Problém s připojením k internetu + kontrola LOGu Vyřešeno

[kryton]

Ahoj,
moc by jsem Vás chtěl poprosit, jestli by mi někdo zkontroloval LOG z HJT. Mám Windows 7 a ESET Nod Samrt Security. Mám následující problém :
v práci mám fremní notebook v doméně a funguje bez problémů. Když přijedu domů, tak se strašně zpomalý připojení k internetu. Strašně dlouho trvá než se stránka načte(desítky sekund) a dost často to padá. Doma mám ještě další dva pc s WinXP a s nima problémy nejsou. Nevím da je chyba v mém pc nebo třeba i v poskytovateli netu, protože jinde (mimo domov či práci) mi net také funguje.

Taky jsem se chtěl zeptat zda se dá nějak vyhnout s problémy, když často instaluji new aplikace, tak aby byli Win stabilnější? Zda je udržovat nečím? Mám špané zkušenosti s někerými čistícími programy, protože mi většinou napáchali více škody než užitku.

Dík za podporu a nyní již LOG z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:21, on 21.7.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\DWRCST.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
D:\_SW_and_text\Install\Antivir\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qword.com/?s=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll
O2 - BHO: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\NBget\InternetDownload\IDTB.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\NBget\InternetDownload\IDTB.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Skype.lnk = ?
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download by NBget Internet Download - C:\Program Files (x86)\NBget\InternetDownload\adddownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2009\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2009\spy.htm
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.esmoss
O15 - Trusted Zone: http://*.esprint
O15 - Trusted Zone: http://*.esreq
O15 - Trusted Zone: http://*.intranet
O15 - Trusted Zone: *.qword.com
O15 - ESC Trusted Zone: http://*.1.im.cz
O15 - ESC Trusted Zone: http://*.esdc1
O15 - ESC Trusted Zone: http://www.google.cz
O15 - ESC Trusted Zone: http://*.intranet
O15 - ESC Trusted Zone: http://www.parhelia-tools.com
O15 - ESC Trusted Zone: http://*.seznam.cz
O16 - DPF: iLO 2 Remote Console Applet - https://172.20.109.12/dvc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pce.era.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pce.era.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pce.era.cz
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = pce.era.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AuditPro Scan - truconneXion, a. s. - C:\AuditPro\Scan.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\Windows\SysWOW64\DWRCS.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: ERA PCP MT - ERA a.s. - C:\Program Files (x86)\ERA\MT\pcp.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Ixia Performance Endpoint (IxiaEndpoint) - Ixia - C:\Program Files (x86)\Ixia\Endpoint\endpoint.exe
O23 - Service: IxiaLicenseServer - Macrovision Corporation - C:\Program Files (x86)\Ixia\licensing\lmgrd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: noded - Unknown owner - C:\Program Files (x86)\Ixia\licensing\noded.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10194 bytes

[Reklama]

[bledulka]

Ahoj,

Co se týče těch čistících programů. Používej na odinstalaci nějaký program, např. Revo uninstaller, nebo se dá odintsalovat i v CCleaneru. Na registry používám právě CCleaner, dá se v něm udělat přes smazáním záloha, a ještě se mi nestalo, že by smazal něco špatného.

Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log




Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c


-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož

[kryton]

tak tady jsou ty logy smažu ty problémový soubory mbabem ok? Je to rozdělený dovíce příspěvků. Dík

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4334

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.7.2010 11:29:50
mbam-log-2010-07-21 (11-29-50).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 584324
Time elapsed: 1 hour(s), 26 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Private\FLASH_DATA\_Install\VMware-workstation-6.0.2-59824\Crack\keygen.exe (Malware.Tool) -> No action taken.
D:\_SW_and_text\Install\Nero_a_VypalSW\Clone CD 4.2.0.1\Clonecd4kg1.exe (Trojan.Agent.CK) -> No action taken.
D:\_SW_and_text\Install\Virtual\VMware-workstation-6.0.2-59824\Crack\keygen.exe (Malware.Tool) -> No action taken.

