Registrace uživatele zařízení Canon MP220 series-->C:\Program Files (x86)\Canon\IJEREG\MP220 series\UNINST.EXE
SAMSUNG Mobile Modem Driver Set-->C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files (x86)\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0005 -removeonly
ScanSoft OmniPage SE 4-->MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {8EAF4926-5B5D-398A-BA46-4603D8095BDE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
SmarThru 4-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{90F1943D-EA4A-4460-B59F-30023F3BA69A}\setup.exe" -l0x9 uninstall -l0009
Software Informer 1.0 BETA-->"C:\Program Files (x86)\Software Informer\unins000.exe"
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
TaxEdit 3.x-->"C:\Program Files (x86)\TaxEdit2\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
The Lord of the Rings FREE Trial -->MsiExec.exe /X{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}
The Lord of the Rings Online™: Mines of Moria™ v02.02.02.8124-->"C:\Program Files (x86)\Codemasters\The Lord of the Rings Online\unins001.exe"
Total Commander (Remove or Repair)-->c:\Program Files\totalcmd\tcuninst.exe
Trust WB-3400T Webcam -->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BD9A4DF3-727C-4F69-807A-B82566A36714} /l1033
Údržba Samsung SCX-4600 Series-->"C:\Program Files (x86)\Samsung\Samsung SCX-4600 Series\Setup\Setup.exe" /R
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VariCADViewercz-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A57A3C28-2389-4B5E-BFD7-0F9F7B1093A4}\Setup.exe" 1020210202 -uninst
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Zvuková schémata systému Windows-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall

======Hosts File======

127.0.0.1 localhost
216.107.250.194 nprotect.lineage2.com
88.86.107.200 L2authd.Lineage2.com

======System event log======

Computer Name: Stolni
Event Code: 1103
Message: Počítači byla úspěšně přidělena adresa ze sítě, takže se nyní může připojovat k jiným počítačům.
Record Number: 369099
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20110929150218.000000-000
Event Type: Informace
User:

Computer Name: Stolni
Event Code: 1
Message: Systém byl obnoven z režimu spánku.

Doba režimu spánku: 2011-09-29T12:59:40.345Z
Čas probuzení: 2011-09-29T15:02:14.448Z

Prostředek probuzení: Zařízení -Kořenový rozbočovač USB
Record Number: 369100
Source Name: Microsoft-Windows-Power-Troubleshooter
Time Written: 20110929150217.985000-000
Event Type: Informace
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Stolni
Event Code: 7036
Message: Stav služby Načítání obrázků (WIA) byl změněn na: Spuštěno
Record Number: 369101
Source Name: Service Control Manager
Time Written: 20110929150221.000000-000
Event Type: Informace
User:

Computer Name: Stolni
Event Code: 20003
Message: Správa ovladačů ukončila proces přidání služby tunnel pro ID instance zařízení ROOT\*ISATAP\0002 s následujícím stavem: 0.
Record Number: 369102
Source Name: Microsoft-Windows-User-PnP
Time Written: 20110929150224.901000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Stolni
Event Code: 7036
Message: Stav služby Služba WinHTTP WPAD byl změněn na: Zastaveno
Record Number: 369103
Source Name: Service Control Manager
Time Written: 20110929150313.000000-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: Stolni
Event Code: 1
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.
Record Number: 59538
Source Name: SecurityCenter
Time Written: 20110929125406.000000-000
Event Type: Informace
User:

Computer Name: Stolni
Event Code: 1001
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně odstraněny. Data záznamu obsahují nové hodnoty položek Last Counter a Last Help systémového registru.
Record Number: 59539
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110929125806.000000-000
Event Type: Informace
User:

Computer Name: Stolni
Event Code: 1000
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně načteny. Data záznamu v datové části obsahují nové indexové hodnoty přiřazené této službě.
Record Number: 59540
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110929125807.000000-000
Event Type: Informace
User:

Computer Name: Stolni
Event Code: 1001
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně odstraněny. Data záznamu obsahují nové hodnoty položek Last Counter a Last Help systémového registru.
Record Number: 59541
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110929150424.000000-000
Event Type: Informace
User:

Computer Name: Stolni
Event Code: 1000
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně načteny. Data záznamu v datové části obsahují nové indexové hodnoty přiřazené této službě.
Record Number: 59542
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110929150424.000000-000
Event Type: Informace
User:

Re: kontrola LOGU

Napsal: 29 zář 2011 18:50
od vyosek
:arrow: Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

:arrow: Stahnete na plochu CKScanner
  • Spustte a kliknete na Search for files
  • Po dokonceni skenu kliknete na Save List to File a nasledne OK
  • Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte
:arrow: Stahnete OTL (viz muj podpis) a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
:arrow: Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
  • c:\PhysicalMBR.bin
  • Kliknete na Prochazet
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Kliknete na Send File
  • Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
    Obrázek
  • Vysledek analyzy sem vlozte (jako odkaz)

Re: kontrola LOGU

Napsal: 30 zář 2011 14:45
od v.s.
Tak jsem provedl vše co jsi požadoval a tady to je :
http://www.virustotal.com/file-scan/rep ... 1317385283


CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.VNAPOF
----- EOF -----




OTL Extras logfile created on: 30.9.2011 14:21:29 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Roman\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 66,54% Memory free
8,20 Gb Paging File | 6,15 Gb Available in Paging File | 74,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,35 Gb Total Space | 17,55 Gb Free Space | 17,49% Space Free | Partition Type: NTFS
Drive D: | 132,53 Gb Total Space | 33,26 Gb Free Space | 25,10% Space Free | Partition Type: NTFS

Computer Name: STOLNI | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2176402403-3177987778-1097203094-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 81 4C 44 16 CD A1 C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BA98B1-350D-4B05-A876-8223A0B9FCC1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07D5C389-1AED-407F-9782-DA171E823262}" = lport=10243 | protocol=6 | dir=in | app=system |
"{10F1F729-5F4B-4EC3-894B-8B6A5A6504B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E786072-51C5-449D-B944-D9087E775DB1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A1EDD57-A267-42D0-AC00-0693F35EFFB5}" = lport=445 | protocol=6 | dir=in | app=system |
"{397B5CDD-60F5-48A1-AAF8-10C82E19836A}" = lport=138 | protocol=17 | dir=in | app=system |
"{570A22EB-05E0-4AB6-A674-71DD1DB5CBF9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{638D5EDA-A623-4125-AB3E-96CD9E18BB0D}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B2C8504-5F23-4BC1-AF09-20AF14485170}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6E772110-C950-4391-A7DD-544BB5FDF5D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70C60DB1-FC33-461E-AF80-40B5A4FD9997}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FB94570-9340-4ADC-9DC4-45AE005918EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9168EF8E-69FF-4473-8715-FB3DF5F9DD11}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{95E90485-0779-4A45-8021-D774FB0A237C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96206EA8-B413-4CE6-83F0-7D01F269F9D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D77B888-254A-494D-9800-D09BEC107E32}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A0BD1FBE-50B8-4F24-A20C-F9508A9E5F91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A18A9F61-05DE-4DA5-99C0-580D8552577F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B10D9187-F6A7-4D62-8A46-53DCD7A81872}" = rport=445 | protocol=6 | dir=out | app=system |
"{B1AF3D34-EDDF-4C54-9AE5-6B6A8A970065}" = rport=137 | protocol=17 | dir=out | app=system |
"{C65D5895-30A3-4A3F-A58B-C97D828BF5CD}" = lport=137 | protocol=17 | dir=in | app=system |
"{C9F75A6E-F088-4C9A-8FB8-139AF37C6816}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D011F08D-E4CE-4E8F-BD9A-57C3381A5968}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DA94E934-921B-4F6F-9B81-BE859ECB1E7E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E20945B6-B2CA-4AC2-A46E-AF58EC5C9FDE}" = rport=138 | protocol=17 | dir=out | app=system |
"{E365A915-1AEE-4CC8-9BBF-4DB78DA0FBDE}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE593383-EB33-4D5A-A9B0-A86D93278A76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0032084A-ADFA-4F2B-B2FE-2B720D80A009}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{018247DD-DA57-45C2-99A6-097E7C039D6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0828F01F-F993-4021-A36E-61AFC0433387}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4600\scan2pc.exe |
"{08330F88-0E6F-4E50-9979-073ABCE83B69}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{107D3C6D-718A-47B2-A797-8A910B11A385}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12EBD186-9BF6-4A72-801E-97A6E3631290}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{15F95641-6C20-4200-B46F-3AA8036E01BD}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1BB5D490-6557-4429-A778-0481FB57CBA5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1C3651EB-0F28-4446-A573-032973EF96A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1DA0A596-5AA4-489B-B9B9-0EA9D7F5EBC7}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\the lord of the rings online\turbinelauncher.exe |
"{26B07304-0E49-4030-83E5-B63B0A564102}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B736A16-7B5D-436B-8F02-F22F0FAED881}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4600\sscan2io.exe |
"{2B928F37-E634-4435-87EA-7C357867DAA3}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{2F7ED38E-F0CB-4B02-91E9-C9E767294386}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4600\scan2pc.exe |
"{2F9BE464-9FE9-435F-8547-3E20F877826A}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{2FBAEB63-BA74-4A5C-9C9F-E5198F934E8D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{34C9A9AC-1475-4349-803F-62794655E699}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A0BBE65-C60D-4268-A918-2824DE4E2B09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D3C7F17-AF82-4452-8331-3199B93D17D0}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{3EB54EDE-5832-4729-A59C-2045F5AFC171}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3F669229-DCFA-418E-B99D-41EABD10D6A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40157659-4F9F-4C2C-93EE-B006A599C8B3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{411AC56D-7FD5-41AA-BAD4-21136635F1E5}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{44805848-95BB-4C42-8398-EEBEE9B519B7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CB4F138-C195-4939-BE3B-23A2358E3FB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F8AF298-DA7B-4CB6-94EB-17F188C27D3E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{58341EE8-627E-42A4-8C52-01B377743CD6}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\the lord of the rings online\turbinelauncher.exe |
"{65951946-BAE5-4646-8970-3F9D8E3BA838}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{66D854C0-2F30-472E-B076-BD2834A71245}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6952FA73-D1D1-4724-9231-AFCC33E7D3C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6DFB468C-ABC9-4C17-9D38-F808351564DD}" = protocol=6 | dir=out | app=system |
"{71092AC8-0295-4863-91C2-A2A39972A270}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{74BA4194-B035-4106-9378-A46935D706E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7714273A-A796-4431-BD0E-E7EBC0B0262F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{805ADB08-1EB9-4807-B02F-52BE0DC48C1F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81B4BD87-0F62-4754-A2A0-3D5B47E9BE1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{822AEBB1-D86C-4238-AA8D-4BCFD27B15B0}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{92A6CA07-AFE5-4297-BC81-C5C4A04D1267}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{94A36CEB-A57F-4F98-9EAE-EA6DCFBBFE5E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97AE0CF7-A631-4C90-A460-3C2E7DF23171}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{9827E74E-1AF0-4F86-B742-D5C209B293FB}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C01CEC9-D902-4C72-8EE0-6E59CAD6BB62}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C15F678-55AC-45C5-9E35-2649F2F0F0E6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0091D13-6EE8-4138-8307-401F4F5C991D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AAE539E3-CE9F-42E1-B985-BDCB1CF1D85E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AB85484B-D1D7-4E8A-AD02-C870E3329713}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{AFF35665-BB47-4934-BE29-B3E301967380}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAF70807-325A-4B85-8984-C95AD87E2051}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE9B2788-C845-4CCA-AA70-9973F8D0C6F4}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{BEB294FD-1633-4982-9CE6-2ABFC38C7784}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C0302877-0BFC-4E33-A969-FDD1C5815F14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0CC72AD-55AF-403D-A569-183A0EB4D137}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4600\sscan2io.exe |
"{C3224D6A-51E2-4B4E-84BF-CDFC3EEC3512}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CA27B3D0-12C4-427F-A273-BCF57D9DED82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4F3939B-957F-4C0D-A2AE-95B65E874502}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DFB30D18-6EBB-49D8-A424-55F8CCC14E90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E056ECE0-DC72-4966-AE66-CC42AEE4C935}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E564CF70-451A-47CF-B661-58C19FE7127E}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{E5A4DD55-933C-4BD9-9B92-FE8DF59DC6FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E932EB70-86A9-41B4-83F9-5EEDAA386FC5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EA1CC89D-879A-40E5-9C2C-A55D46AA92B7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EAA71FF9-7267-4A86-AECF-4053F6885461}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{ED7BF82F-02C2-4135-8B0C-D1B928F95539}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F044D8A9-BA62-405C-B0E9-DC3B1BC3A1A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0D978B2-EBF5-4CD4-9213-171FD4DE7558}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0E3780C-1F2A-4948-BEF6-3FC1C9C855AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1BAABE8-E2B8-425A-8D87-EA45EEBF75F9}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{F6C1C0F9-95B1-41E9-A9AA-C99FC5370FC0}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{21A8B476-E925-44DD-A3F9-6FF2DDBC3578}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{31D41C79-49D2-405A-9F8C-58AE64A872E9}C:\program files (x86)\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free download manager\fdm.exe |
"TCP Query User{4989874E-051D-4BED-A3D7-B3687A6469EB}C:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |
"TCP Query User{50E849C1-70C6-4FCF-B86A-557FA1ED9DB9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{62BD960C-4DA6-4036-B453-E214F520A947}C:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |
"TCP Query User{670907EE-ADC4-4482-8056-DB59DF4CA3AB}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{818CB295-B760-4999-8086-AB0ED197F7F7}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{8FC83364-7102-4A5F-B0BB-F5736CF149CB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{A83533A1-0832-4C06-9437-7A0DED86EEE2}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{C62C2A9B-522C-4C81-A980-BFFF7E735038}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe |
"TCP Query User{CD7D0842-16C7-46CB-B98A-C97A552CF04B}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"TCP Query User{FADDBCE2-A532-4E44-B548-76A096AA199A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{07276806-1921-4A10-8C8A-1F0C3AA0ECD4}C:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |
"UDP Query User{12C8D544-B14F-4B49-84D1-B14C93272CBE}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{174878AA-B8EF-4C84-9B84-82A4CC35BA4F}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe |
"UDP Query User{46CBC6CF-5208-45D3-8968-CBFC4540AF7C}C:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |
"UDP Query User{6CF0D088-BD88-40D0-9EDD-B4FB79BB802F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{7684ED22-E019-44FA-9FA6-B87159C4B572}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"UDP Query User{81DB3ECD-E3F7-4750-BEA0-C1FCFF933B65}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{8517D8EB-258C-45EE-89A4-6DE5A444A434}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{9ECD0299-CFF5-43D8-A858-AF9A843C910A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{B8660996-3C62-4B6C-839E-800ED57739C2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{C28FEC95-5FE9-44FF-8737-4FC114EFC8D7}C:\program files (x86)\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free download manager\fdm.exe |
"UDP Query User{CD8B2F3C-6DF2-4F20-BBFA-0C661541CD12}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E6C415F-7708-4A8F-9509-11C98988BDCA}" = Apple Mobile Device Support
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series" = Canon MP220 series
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{5AB0C6D3-E546-44C2-8B63-C9044FCC9AC0}" = iTunes
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Ovladače videa společnosti Pinnacle
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{73BA9A8F-6B40-BF79-541E-464156FBA764}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{A10E16AC-34A3-4BB9-83A3-408372AE557A}" = ESET NOD32 Antivirus
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C2E0D3FE-12C4-BF5B-FC4E-052CB8833424}" = AMD Fuel
"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"UltSounds" = Zvuková schémata systému Windows