[kryton]

OTL logfile created on: 21.7.2010 11:31:50 - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = D:\_SW_and_text\Install\Antivir
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 38,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65,91 Gb Total Space | 35,66 Gb Free Space | 54,11% Space Free | Partition Type: NTFS
Drive D: | 232,18 Gb Total Space | 30,67 Gb Free Space | 13,21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VPANB
Current User Name: vpa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.21 09:12:30 | 00,548,352 | ---- | M] (OldTimer Tools) -- D:\_SW_and_text\Install\Antivir\OTL.exe
PRC - [2010.06.30 14:52:22 | 00,836,464 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2010.06.17 09:47:04 | 02,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.05.13 16:12:40 | 26,192,168 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2010.05.13 16:12:40 | 00,080,256 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
PRC - [2010.04.29 15:39:32 | 01,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.04.27 13:43:48 | 00,611,840 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.04.01 15:32:38 | 01,471,840 | ---- | M] (truconneXion, a. s.) -- C:\AuditPro\SCAN.EXE
PRC - [2010.03.23 13:22:46 | 01,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
PRC - [2010.03.23 13:19:32 | 01,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.16 13:16:58 | 00,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010.02.18 11:43:18 | 00,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
PRC - [2009.11.11 14:14:52 | 00,800,768 | ---- | M] () -- C:\Program Files (x86)\Ixia\licensing\noded.exe
PRC - [2009.11.11 14:07:20 | 01,679,360 | ---- | M] (Demo Corporation) -- C:\Program Files (x86)\Ixia\licensing\ixialm.exe
PRC - [2009.11.11 14:03:00 | 01,423,440 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Ixia\licensing\lmgrd.exe
PRC - [2009.10.27 10:15:02 | 00,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.09.09 07:50:00 | 03,514,112 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
PRC - [2009.08.06 18:51:54 | 00,613,128 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files (x86)\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.05.14 16:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009.02.04 16:35:00 | 00,078,848 | ---- | M] (DameWare Development) -- C:\Windows\SysWOW64\DWRCST.EXE
PRC - [2009.02.04 16:34:46 | 00,234,496 | ---- | M] (DameWare Development LLC) -- C:\Windows\SysWOW64\DWRCS.EXE