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool
"{28D35478-94B4-46E6-9E6E-809EA7004EF9}" = BDE 520 pro TaxEdit 25
"{35D4B689-722A-413B-BC6E-8ACA8C1E8636}" = Foxit Reader
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6331C6C0-3754-E910-7113-5013355C8E47}" = CCC Help English
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{95C3927C-C899-C5D8-0EA7-67895FC979B2}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57A3C28-2389-4B5E-BFD7-0F9F7B1093A4}" = VariCADViewercz
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.6 - Czech
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.03
"{BD9A4DF3-727C-4F69-807A-B82566A36714}" = Trust WB-3400T Webcam
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED4B50B7-C06B-57FE-7985-AA83DDBEEEF5}" = Catalyst Control Center Graphics Previews Common
"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = The Lord of the Rings Online™: Mines of Moria™ v02.02.02.8124
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneCD" = CloneCD
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"Free Download Manager_is1" = Free Download Manager 3.0
"InstallShield_{BD9A4DF3-727C-4F69-807A-B82566A36714}" = Trust WB-3400T Webcam
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.7.0
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 6.0.2 (x86 cs)" = Mozilla Firefox 6.0.2 (x86 cs)
"Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Mumble" = Mumble and Murmur
"P2P Energy Toolbar" = P2P Energy Toolbar
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"PRR22010 - Elektronické výkaznictví ČSÚ_is1" = PRR22010 - Elektronické výkaznictví ČSÚ 2.10
"Registrace uživatele zařízení Canon MP220 series" = Registrace uživatele zařízení Canon MP220 series
"Samsung SCX-4600 Series" = Údržba Samsung SCX-4600 Series
"Software Informer_is1" = Software Informer 1.0 BETA
"TaxEdit_is1" = TaxEdit 3.x
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2176402403-3177987778-1097203094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7.10.2010 2:55:48 | Computer Name = Stolni | Source = Application Error | ID = 1000
Description = Chybující aplikace l2.exe, verze 0.0.0.0, časové razítko 0x4ba86ca6,
chybující modul NWindow.dll, verze 0.0.0.0, časové razítko 0x4c3fdbfd, kód výjimky
0xc0000005, posun chyby 0x00270392, ID procesu 0xae8, čas spuštění aplikace 0x01cb65e23a0c978a.

Error - 7.10.2010 22:03:53 | Computer Name = Stolni | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8.10.2010 4:46:47 | Computer Name = Stolni | Source = Application Error | ID = 1000
Description = Chybující aplikace thunderbird.exe, verze 1.9.1.3844, časové razítko
0x4c39decd, chybující modul thunderbird.exe, verze 1.9.1.3844, časové razítko 0x4c39decd,
kód výjimky 0xc0000005, posun chyby 0x005a2135, ID procesu 0x1364, čas spuštění
aplikace 0x01cb66c555c47540.

Error - 9.10.2010 2:15:46 | Computer Name = Stolni | Source = Application Error | ID = 1000
Description = Chybující aplikace l2.exe, verze 0.0.0.0, časové razítko 0x4ba86ca6,
chybující modul NWindow.dll, verze 0.0.0.0, časové razítko 0x4c3fdbfd, kód výjimky
0xc0000005, posun chyby 0x00270392, ID procesu 0x828, čas spuštění aplikace 0x01cb6775bb6a46d0.

Error - 12.10.2010 3:04:56 | Computer Name = Stolni | Source = Application Error | ID = 1000
Description = Chybující aplikace l2.exe, verze 0.0.0.0, časové razítko 0x4ba86ca6,
chybující modul NWindow.dll, verze 0.0.0.0, časové razítko 0x4c3fdbfd, kód výjimky
0xc0000005, posun chyby 0x00270392, ID procesu 0x1290, čas spuštění aplikace 0x01cb69cbaa8854d0.

Error - 13.10.2010 0:53:22 | Computer Name = Stolni | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13.10.2010 2:28:49 | Computer Name = Stolni | Source = Application Error | ID = 1000
Description = Chybující aplikace l2.exe, verze 0.0.0.0, časové razítko 0x4ba86ca6,
chybující modul NWindow.dll, verze 0.0.0.0, časové razítko 0x4c3fdbfd, kód výjimky
0xc0000005, posun chyby 0x00270392, ID procesu 0x1340, čas spuštění aplikace 0x01cb6a92f7b51647.

Error - 14.10.2010 5:03:02 | Computer Name = Stolni | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 14.10.2010 10:59:27 | Computer Name = Stolni | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 15.10.2010 2:40:12 | Computer Name = Stolni | Source = Application Error | ID = 1000
Description = Chybující aplikace l2.exe, verze 0.0.0.0, časové razítko 0x4ba86ca6,
chybující modul NWindow.dll, verze 0.0.0.0, časové razítko 0x4c3fdbfd, kód výjimky
0xc0000005, posun chyby 0x00270392, ID procesu 0x11e4, čas spuštění aplikace 0x01cb6c2361c385d0.

[ Media Center Events ]
Error - 21.12.2008 6:29:49 | Computer Name = rpc | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.WaitForUploadComplete failed.
Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned
10000109 Proces: DefaultDomain Název objektu: Media Center Guide

Error - 21.12.2008 8:57:47 | Computer Name = rpc | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media Center
Guide

Error - 9.2.2009 16:02:04 | Computer Name = rpc | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media Center
Guide

Error - 4.1.2010 11:40:34 | Computer Name = Stolni | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media
Center Guide

Error - 4.1.2010 11:40:35 | Computer Name = Stolni | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media Center
Guide

Error - 4.1.2010 11:55:26 | Computer Name = Stolni | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media Center
Guide

Error - 1.2.2010 5:34:22 | Computer Name = Stolni | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media Center
Guide

Error - 3.2.2010 10:58:56 | Computer Name = Stolni | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.WaitForUploadComplete failed.
Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned
10000109 Proces: DefaultDomain Název objektu: Media Center Guide

Error - 1.3.2010 10:33:45 | Computer Name = Stolni | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media Center
Guide

Error - 24.5.2010 4:50:46 | Computer Name = Stolni | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media Center
Guide

[ System Events ]
Error - 25.9.2011 4:37:51 | Computer Name = Stolni | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.0.100 pro síťovou kartu s adresou 001485856AB7
byla serverem DHCP 192.168.0.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 27.9.2011 3:23:37 | Computer Name = Stolni | Source = HTTP | ID = 15016
Description =

Error - 27.9.2011 13:53:00 | Computer Name = Stolni | Source = HTTP | ID = 15016
Description =

Error - 27.9.2011 13:54:39 | Computer Name = Stolni | Source = Service Control Manager | ID = 7000
Description =

Error - 28.9.2011 15:35:23 | Computer Name = Stolni | Source = HTTP | ID = 15016
Description =

Error - 29.9.2011 2:08:41 | Computer Name = Stolni | Source = HTTP | ID = 15016
Description =

Error - 29.9.2011 8:51:37 | Computer Name = Stolni | Source = HTTP | ID = 15016
Description =

Error - 29.9.2011 14:52:24 | Computer Name = Stolni | Source = Service Control Manager | ID = 7031
Description =

Error - 29.9.2011 14:54:24 | Computer Name = Stolni | Source = Service Control Manager | ID = 7032
Description =

Error - 30.9.2011 0:54:51 | Computer Name = Stolni | Source = HTTP | ID = 15016
Description =


< End of report >

Re: kontrola LOGU

Napsal: 30 zář 2011 14:49
od v.s.
OTL logfile created on: 30.9.2011 14:21:29 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Roman\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 66,54% Memory free
8,20 Gb Paging File | 6,15 Gb Available in Paging File | 74,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,35 Gb Total Space | 17,55 Gb Free Space | 17,49% Space Free | Partition Type: NTFS
Drive D: | 132,53 Gb Total Space | 33,26 Gb Free Space | 25,10% Space Free | Partition Type: NTFS