========== Modules (SafeList) ==========

MOD - [2010.07.21 09:12:30 | 00,548,352 | ---- | M] (OldTimer Tools) -- D:\_SW_and_text\Install\Antivir\OTL.exe
MOD - [2009.07.14 03:15:07 | 00,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009.07.14 03:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.11.30 10:31:56 | 00,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.09.25 13:42:20 | 00,613,288 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV:64bit: - [2009.07.14 03:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009.07.14 03:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009.07.14 03:41:56 | 00,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009.07.14 03:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009.07.14 03:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009.07.14 03:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 01,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009.07.14 03:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009.07.14 03:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009.07.14 03:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009.07.14 03:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.07.14 03:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009.07.14 03:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009.07.14 03:40:24 | 00,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009.07.14 03:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009.07.14 03:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009.07.14 03:40:01 | 00,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009.07.14 03:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009.07.14 03:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009.07.14 03:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009.05.14 16:54:26 | 00,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009.05.14 16:47:54 | 00,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2010.07.15 08:06:45 | 00,136,176 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010.06.17 09:47:04 | 02,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.04.27 13:43:48 | 00,611,840 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.04.01 15:32:38 | 01,471,840 | ---- | M] (truconneXion, a. s.) [Auto | Running] -- C:\AuditPro\Scan.exe -- (AuditPro Scan)
SRV - [2010.03.23 13:19:32 | 01,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 17:23:04 | 00,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 14:27:14 | 00,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 00,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 02:51:28 | 00,479,744 | ---- | M] (Ixia) [Auto | Running] -- C:\Program Files (x86)\Ixia\Endpoint\endpoint.exe -- (IxiaEndpoint)
SRV - [2009.11.11 14:14:52 | 00,800,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ixia\licensing\noded.exe -- (noded)
SRV - [2009.11.11 14:03:00 | 01,423,440 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files (x86)\Ixia\licensing\lmgrd.exe -- (IxiaLicenseServer)
SRV - [2009.10.31 06:32:20 | 00,894,152 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.10.20 20:19:48 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.07.14 05:20:14 | 00,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.14 03:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.13 22:30:11 | 00,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.06.10 22:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.02.04 16:34:46 | 00,234,496 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\SysWOW64\DWRCS.EXE -- (DWMRCS)
SRV - [2006.03.10 13:31:20 | 00,258,048 | ---- | M] (ERA a.s.) [Auto | Stopped] -- C:\Program Files (x86)\ERA\MT\pcp.exe -- (ERA PCP MT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.06.17 09:47:02 | 01,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010.06.17 09:47:00 | 00,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.03.23 13:29:46 | 00,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.26 14:33:40 | 00,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 14:33:24 | 00,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.02.26 14:33:22 | 00,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.02.26 14:33:22 | 00,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010.02.08 10:21:47 | 00,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.02.08 08:32:00 | 00,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.11 12:29:27 | 00,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009.11.30 10:31:54 | 00,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.11.30 10:31:50 | 02,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.10.20 20:19:54 | 00,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.09.26 08:20:38 | 00,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009.09.25 12:53:42 | 00,026,112 | ---- | M] (Dell Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\omci.sys -- (omci)
DRV:64bit: - [2009.07.14 03:52:21 | 00,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 00,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 00,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 00,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:48:04 | 00,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009.07.14 03:47:49 | 00,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009.07.14 03:47:48 | 00,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:56 | 00,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009.07.14 03:45:55 | 00,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009.07.14 03:45:55 | 00,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 00,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 00,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009.07.14 03:45:55 | 00,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 00,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:45:46 | 00,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009.07.14 03:45:45 | 00,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009.07.14 03:43:14 | 00,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009.07.14 02:17:46 | 00,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009.07.14 02:16:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009.07.14 02:10:24 | 00,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009.07.14 02:09:26 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009.07.14 02:08:13 | 00,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009.07.14 02:07:28 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:64bit: - [2009.07.14 02:07:22 | 00,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009.07.14 02:07:21 | 00,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009.07.14 02:07:13 | 00,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009.07.14 02:07:00 | 00,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009.07.14 02:07:00 | 00,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2009.07.14 02:06:57 | 00,551,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2009.07.14 02:06:56 | 00,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009.07.14 02:06:53 | 00,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009.07.14 02:06:52 | 00,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2009.07.14 02:06:52 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009.07.14 02:06:32 | 00,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.07.14 02:06:28 | 00,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009.07.14 02:06:24 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009.07.14 02:05:37 | 00,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009.07.14 02:02:08 | 00,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009.07.14 02:00:34 | 00,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009.07.14 02:00:13 | 00,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009.07.14 01:52:39 | 00,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009.07.14 01:50:17 | 00,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009.07.14 01:42:58 | 00,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 00,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:37:18 | 00,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009.07.14 01:31:06 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009.07.14 01:31:03 | 00,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009.07.14 01:27:17 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009.07.14 01:24:27 | 00,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.14 01:19:25 | 00,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009.06.10 23:01:11 | 01,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 00,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 00,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 03,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 00,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:31:59 | 00,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 16:49:56 | 00,121,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009.05.14 16:47:16 | 00,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009.05.14 16:41:14 | 00,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2008.11.16 18:39:44 | 00,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.08.28 12:44:42 | 00,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.02.15 19:00:00 | 00,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd)
DRV:64bit: - [2007.02.08 15:03:36 | 00,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2010.02.08 18:19:43 | 00,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2010.02.08 15:15:53 | 00,088,448 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009.07.14 03:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:16:19 | 00,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009.07.14 03:16:02 | 00,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009.06.10 23:28:14 | 00,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 00,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006.06.19 12:28:44 | 00,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\aspi32.BAK -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qword.com/?s=1
IE - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
IE - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF 5A A9 F3 CD 06 CB 01 [binary data]
IE - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\S-1-5-21-2096504233-149639012-1869945473-1910\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.04.09 11:27:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.21 08:13:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.21 08:13:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.02.08 11:56:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.04.09 11:27:15 | 00,000,000 | ---D | M]

[2010.07.21 08:14:14 | 00,000,000 | ---D | M] -- C:\Users\vpa.ERA\AppData\Roaming\mozilla\Extensions
[2010.07.21 08:14:14 | 00,000,000 | ---D | M] -- C:\Users\vpa.ERA\AppData\Roaming\mozilla\Firefox\Profiles\jqhu938t.default\extensions
[2010.07.21 08:13:50 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009.06.10 23:00:26 | 00,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (InternetDownloadToolBar) - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\NBget\InternetDownload\IDTB.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (InternetDownloadToolBar) - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\NBget\InternetDownload\IDTB.dll ()
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe File not found
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910..\Run: [] File not found
O4 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\GPActivities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRunOnStartMenu = 1
O8:64bit: - Extra context menu item: Download by NBget Internet Download - C:\Program Files (x86)\NBget\InternetDownload\adddownload.htm ()
O8 - Extra context menu item: Download by NBget Internet Download - C:\Program Files (x86)\NBget\InternetDownload\adddownload.htm ()
O9 - Extra Button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2009\spy.htm ()
O9 - Extra 'Tools' menuitem : Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2009\spy.htm ()
O9 - Extra Button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files (x86)\Verdict Free\etnxp.dll ()
O9 - Extra 'Tools' menuitem : Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll ()
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: esmoss ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: esprint ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: esreq ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: intranet ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..Trusted Domains: esmoss ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..Trusted Domains: esprint ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..Trusted Domains: esreq ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..Trusted Domains: intranet ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..Trusted Domains: qword.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: iLO 2 Remote Console Applet https://172.20.109.12/dvc.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pce.era.cz
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.03 22:10:05 | 00,000,095 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{2cb6c010-148b-11df-92cb-001c234e5b6d}\Shell - "" = AutoRun
O33 - MountPoints2\{2cb6c010-148b-11df-92cb-001c234e5b6d}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009.07.14 05:20:14 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
OTL cannot create restorepoints on Vista OSs!

[kryton]