Computer Name: STOLNI | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.09.30 14:18:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
PRC - [2011.09.08 09:59:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.09.08 07:34:42 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011.04.28 09:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\pdf24\pdf24.exe
PRC - [2010.04.28 23:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2010.02.19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe
PRC - [2009.09.10 16:36:38 | 001,968,640 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe
PRC - [2008.05.02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008.01.19 09:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2007.10.18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007.04.13 09:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.02.04 13:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2011.09.24 07:31:12 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.09.08 09:59:37 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009.09.10 16:36:38 | 001,968,640 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe
MOD - [2009.02.19 04:17:31 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX4600\SSOle.dll
MOD - [2009.02.19 04:14:02 | 000,155,648 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX4600\IMFilter.dll
MOD - [2008.12.30 02:03:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll
MOD - [2008.05.02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2007.12.06 05:50:44 | 000,401,408 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\FUM\fumcore.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.09.08 07:34:42 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011.07.06 13:04:25 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011.01.05 04:57:44 | 000,203,776 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.01.04 23:07:10 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2008.05.02 02:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008.01.19 10:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008.01.19 10:00:52 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.01.19 10:00:40 | 000,027,648 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV - [2010.12.17 19:29:59 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010.12.17 19:29:52 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010.12.17 19:29:43 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.04.13 09:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.08.09 13:57:12 | 000,202,576 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:64bit: - [2011.08.04 09:20:38 | 000,146,432 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011.08.04 09:20:38 | 000,137,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011.01.05 05:37:14 | 008,283,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.01.05 05:37:14 | 008,283,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.01.05 04:19:38 | 000,294,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.17 19:29:44 | 000,087,456 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010.11.17 14:04:18 | 000,111,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.15 07:12:05 | 000,294,232 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\vmm.sys -- (vmm)
DRV:64bit: - [2009.06.24 21:54:08 | 000,033,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.04.24 07:43:18 | 000,110,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.03.19 16:34:18 | 000,029,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.02.16 15:30:25 | 000,011,576 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009.02.16 15:27:11 | 000,053,816 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)
DRV:64bit: - [2008.08.11 13:40:58 | 000,072,216 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008.03.29 19:33:00 | 000,063,056 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2008.02.29 03:16:52 | 000,057,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.02.29 03:16:44 | 000,054,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.02.29 03:16:20 | 000,035,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.02.06 20:22:58 | 000,860,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008.01.19 08:47:12 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.19 08:34:08 | 000,048,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008.01.19 08:34:06 | 000,058,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008.01.19 08:34:04 | 000,061,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007.08.14 00:08:34 | 000,202,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007.08.03 16:04:50 | 000,011,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2007.05.02 12:11:14 | 000,145,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2007.05.02 12:11:14 | 000,108,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV:64bit: - [2007.05.02 12:11:14 | 000,019,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2007.01.29 07:20:34 | 000,079,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2005.09.24 00:18:34 | 000,261,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus)
DRV - [2009.03.02 19:09:58 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.02.19 11:09:54 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.03.29 19:32:42 | 000,050,768 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysWOW64\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2008.02.28 15:31:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
IE - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\..\URLSearchHook: {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011.09.27 20:07:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.08 09:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.20 15:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.30 22:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.09.27 20:07:39 | 000,000,000 | ---D | M]

[2010.01.04 16:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\Mozilla\Extensions
[2010.01.04 16:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.22 19:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\extensions
[2009.06.24 21:11:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.31 19:05:15 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2009.12.31 18:29:22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\extensions\LogMeInClient@logmein.com
[2011.09.23 20:40:25 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-1.xml
[2010.04.02 16:05:07 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-10.xml
[2010.06.24 06:21:40 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-11.xml
[2010.06.29 10:23:41 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-12.xml
[2010.07.23 07:58:30 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-13.xml
[2010.07.24 14:43:41 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-14.xml
[2010.09.09 15:39:22 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-15.xml
[2010.09.18 10:59:35 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-16.xml
[2010.10.20 14:47:43 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-17.xml
[2010.10.30 20:49:59 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-18.xml
[2010.12.15 00:04:07 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-19.xml
[2009.08.04 09:05:44 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-2.xml
[2011.03.02 14:33:18 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-20.xml
[2011.03.07 18:37:07 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-21.xml
[2011.03.25 10:30:03 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-22.xml
[2011.04.15 08:01:20 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-23.xml
[2009.09.11 06:32:52 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-3.xml
[2009.11.02 17:31:20 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-4.xml
[2009.11.09 08:31:22 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-5.xml
[2009.12.27 11:03:23 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-6.xml
[2010.01.07 15:42:37 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-7.xml
[2010.01.30 21:53:55 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-8.xml
[2010.03.26 08:18:02 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-9.xml
[2009.07.19 10:59:44 | 000,000,955 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin.xml
[2011.04.15 08:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.06.24 21:11:23 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.16 06:17:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.27 21:44:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.06 15:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 09:49:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.25 17:56:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ROMAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S3JHDS4Q.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011.09.08 09:59:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2008.06.15 18:18:53 | 000,000,096 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 88.86.107.200 L2authd.Lineage2.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\..\Toolbar\WebBrowser: (P2P Energy Toolbar) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [4600 Scan2PC] C:\Windows\twain_32\Samsung\SCX4600\Scan2Pc.exe ()
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000..\Run: [fsm] File not found
O4 - Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Stáhnout Free Download Managerem - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Stáhnout video Free Download Managerem - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Stáhnout vše Free Download Managerem - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Stáhnout vybrané Free Download Managerem - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Stáhnout Free Download Managerem - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Stáhnout video Free Download Managerem - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49B5CB8D-4EFB-444F-8355-BFA070799D04}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll ()
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll ()
O24 - Desktop WallPaper: C:\Users\Roman\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Roman\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.07 16:59:42 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{50c198df-8fd9-11df-b59a-001485856ab7}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{7918d213-d4db-11dc-a415-001485856ab7}\Shell\Auto\command - "" = UFO.exe
O33 - MountPoints2\{7918d213-d4db-11dc-a415-001485856ab7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
O33 - MountPoints2\{bafcd27b-d4e0-11dc-bcaa-001485856ab7}\Shell - "" = AutoRun
O33 - MountPoints2\{bafcd27b-d4e0-11dc-bcaa-001485856ab7}\Shell\AutoRun\command - "" = F:\Setup.now.exe
O33 - MountPoints2\{d66bd841-f76a-11dc-aee7-001485856ab7}\Shell - "" = AutoRun
O33 - MountPoints2\{d66bd841-f76a-11dc-aee7-001485856ab7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f839513d-d5b8-11dc-a180-001485856ab7}\Shell - "" = AutoRun
O33 - MountPoints2\{f839513d-d5b8-11dc-a180-001485856ab7}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\Windows\SysWow64\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\Windows\SysWow64\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2011.09.30 14:18:28 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
[2011.09.29 17:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.09.29 17:08:18 | 000,000,000 | ---D | C] -- C:\rsit
[2011.09.27 20:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011.09.27 20:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011.09.27 19:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.09.27 19:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.03.18 10:07:56 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Roman\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 7 Days ==========