========== Files/Folders - Created Within 30 Days ==========

[2010.07.21 09:11:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.07.21 09:10:03 | 00,000,000 | ---D | C] -- C:\Users\vpa.ERA\AppData\Roaming\Malwarebytes
[2010.07.21 09:09:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.21 09:09:56 | 00,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.21 09:09:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.21 09:09:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.21 08:13:54 | 00,000,000 | ---D | C] -- C:\Users\vpa.ERA\AppData\Roaming\Mozilla
[2010.07.20 16:02:39 | 08,589,088 | ---- | C] (Mozilla) -- C:\Users\vpa.ERA\Desktop\Firefox Setup 3.6.6.exe
[2010.07.19 15:37:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2010.07.19 15:37:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2010.07.19 15:36:37 | 00,000,000 | ---D | C] -- C:\Upload
[2010.07.19 13:41:25 | 00,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\Windows\SysWow64\hypertrm.dll
[2010.07.19 13:41:04 | 00,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\Windows\hypertrm.dll
[2010.07.19 13:30:25 | 00,000,000 | ---D | C] -- C:\Users\vpa.ERA\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP
[2010.07.16 11:47:14 | 00,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010.07.16 06:40:55 | 00,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.07.15 08:06:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.07.15 08:06:45 | 00,000,000 | ---D | C] -- C:\Users\vpa.ERA\AppData\Local\Google
[2010.07.14 11:36:28 | 00,000,000 | ---D | C] -- C:\Users\vpa.ERA\Desktop\dell e5510
[2010.07.14 09:25:44 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.07.13 12:29:04 | 90,655,192 | ---- | C] (InstallShield Software Corporation) -- C:\Users\vpa.ERA\Desktop\!!!PCMark05_v120_installer.exe
[2010.07.13 07:42:37 | 00,000,000 | ---D | C] -- C:\EasyBoot
[2010.07.08 11:07:39 | 00,000,000 | ---D | C] -- C:\Users\vpa.ERA\AppData\Local\Unite Media Player
[2010.07.08 11:01:06 | 00,000,000 | ---D | C] -- C:\PFiles
[2010.07.07 15:35:30 | 00,000,000 | ---D | C] -- C:\Users\vpa.ERA\AppData\Local\Deployment
[2010.07.07 15:35:30 | 00,000,000 | ---D | C] -- C:\Users\vpa.ERA\AppData\Local\Apps
[2010.06.29 14:15:38 | 00,000,000 | ---D | C] -- C:\Users\vpa.ERA\Documents\gegl-0.0
[2010.06.29 14:15:38 | 00,000,000 | ---D | C] -- C:\Users\vpa.ERA\.gimp-2.6
[2010.06.28 09:03:11 | 00,155,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LMRT.dll
[2010.06.28 09:03:11 | 00,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\SysWow64\tm20dec.ax
[2010.06.28 09:03:11 | 00,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LMRTREND.dll
[2010.06.28 09:03:10 | 00,217,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\strmdll.dll
[2010.06.28 09:03:10 | 00,182,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft3.dll
[2010.06.28 09:03:10 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unam4ie.exe
[2010.06.28 09:03:08 | 01,088,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\danim.dll
[2010.06.28 09:03:08 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciqtz.drv
[2010.06.28 09:03:07 | 00,194,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qcut.dll
[2010.06.28 09:03:07 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf32.dll
[2010.06.28 09:03:07 | 00,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf16.dll
[2010.06.28 09:02:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Auralog
[2010.06.28 07:00:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010.02.08 14:48:46 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MSVCR71.DLL
[2010.02.08 14:48:45 | 00,466,944 | ---- | C] (LangSoft s.r.o.) -- C:\Program Files (x86)\TRNConfig.exe
[2010.02.08 14:48:43 | 00,040,960 | ---- | C] (LangSoft s.r.o.) -- C:\Program Files (x86)\TRNConfigC.DLL
[2010.02.08 14:48:42 | 00,917,504 | ---- | C] (Langsoft & METEOR Software) -- C:\Program Files (x86)\WTRAN32g.DLL
[2010.02.08 14:48:42 | 00,905,216 | ---- | C] (Langsoft & METEOR Software) -- C:\Program Files (x86)\WTRAN32a.DLL
[2010.02.08 14:48:42 | 00,036,864 | ---- | C] (LangSoft s.r.o.) -- C:\Program Files (x86)\TRNConfigG.DLL
[2010.02.08 14:48:41 | 00,913,408 | ---- | C] (Langsoft & METEOR Software) -- C:\Program Files (x86)\WTRAN32c.DLL
[2010.02.08 14:48:40 | 00,036,864 | ---- | C] (TODO: <Company name>) -- C:\Program Files (x86)\TRNConfigA.DLL
[2010.02.08 14:48:38 | 00,548,864 | ---- | C] (Sequiter Software Inc.) -- C:\Program Files (x86)\C4DLL323.DLL
[2010.02.08 14:48:36 | 00,246,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\UNICOWS.DLL
[2010.02.08 14:48:35 | 00,466,944 | ---- | C] (LangSoft s.r.o.) -- C:\Program Files (x86)\SETUPWEB.EXE
[2010.02.08 14:48:35 | 00,155,648 | ---- | C] (POLAR) -- C:\Program Files (x86)\AutoCorrectDLL.DLL
[2010.02.08 14:48:34 | 00,225,280 | ---- | C] (Polar) -- C:\Program Files (x86)\POLSPELL.DLL
[2010.02.08 14:48:32 | 00,352,256 | ---- | C] (METEOR Software) -- C:\Program Files (x86)\TRNOUTL.DL_
[2010.02.08 14:48:32 | 00,299,008 | ---- | C] (METEOR Software) -- C:\Program Files (x86)\TRNWORD.DL_
[2010.02.08 14:48:32 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\ATL.DLL
[2010.02.08 14:48:31 | 00,528,384 | ---- | C] (LangSoft s.r.o.) -- C:\Program Files (x86)\TRNIKONY.EXE
[2010.02.08 14:48:30 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MFC71.DLL
[2010.02.08 14:48:29 | 00,174,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\RICHED32.DLL
[2010.02.08 14:48:29 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MSWD6_32.WPC
[2010.02.08 14:48:29 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WRITE32.WPC
[2010.02.08 14:48:27 | 00,244,736 | ---- | C] (Sequiter Software Inc.) -- C:\Program Files (x86)\C4DLL320.DLL
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\System\*.tmp files -> C:\Windows\System\*.tmp -> ]
[1 C:\Windows\SysWow64\drivers\*.tmp files -> C:\Windows\SysWow64\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\vpa.ERA\*.tmp files -> C:\Users\vpa.ERA\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.21 11:32:48 | 04,718,592 | -HS- | M] () -- C:\Users\vpa.ERA\ntuser.dat
[2010.07.21 11:29:09 | 00,002,004 | -H-- | M] () -- C:\Users\vpa.ERA\Documents\Default.rdp
[2010.07.21 11:11:09 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.21 11:04:50 | 08,379,904 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\00062_00.doc
[2010.07.21 09:11:09 | 00,001,007 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\CCleaner.lnk
[2010.07.21 09:10:00 | 00,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.21 08:51:25 | 00,050,390 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.07.21 08:47:46 | 00,001,378 | RHS- | M] () -- C:\Users\vpa.ERA\ntuser.pol
[2010.07.21 08:13:51 | 00,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.21 08:11:01 | 00,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.21 07:09:18 | 00,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.21 07:09:18 | 00,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.21 07:06:24 | 00,796,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.21 07:06:24 | 00,664,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.21 07:06:24 | 00,126,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.21 07:02:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.21 07:02:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.21 07:01:54 | 32,196,19840 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.20 16:21:10 | 06,206,158 | -H-- | M] () -- C:\Users\vpa.ERA\AppData\Local\IconCache.db
[2010.07.20 16:03:14 | 08,589,088 | ---- | M] (Mozilla) -- C:\Users\vpa.ERA\Desktop\Firefox Setup 3.6.6.exe
[2010.07.20 15:10:17 | 00,001,652 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\Info.lnk
[2010.07.20 15:10:17 | 00,001,514 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\Docházka.lnk
[2010.07.19 15:38:52 | 00,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010.07.19 15:37:59 | 00,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2010.07.19 15:03:52 | 00,140,645 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\iLO.jpg
[2010.07.19 15:02:42 | 00,000,783 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\BurnInTest.lnk
[2010.07.19 13:27:00 | 08,111,736 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\VPNclient5_UGent.zip
[2010.07.16 13:10:11 | 00,959,530 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\Datasheet_ CP308.pdf
[2010.07.16 06:47:16 | 00,043,661 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\ggkywjh.png
[2010.07.15 10:31:13 | 00,178,688 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\PC_HW_SPEC2010_PRO_SP.doc
[2010.07.15 08:08:50 | 00,002,284 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.07.14 11:16:21 | 00,008,560 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\opda.cn_camera off_camerasoundoff.sisx
[2010.07.13 12:37:41 | 90,655,192 | ---- | M] (InstallShield Software Corporation) -- C:\Users\vpa.ERA\Desktop\!!!PCMark05_v120_installer.exe
[2010.07.07 20:59:15 | 00,001,841 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\Navod_a_Serials_3DMarkVant_2010_102_1901.rar