[2011.09.30 14:24:09 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.09.30 14:18:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
[2011.09.30 14:15:48 | 000,459,264 | ---- | M] () -- C:\Users\Roman\Desktop\CKScanner.exe
[2011.09.30 13:09:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.30 13:09:01 | 000,003,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 13:09:01 | 000,003,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 07:01:45 | 001,454,004 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.30 07:01:45 | 000,620,856 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.09.30 07:01:45 | 000,608,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.30 07:01:45 | 000,124,770 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.09.30 07:01:45 | 000,109,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.30 06:54:44 | 4293,451,776 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.29 17:15:51 | 000,002,431 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.09.29 10:37:31 | 000,002,697 | ---- | M] () -- C:\Users\Roman\Desktop\Microsoft Office Word 2003.lnk
[2011.09.27 19:57:51 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.09.27 10:34:29 | 000,011,352 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\SmarThruOptions.xml
[2011.09.25 21:46:26 | 000,001,728 | -H-- | M] () -- C:\Users\Roman\Documents\Default.rdp
[2011.09.24 07:31:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011.09.30 14:24:09 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.09.30 14:15:48 | 000,459,264 | ---- | C] () -- C:\Users\Roman\Desktop\CKScanner.exe
[2011.09.27 19:57:51 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.15 21:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.03.18 10:07:56 | 000,099,384 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\inst.exe
[2010.03.18 10:07:56 | 000,007,859 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\pcouffin.cat
[2010.03.18 10:07:56 | 000,001,167 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\pcouffin.inf
[2010.03.15 11:52:56 | 000,000,600 | ---- | C] () -- C:\Users\Roman\AppData\Local\PUTTY.RND
[2010.03.14 16:49:02 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.02.23 14:46:54 | 000,011,352 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\SmarThruOptions.xml
[2010.02.23 14:46:50 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2010.02.23 14:46:34 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.02.23 14:46:31 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2010.02.23 14:44:52 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.02.23 14:44:33 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2009.09.11 06:57:01 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009.09.10 02:52:02 | 000,000,093 | ---- | C] () -- C:\Users\Roman\AppData\Local\fusioncache.dat
[2009.09.10 02:50:17 | 001,452,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.03.02 20:47:47 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2009.03.02 20:47:47 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009.02.05 22:50:30 | 000,042,320 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009.01.20 19:21:12 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.01.06 08:28:13 | 000,000,430 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.11.14 20:22:26 | 001,758,901 | ---- | C] () -- C:\Windows\SysWow64\fire.dll.zip
[2008.08.23 17:18:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2008.08.14 19:54:48 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008.08.14 19:54:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.04.18 21:37:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.04.18 21:35:46 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.03.30 20:59:54 | 000,000,482 | ---- | C] () -- C:\Windows\SysWow64\Remover.ini
[2008.03.17 23:28:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Project Templates
[2008.03.17 23:28:12 | 000,000,268 | RH-- | C] () -- C:\Users\Roman\AppData\Roaming\Printers
[2008.03.17 23:28:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008.03.10 22:55:05 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.02.12 08:45:35 | 000,000,680 | ---- | C] () -- C:\Users\Roman\AppData\Local\d3d9caps.dat
[2008.02.09 15:51:22 | 000,000,009 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\mdb.bin
[2008.02.08 18:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2008.02.08 18:12:31 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.02.08 16:16:30 | 000,123,392 | ---- | C] () -- C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.07 23:17:59 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2008.02.07 15:25:40 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.02.06 20:11:08 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2008.02.06 20:11:06 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.02.06 20:11:06 | 001,559,040 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.02.06 20:11:06 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.02.06 20:11:05 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008.02.06 20:03:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.02.06 19:46:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.02.06 19:44:57 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008.02.06 19:27:41 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2008.02.06 19:27:41 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008.02.06 19:25:52 | 000,000,732 | ---- | C] () -- C:\Users\Roman\AppData\Local\d3d9caps64.dat
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007.01.31 14:48:36 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP7311.ini
[2007.01.26 03:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2007.01.26 03:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll
[2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010.03.01 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Ashampoo
[2009.03.31 22:11:06 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Autodesk
[2010.03.14 17:23:44 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Canneverbe Limited
[2008.02.10 13:05:07 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Canon
[2008.02.06 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\DAEMON Tools
[2011.09.30 14:24:47 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Free Download Manager
[2010.03.18 10:36:53 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreeCDRipper
[2009.09.11 03:00:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\GetRightToGo
[2008.02.06 19:53:58 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\GHISLER
[2008.02.26 19:01:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Happy Foto
[2011.07.03 20:52:24 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICQ
[2009.04.12 19:32:56 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\IrfanView
[2011.09.29 14:29:50 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Mumble
[2009.09.10 10:55:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2008.03.17 23:37:42 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nikon
[2009.03.02 20:48:46 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\proDAD
[2008.02.08 18:12:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ScanSoft
[2011.05.25 13:07:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Software Informer
[2010.02.06 22:02:47 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.01.04 16:47:38 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Thunderbird
[2009.09.10 06:36:38 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Turbine
[2011.09.27 19:58:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\uTorrent
[2009.10.04 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\VariCAD-Viewer.cz
[2010.03.18 10:08:11 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vso
[2011.09.29 21:04:39 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

Re: kontrola LOGU

Napsal: 30 zář 2011 14:49
od v.s.
========== Custom Scans ==========


< >

< >


< MD5 for: AGP440.SYS >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] () MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.02.14 20:11:35 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008.01.19 10:07:46 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys
[2008.01.19 10:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.02.14 20:11:35 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.01.19 09:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\SysWOW64\autochk.exe
[2008.01.19 09:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 13:15:40 | 000,730,112 | ---- | M] (Microsoft Corporation) MD5=B56DB371DC4C6F791B2708EAA4814BB7 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_3bdbc6d17d338351\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe
[2008.01.19 10:00:03 | 000,733,696 | ---- | M] () MD5=F74203F70337352EEABADAE16A05EAEA -- C:\Windows\SysNative\autochk.exe
[2008.01.19 10:00:03 | 000,733,696 | ---- | M] (Microsoft Corporation) MD5=F74203F70337352EEABADAE16A05EAEA -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_3e1288cd7a1e9425\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.19 08:29:04 | 000,079,872 | ---- | M] () MD5=3B2FB35363423ED60C8FBF15FC8680BD -- C:\Windows\SysNative\drivers\cdrom.sys
[2008.01.19 08:29:04 | 000,079,872 | ---- | M] (Microsoft Corporation) MD5=3B2FB35363423ED60C8FBF15FC8680BD -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_bbc7f7665c24db80\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008.01.19 10:01:10 | 000,165,376 | ---- | M] () MD5=4374F784121D8B3BB466B03F5E5EBD33 -- C:\Windows\SysNative\cryptsvc.dll
[2008.01.19 10:01:10 | 000,165,376 | ---- | M] (Microsoft Corporation) MD5=4374F784121D8B3BB466B03F5E5EBD33 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_d21e34e8532cbf1f\cryptsvc.dll
[2006.11.02 13:16:52 | 000,163,328 | ---- | M] (Microsoft Corporation) MD5=4B48CC76EBFE97314EA64C3BDA983623 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_cfe772ec5641ae4b\cryptsvc.dll
[2008.01.19 09:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\SysWOW64\cryptsvc.dll
[2008.01.19 09:34:00 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2006.11.02 13:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe
[2008.02.06 20:49:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_b61f6f46696c67ab\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.02.06 20:49:07 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=819D88EC82C2C44B556DC32ED22044DE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_ac3dc19d4e3a6405\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2008.02.06 20:49:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_b6926bef829b2600\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.19 10:00:15 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.02.06 20:49:08 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=FCBF8AC1855EF986CDEC2387760F71C6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_abcac4f4350ba5b0\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: HAL.DLL >
[2008.02.06 21:02:41 | 000,269,928 | ---- | M] (Microsoft Corporation) MD5=4E9E6AED40A89EAC984D3350314DE721 -- C:\Windows\winsxs\amd64_hal.inf_31bf3856ad364e35_6.0.6000.20503_none_5de106e5dc413556\hal.dll
[2008.02.06 21:02:41 | 000,269,928 | ---- | M] (Microsoft Corporation) MD5=92081E91EA18B6060D059C23A800ABE4 -- C:\Windows\winsxs\amd64_hal.inf_31bf3856ad364e35_6.0.6000.16407_none_5d5b6b42c31ffae8\hal.dll
[2008.01.19 10:11:22 | 000,233,528 | ---- | M] () MD5=D63C785A6EF1A3DE684781698A0CC9AF -- C:\Windows\SysNative\hal.dll
[2008.01.19 10:11:22 | 000,233,528 | ---- | M] (Microsoft Corporation) MD5=D63C785A6EF1A3DE684781698A0CC9AF -- C:\Windows\winsxs\amd64_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_5f3aabaec04cd4c6\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.19 10:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] () MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2008.01.19 10:07:46 | 000,023,608 | ---- | M] (Microsoft Corporation) MD5=0672BFCEDC6FC468A2B0500D81437F4F -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\isapnp.sys
[2006.11.02 14:01:10 | 000,021,096 | ---- | M] () MD5=D3BB520B31F28C1A065CD058E762EE73 -- C:\Windows\SysNative\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.06.15 15:21:28 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=02474FBCB00AA5C622E92F620DB9A041 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_02bcb9272e6ecc60\lsass.exe
[2009.09.10 17:22:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=1104B18819392FEA12FB5F9E170E66B3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_00fbc3d9312b9991\lsass.exe
[2009.02.13 10:52:40 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1979F94B28107233315DD6220F2304DD -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_02ad19252e799f25\lsass.exe
[2008.01.19 10:00:20 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1B461E9F6DB0EF829B4369F47A24BBEC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_026926461528a96c\lsass.exe
[2008.01.19 10:00:20 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1B461E9F6DB0EF829B4369F47A24BBEC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_02635b98152c3e5e\lsass.exe
[2009.06.15 15:34:54 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=1E766E4C5BF9E230AD37A56BF7DB6C94 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_00d282d7314a3edc\lsass.exe
[2009.06.15 15:32:30 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=306E4503E083A498AE797FF59FA72839 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_00373bf8183ad660\lsass.exe
[2009.06.15 15:15:02 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=40348DCEC0712ED42231C5F90A69A690 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_041a8e8e12769b11\lsass.exe
[2009.09.09 13:32:36 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=41FB90DF49F203672F459122EF1F13B1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_02effd0d2e47247b\lsass.exe
[2009.02.13 07:14:46 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=563B71CEF1D46A24C5980FA2988DB67F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_0101906d312801c6\lsass.exe
[2006.11.02 13:15:57 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=7B6AA93EEE1F354B3A4AC2ADE5EE334E -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_0032644a183d9898\lsass.exe
[2009.06.15 15:26:45 | 000,011,264 | ---- | M] () MD5=80F4593E92FF960E4763380D3168E498 -- C:\Windows\SysNative\lsass.exe
[2009.06.15 15:26:45 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=80F4593E92FF960E4763380D3168E498 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_021f7b32155f99ff\lsass.exe
[2009.09.10 16:57:16 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=BBBCE2DACDCCD5EA60A50D0023AE2DE9 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_04c69d972b7a16dd\lsass.exe
[2009.02.13 09:46:54 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=E231BDBD7D69857EEFFDEB3A48A53824 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_006d4b9418124aab\lsass.exe
[2009.06.15 15:12:52 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=EBDAEE60E442BEA413E5D7CEDFB09463 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_04a52ba32b935432\lsass.exe

< MD5 for: NDIS.SYS >
[2008.01.19 10:12:09 | 000,739,384 | ---- | M] () MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\SysNative\drivers\ndis.sys
[2008.01.19 10:12:09 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_03e5c74ad46c7e4e\ndis.sys
[2006.11.02 13:52:20 | 000,641,128 | ---- | M] (Microsoft Corporation) MD5=CCA69C9493A13AF86DCF0AE272AFBB72 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_01af054ed7816d7a\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.01.19 10:03:01 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll
[2008.01.19 10:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 10:10:12 | 000,128,056 | ---- | M] (NVIDIA Corporation) MD5=2C040B7ADA5B06F6FACADAC8514AA034 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys
[2006.11.02 13:50:24 | 000,112,744 | ---- | M] () MD5=840EEB44DC49317A6161961F7682CD99 -- C:\Windows\SysNative\drivers\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] () MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 10:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 10:03:55 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll
[2008.01.19 10:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll

< MD5 for: SMSS.EXE >
[2006.11.02 13:16:12 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=362C49C769D938B1FB6648D240BF5C76 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_06228184d4a4001c\smss.exe
[2008.01.19 10:00:39 | 000,075,264 | ---- | M] () MD5=9FC8E8C0F344EAE043740B72794DA3CC -- C:\Windows\SysNative\smss.exe
[2008.01.19 10:00:39 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=9FC8E8C0F344EAE043740B72794DA3CC -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_08594380d18f10f0\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2006.11.02 13:16:13 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=6B30067D55E10E4DEBDC842FB1911479 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_0fa33328c0c01e47\svchost.exe
[2008.01.19 10:00:40 | 000,027,648 | ---- | M] () MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008.01.19 10:00:40 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.06.16 19:14:29 | 001,424,264 | ---- | M] (Microsoft Corporation) MD5=0011810B5211FDACD784DE585262ECFE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_119c298735134c99\tcpip.sys
[2009.12.08 20:22:57 | 001,199,616 | ---- | M] (Microsoft Corporation) MD5=2F822AF5E70467F827F5B4010A7FD57F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_bb7549d64ac6920e\tcpip.sys
[2010.02.18 17:01:57 | 001,420,688 | ---- | M] (Microsoft Corporation) MD5=30C4ABC8075DEA44D7E775D434AF1753 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_0f2e179c1ecd900b\tcpip.sys
[2009.08.14 16:44:27 | 001,200,640 | ---- | M] (Microsoft Corporation) MD5=34B30202AECCB530FDDC6C6CCFA2FB46 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_bbc5fabc4a894d2a\tcpip.sys
[2010.02.18 14:25:21 | 001,200,640 | ---- | M] (Microsoft Corporation) MD5=396CF3FD8D2A4FDF55570C01894DB9DF -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_bba931004aa006ed\tcpip.sys
[2009.08.14 20:05:16 | 001,418,840 | ---- | M] (Microsoft Corporation) MD5=3BCD46BE9988B09D3510A0EF54F0D65B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9\tcpip.sys
[2010.02.18 17:04:06 | 001,414,032 | ---- | M] (Microsoft Corporation) MD5=4680D08A2E8A2509CD9B751D7AF59606 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys
[2010.02.18 16:22:15 | 001,423,752 | ---- | M] (Microsoft Corporation) MD5=4AD4600DF1F09EE7462152C061B683C8 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_118286a1352721f8\tcpip.sys
[2008.02.14 20:11:10 | 001,193,472 | ---- | M] (Microsoft Corporation) MD5=5833A92EDC82BA178E4915A8E81A1FC2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_bbaf54e84a9a7440\tcpip.sys
[2008.02.14 20:11:09 | 001,192,448 | ---- | M] (Microsoft Corporation) MD5=616E40EA154BECBB549A87790AA0D667 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_bc13807d63d4e92a\tcpip.sys
[2009.08.14 18:42:31 | 001,413,208 | ---- | M] (Microsoft Corporation) MD5=74B776CA1B328095FE23A3306B1613A3 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys
[2008.01.19 10:12:15 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=7A1183FBB802F5ABAD7FA18BC67E0858 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys
[2010.02.18 14:27:40 | 001,198,080 | ---- | M] (Microsoft Corporation) MD5=7B0B928E318CADC23C87226BE0A1097D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_bc37d12363b92291\tcpip.sys
[2010.06.16 18:40:37 | 001,420,176 | ---- | M] () MD5=7D86275FB640011B372FD566C0EAFA8D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.06.16 18:40:37 | 001,420,176 | ---- | M] (Microsoft Corporation) MD5=7D86275FB640011B372FD566C0EAFA8D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_0ede67001f09ee46\tcpip.sys
[2008.02.06 20:51:25 | 001,193,472 | ---- | M] (Microsoft Corporation) MD5=8A77713E6FC47DE55F941C72A808839E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_bb8413524abae6dd\tcpip.sys
[2009.12.08 22:59:37 | 001,418,840 | ---- | M] (Microsoft Corporation) MD5=8C94F5E4F9DE14A495BAA86F643CF31D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_0ef8061a1ef61e99\tcpip.sys
[2008.04.26 10:55:25 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=8E041924441FF8755E5B4F135C8C3767 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_0efecf2c1ef1a5d7\tcpip.sys
[2010.06.16 19:11:35 | 001,426,816 | ---- | M] (Microsoft Corporation) MD5=973658A2EA9C06B2976884B9046DFC6C -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_10d97a5c1c20ef58\tcpip.sys
[2009.08.14 18:39:38 | 001,425,992 | ---- | M] (Microsoft Corporation) MD5=A7BFF59C2F610F62E6C292074FF36A1E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_10c2d66e1c321395\tcpip.sys
[2010.02.18 16:28:06 | 001,427,336 | ---- | M] (Microsoft Corporation) MD5=B4B7B375FDD672AF79B0CBE9B9A48B47 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_112c2bd61be1dd22\tcpip.sys
[2009.12.08 20:21:46 | 001,196,032 | ---- | M] (Microsoft Corporation) MD5=BB6FB43B431CCAD6FC367648C87205C0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_bc00bf5763e297c8\tcpip.sys
[2008.02.06 20:51:25 | 001,192,960 | ---- | M] (Microsoft Corporation) MD5=C79C17ECF4FFFFCE57E40A3A877B6C42 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_bbfa10d963e6f137\tcpip.sys
[2009.12.08 23:13:33 | 001,411,656 | ---- | M] (Microsoft Corporation) MD5=D1A6D398865E0686533E13DD2558D64B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_0f81a4cb3813bb8a\tcpip.sys
[2010.06.17 01:28:33 | 001,414,544 | ---- | M] (Microsoft Corporation) MD5=D43D5336BE9DD93E02EE124297295713 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys
[2009.08.14 18:32:21 | 001,424,952 | ---- | M] (Microsoft Corporation) MD5=D45D67A18C9FD4CC637BC9D4585C0646 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_11acc42135079bb6\tcpip.sys
[2009.08.16 00:55:23 | 001,196,032 | ---- | M] (Microsoft Corporation) MD5=D4E30E6BADFF21865C3A075457CF9C00 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_bc4f6fa963a72036\tcpip.sys
[2006.11.02 11:48:29 | 001,193,472 | ---- | M] (Microsoft Corporation) MD5=DB08D7CB8D64A07E4D59F8983CD13758 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_bb6d6f644acc0b1a\tcpip.sys
[2009.12.08 22:22:19 | 001,425,480 | ---- | M] (Microsoft Corporation) MD5=E52F99B1160A1A1DE83223379D2C1828 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_10e247ce1c1aa392\tcpip.sys
[2009.12.08 22:04:59 | 001,423,944 | ---- | M] (Microsoft Corporation) MD5=EE84432AD7DCADE2931528C319C55097 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_1159459f3545c743\tcpip.sys
[2008.04.26 10:47:15 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=F10A60005FB50698E33A1940C6EBB010 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_0f8c6d1f380baafd\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.01.19 10:00:45 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008.01.19 10:00:45 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006.11.02 13:19:11 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=28E8AC2995EBAC957AB648F461056C55 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_4c9f8a4a89c86626\ws2_32.dll
[2008.01.19 10:04:48 | 000,265,216 | ---- | M] () MD5=63944ECFE4878C1C4889689324CABFAB -- C:\Windows\SysNative\ws2_32.dll
[2008.01.19 10:04:48 | 000,265,216 | ---- | M] (Microsoft Corporation) MD5=63944ECFE4878C1C4889689324CABFAB -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_4ed64c4686b376fa\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[13 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[7 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp files -> C:\Windows\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\546a0ee694673f062712d31e0a780547\*.tmp files -> C:\Windows\SoftwareDistribution\Download\546a0ee694673f062712d31e0a780547\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\6b986fcefc4ddf45d2c157ae08ee07e4\*.tmp files -> C:\Windows\SoftwareDistribution\Download\6b986fcefc4ddf45d2c157ae08ee07e4\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a6a050997218d1ad7475aaeae7d32879\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a6a050997218d1ad7475aaeae7d32879\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\aea25d00c1732862140c677e7fd6fa36\*.tmp files -> C:\Windows\SoftwareDistribution\Download\aea25d00c1732862140c677e7fd6fa36\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\e2ae778f2037152039ec560f0abd6f3e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e2ae778f2037152039ec560f0abd6f3e\*.tmp -> ]
[9 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.01.04 16:46:45 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Adobe
[2008.11.15 11:00:10 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Apple Computer
[2010.03.01 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Ashampoo
[2008.02.06 19:47:07 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ATI
[2009.03.31 22:11:06 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Autodesk
[2010.03.14 17:23:44 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Canneverbe Limited
[2008.02.10 13:05:07 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Canon
[2010.05.06 11:43:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Comodo
[2008.02.06 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\DAEMON Tools
[2009.03.02 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\DivX
[2010.01.14 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ESTsoft
[2011.09.30 15:04:12 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Free Download Manager
[2010.03.18 10:36:53 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreeCDRipper
[2009.09.11 03:00:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\GetRightToGo
[2008.02.06 19:53:58 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\GHISLER
[2009.07.02 21:23:53 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hamachi
[2008.02.26 19:01:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Happy Foto
[2011.07.03 20:52:24 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICQ
[2008.02.06 19:25:57 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Identities
[2008.02.06 19:28:10 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InstallShield
[2009.04.12 19:32:56 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\IrfanView
[2008.04.12 12:15:01 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Logitech
[2008.02.06 20:07:40 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Macromedia
[2011.09.21 21:53:07 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Malwarebytes
[2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Media Center Programs
[2008.02.07 15:44:35 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Media Player Classic
[2010.03.22 20:46:45 | 000,000,000 | --SD | M] -- C:\Users\Roman\AppData\Roaming\Microsoft
[2009.09.16 10:09:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Mozilla
[2011.09.29 14:29:50 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Mumble
[2009.09.10 10:55:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2010.03.14 17:10:35 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nero
[2008.03.17 23:37:42 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nikon
[2009.03.02 20:48:46 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\proDAD
[2010.03.14 17:06:32 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Real
[2008.02.08 18:12:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ScanSoft
[2011.09.30 06:56:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Skype
[2011.09.30 06:55:19 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\skypePM
[2011.05.25 13:07:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Software Informer
[2008.02.06 20:03:48 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Talkback
[2008.09.20 09:11:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\teamspeak2
[2010.02.06 22:02:47 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.01.04 16:47:38 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Thunderbird
[2009.09.10 06:36:38 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Turbine
[2011.09.27 19:58:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\uTorrent
[2009.10.04 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\VariCAD-Viewer.cz
[2011.09.27 19:58:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Ventrilo
[2010.03.18 10:08:11 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vso
[2008.02.10 08:41:06 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\WinRAR
[2009.03.02 15:09:17 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Xfire
[2008.04.16 15:57:12 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Yahoo!