[2010.07.07 20:40:40 | 00,000,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.07.07 14:02:50 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010.07.07 14:02:50 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010.06.29 15:54:34 | 66,627,6053 | ---- | M] () -- C:\Users\vpa.ERA\Desktop\UML2 a unifikovaný proces vývoje aplikací.pdf
[2010.06.28 09:03:06 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf32.dll
[2010.06.28 09:03:06 | 00,002,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf16.dll
[2010.06.28 09:02:59 | 00,000,011 | ---- | M] () -- C:\trace.ini
[2010.06.28 09:02:57 | 00,002,182 | ---- | M] () -- C:\Users\Public\Desktop\TELL ME MORE.lnk
[2010.06.28 08:00:50 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010.06.28 06:49:40 | 00,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\System\*.tmp files -> C:\Windows\System\*.tmp -> ]
[1 C:\Windows\SysWow64\drivers\*.tmp files -> C:\Windows\SysWow64\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\vpa.ERA\*.tmp files -> C:\Users\vpa.ERA\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.21 11:04:34 | 08,379,904 | ---- | C] () -- C:\Users\vpa.ERA\Desktop\00062_00.doc
[2010.07.21 09:11:09 | 00,001,007 | ---- | C] () -- C:\Users\vpa.ERA\Desktop\CCleaner.lnk
[2010.07.21 09:10:00 | 00,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.21 08:13:51 | 00,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.19 15:37:59 | 00,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2010.07.19 15:37:52 | 00,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2010.07.19 15:03:52 | 00,140,645 | ---- | C] () -- C:\Users\vpa.ERA\Desktop\iLO.jpg
[2010.07.19 13:28:34 | 08,111,736 | ---- | C] () -- C:\Users\vpa.ERA\Desktop\VPNclient5_UGent.zip
[2010.07.16 13:10:10 | 00,959,530 | ---- | C] () -- C:\Users\vpa.ERA\Desktop\Datasheet_ CP308.pdf
[2010.07.16 06:47:16 | 00,043,661 | ---- | C] () -- C:\Users\vpa.ERA\Desktop\ggkywjh.png
[2010.07.15 09:11:25 | 00,178,688 | ---- | C] () -- C:\Users\vpa.ERA\Desktop\PC_HW_SPEC2010_PRO_SP.doc
[2010.07.15 08:08:50 | 00,002,284 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.07.15 08:06:56 | 00,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.15 08:06:55 | 00,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.14 11:16:21 | 00,008,560 | ---- | C] () -- C:\Users\vpa.ERA\Desktop\opda.cn_camera off_camerasoundoff.sisx
[2010.07.07 20:59:15 | 00,001,841 | ---- | C] () -- C:\Users\vpa.ERA\Desktop\Navod_a_Serials_3DMarkVant_2010_102_1901.rar
[2010.07.07 14:02:39 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010.07.07 14:02:39 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010.06.29 15:09:41 | 66,627,6053 | ---- | C] () -- C:\Users\vpa.ERA\Desktop\UML2 a unifikovaný proces vývoje aplikací.pdf
[2010.06.28 09:03:08 | 00,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010.06.28 09:03:08 | 00,005,672 | ---- | C] () -- C:\Windows\SysWow64\quartz.vxd
[2010.06.28 09:02:59 | 00,000,011 | ---- | C] () -- C:\trace.ini
[2010.06.28 09:02:57 | 00,002,182 | ---- | C] () -- C:\Users\Public\Desktop\TELL ME MORE.lnk
[2010.06.28 08:00:50 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010.06.28 06:49:40 | 00,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.06.11 10:50:35 | 00,000,101 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.06.01 13:47:30 | 00,000,017 | ---- | C] () -- C:\Users\vpa.ERA\AppData\Local\resmon.resmoncfg
[2010.05.05 14:00:24 | 00,000,434 | ---- | C] () -- C:\Windows\tdesign.INI
[2010.05.05 13:55:08 | 00,000,095 | ---- | C] () -- C:\Users\vpa.ERA\AppData\Local\fusioncache.dat
[2010.04.01 13:20:33 | 00,000,093 | ---- | C] () -- C:\Program Files (x86)\CZCS.INI
[2010.04.01 13:20:33 | 00,000,093 | ---- | C] () -- C:\Program Files (x86)\ANCS.INI
[2010.02.08 15:15:53 | 00,037,888 | ---- | C] () -- C:\Windows\SysWow64\setupnt.dll
[2010.02.08 14:49:22 | 00,002,476 | ---- | C] () -- C:\Windows\TRNCOM.INI
[2010.02.08 14:49:19 | 03,465,911 | ---- | C] () -- C:\Program Files (x86)\pronan.dbf
[2010.02.08 14:49:19 | 00,884,706 | ---- | C] () -- C:\Program Files (x86)\PRONAN.DAT
[2010.02.08 14:49:19 | 00,855,479 | ---- | C] () -- C:\Program Files (x86)\SYNON.DBF
[2010.02.08 14:49:19 | 00,683,008 | ---- | C] () -- C:\Program Files (x86)\SYNON1.CDX
[2010.02.08 14:49:19 | 00,571,392 | ---- | C] () -- C:\Program Files (x86)\SYNON2.CDX
[2010.02.08 14:49:19 | 00,001,514 | ---- | C] () -- C:\Program Files (x86)\SPCS.CET
[2010.02.08 14:49:19 | 00,001,262 | ---- | C] () -- C:\Program Files (x86)\RUCS.CET
[2010.02.08 14:49:19 | 00,000,682 | ---- | C] () -- C:\Program Files (x86)\SLOZENI.DTA
[2010.02.08 14:49:18 | 06,161,098 | ---- | C] () -- C:\Program Files (x86)\CSANTCX2.DBF
[2010.02.08 14:49:18 | 03,437,196 | ---- | C] () -- C:\Program