< %APPDATA%\*.exe /s >
[2010.03.18 10:07:56 | 000,099,384 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\inst.exe
[2008.02.06 20:02:35 | 000,007,406 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{35D4B689-722A-413B-BC6E-8ACA8C1E8636}\_11cb375b.exe
[2008.02.06 20:02:35 | 000,007,406 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{35D4B689-722A-413B-BC6E-8ACA8C1E8636}\_7c4e3148.exe
[2009.03.02 20:44:32 | 000,029,926 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
[2008.02.07 15:46:49 | 000,005,120 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
[2008.02.06 19:45:23 | 000,009,158 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}\ARPPRODUCTICON.exe
[2008.03.17 23:31:05 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
[2011.05.27 10:37:54 | 000,188,152 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\FlashGot.exe
[2009.06.10 11:33:56 | 000,083,256 | ---- | M] (LogMeIn, Inc.) -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
[2009.05.14 15:29:28 | 000,070,984 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2008.01.19 10:00:38 | 001,555,968 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun -- [2008.01.17 18:51:02 | 000,486,856 | ---- | M] (DT Soft Ltd)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.19 10:00:14 | 000,138,240 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.01.26 18:05:34 | 015,026,056 | R--- | M] (Skype Technologies S.A.)
"fsm" =

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.09.30 14:24:09 | 000,000,512 | ---- | M] () MD5=17F0D6FD3FFEE9C99167404A48C8D3E5 -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:21CF0D6BDE4962F2

< End of report >


Děkuji za pomoc

Re: kontrola LOGU

Napsal: 30 zář 2011 15:26
od vyosek
:arrow: Spustte znovu OTL
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    :otl
IE - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
IE - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\..\URLSearchHook: {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
[2011.09.23 20:40:25 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-1.xml
[2010.04.02 16:05:07 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-10.xml
[2010.06.24 06:21:40 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-11.xml
[2010.06.29 10:23:41 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-12.xml
[2010.07.23 07:58:30 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-13.xml
[2010.07.24 14:43:41 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-14.xml
[2010.09.09 15:39:22 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-15.xml
[2010.09.18 10:59:35 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-16.xml
[2010.10.20 14:47:43 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-17.xml
[2010.10.30 20:49:59 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-18.xml
[2010.12.15 00:04:07 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-19.xml
[2009.08.04 09:05:44 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-2.xml
[2011.03.02 14:33:18 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-20.xml
[2011.03.07 18:37:07 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-21.xml
[2011.03.25 10:30:03 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-22.xml
[2011.04.15 08:01:20 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-23.xml
[2009.09.11 06:32:52 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-3.xml
[2009.11.02 17:31:20 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-4.xml
[2009.11.09 08:31:22 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-5.xml
[2009.12.27 11:03:23 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-6.xml
[2010.01.07 15:42:37 | 000,000,961 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-7.xml
[2010.01.30 21:53:55 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-8.xml
[2010.03.26 08:18:02 | 000,000,950 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-9.xml
[2009.07.19 10:59:44 | 000,000,955 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin.xml
[2009.06.24 21:11:23 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\..\Toolbar\WebBrowser: (P2P Energy Toolbar) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O33 - MountPoints2\{bafcd27b-d4e0-11dc-bcaa-001485856ab7}\Shell - "" = AutoRun
O33 - MountPoints2\{d66bd841-f76a-11dc-aee7-001485856ab7}\Shell - "" = AutoRun
O33 - MountPoints2\{f839513d-d5b8-11dc-a180-001485856ab7}\Shell - "" = AutoRun
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[13 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[7 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp files -> C:\Windows\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\546a0ee694673f062712d31e0a780547\*.tmp files -> C:\Windows\SoftwareDistribution\Download\546a0ee694673f062712d31e0a780547\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\6b986fcefc4ddf45d2c157ae08ee07e4\*.tmp files -> C:\Windows\SoftwareDistribution\Download\6b986fcefc4ddf45d2c157ae08ee07e4\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a6a050997218d1ad7475aaeae7d32879\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a6a050997218d1ad7475aaeae7d32879\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\aea25d00c1732862140c677e7fd6fa36\*.tmp files -> C:\Windows\SoftwareDistribution\Download\aea25d00c1732862140c677e7fd6fa36\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\e2ae778f2037152039ec560f0abd6f3e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e2ae778f2037152039ec560f0abd6f3e\*.tmp -> ]
[9 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
@Alternate Data Stream - 24 bytes -> C:\Windows:21CF0D6BDE4962F2

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"ehTray.exe"=-
"Skype"=-
"fsm"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"=-
"QuickTime Task"=-
"iTunesHelper"=-
"CloneCDTray"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"PDFPrint"=-

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
  • Nasledne kliknete na Opravit
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: kontrola LOGU

Napsal: 04 říj 2011 12:09
od v.s.
All processes killed
========== OTL ==========
HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2176402403-3177987778-1097203094-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2176402403-3177987778-1097203094-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2176402403-3177987778-1097203094-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{2bae58c2-79f9-45d1-a286-81f911301c3a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ deleted successfully.
C:\Program Files (x86)\P2P_Energy\tbP2P_.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2176402403-3177987778-1097203094-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\s3jhds4q.default\searchplugins\icqplugin.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ not found.
File C:\Program Files (x86)\P2P_Energy\tbP2P_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2bae58c2-79f9-45d1-a286-81f911301c3a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ not found.
File C:\Program Files (x86)\P2P_Energy\tbP2P_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-2176402403-3177987778-1097203094-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2BAE58C2-79F9-45D1-A286-81F911301C3A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BAE58C2-79F9-45D1-A286-81F911301C3A}\ not found.
File C:\Program Files (x86)\P2P_Energy\tbP2P_.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportovat do aplikace Microsoft Excel\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bafcd27b-d4e0-11dc-bcaa-001485856ab7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bafcd27b-d4e0-11dc-bcaa-001485856ab7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d66bd841-f76a-11dc-aee7-001485856ab7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d66bd841-f76a-11dc-aee7-001485856ab7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f839513d-d5b8-11dc-a180-001485856ab7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f839513d-d5b8-11dc-a180-001485856ab7}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10F1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4597.tmp\CustomMarshalers.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4597.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5189.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7C21.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD76A.tmp\System.ServiceModel.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD76A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1C65.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP25A9.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2E65.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP59E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9887.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9EB4.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA45A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB98F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPBFCF.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDC4A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDFC3.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE4C3.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEF24.tmp folder deleted successfully.
C:\Windows\Installer\MSI822D.tmp deleted successfully.
C:\Windows\Installer\MSIAE3D.tmp deleted successfully.
C:\Windows\Installer\MSIB253.tmp deleted successfully.
C:\Windows\Installer\MSIED61.tmp deleted successfully.
C:\Windows\Installer\MSIEEF8.tmp deleted successfully.
C:\Windows\Installer\MSIF178.tmp deleted successfully.
C:\Windows\Installer\MSIF3AB.tmp deleted successfully.
C:\Windows\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\upd82.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\546a0ee694673f062712d31e0a780547\BIT57F2.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\6b986fcefc4ddf45d2c157ae08ee07e4\BIT57C1.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a6a050997218d1ad7475aaeae7d32879\BIT57A1.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\aea25d00c1732862140c677e7fd6fa36\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\aea25d00c1732862140c677e7fd6fa36\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\e2ae778f2037152039ec560f0abd6f3e\BIT57F3.tmp deleted successfully.
ADS C:\Windows:21CF0D6BDE4962F2 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ehTray.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SSBkgdUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\CloneCDTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\PDFPrint deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Roman
->Temp folder emptied: 11389612 bytes
->Temporary Internet Files folder emptied: 3241829 bytes
->Java cache emptied: 67704881 bytes
->FireFox cache emptied: 52291032 bytes
->Flash cache emptied: 861 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7126 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 21873033 bytes
RecycleBin emptied: 1218076 bytes

Total Files Cleaned = 150,00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: LogMeInRemoteUser

User: Public

User: Roman
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10042011_130349

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Roman\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\main[1].css scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__LMIGuardian.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__LMIGuardian.exe[2].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__LMIinit.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__LMImirr.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__LMIprinter.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__LMIprinterui.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__LMIRfsDriver.sys[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__LogMeIn.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__openssl.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__racodec.ax[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__rainst.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x64__ramaint.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__ICSAgent32.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__LMIGuardian.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__LMIinit.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__LMImirr.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__LMIprinter.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__LMIprinternt.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__LMIproc.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__LMIprocnt.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__LogMeIn.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__LogMeInSystray.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__raabout.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__rahook.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__ramaint.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__ramaint.exe[2].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z01ZJ7AW\x86__zip.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\template.rab[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__ICSAgent64.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__LMIGuardianEvt.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__LMIinit.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__LMIport.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__LMIprinter.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__LMIRfsClientNP.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__LMIRfsDriver.sys[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__LogMeInToolkit.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__raabout.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__rahook.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__rainst.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__zip.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x64__zip.exe[2].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__LMIGuardianEvt.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__LMIinit.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__LMIport.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__LMIprinter.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__LMIprinteruint.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__LMIproc.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__LMIRfsDriver.sys[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__LogMeIn.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__openssl.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__racodec.ax[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__rainst.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__rainst.exe[2].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__rntfywnd.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJZ82GUF\x86__zip.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\raupdate.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\View[1].aspx scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x64__LMIGuardianDll.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x64__LMImirr.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x64__LMImirr2.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x64__LMIprinterui.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x64__LMIproc.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x64__LogMeIn.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x64__LogMeInSystray.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x64__raabout.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x64__rahook.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x64__ramaint.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x64__ra_reboot.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__LMIGuardian.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__LMIGuardianDll.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__LMImirr.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__LMImirr2.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__LMIprinternt.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__LMIprinterui.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__LMIprocnt.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__LMIRfsClientNP.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__LogMeInSystray.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__openssl.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__racodec.ax[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__rahook9x.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__ra_reboot.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB309CBD\x86__ra_sc.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\raupdate.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\template.rab[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__LMIGuardianDll.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__LMIGuardianEvt.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__LMImirr2.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__LMIport.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__LMIproc.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__LMIRfsClientNP.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__LogMeInSystray.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__openssl.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__racodec.ax[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__rainfo.sys[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__rntfywnd.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x64__rntfywnd.dll[2].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__LMIGuardianDll.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__LMIGuardianEvt.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__LMImirr2.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__LMIport.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__LMIprinterui.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__LMIprinteruint.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__LMIRfsClientNP.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__LMIRfsDriver.sys[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__LogMeInToolkit.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__raabout.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__rahook.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__rainfo.sys[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__ra_sc.exe[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPO49M18\x86__rntfywnd.dll[1].cab scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Zde je ten log po restartu ;)

Re: kontrola LOGU

Napsal: 04 říj 2011 13:35
od vyosek
Jak se chova PC :???:

Re: kontrola LOGU

Napsal: 04 říj 2011 18:54
od v.s.
Ahoj, přijde mi že normálně, zatím jsem na nic neobvyklého nenarazil.
Bylo s tím něco nebo se to jen poladilo? Měl jsem menší podezření na nějakej skrytej keyloger.


Díky za ochotu a pomoc :thumbsup:

Re: kontrola LOGU

Napsal: 04 říj 2011 19:43
od vyosek
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: Pro sichr muzete udelat MBAM - navod v mem podpise - pred pripadnym mazanim dejte log at nesmaznete neco legitimniho
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz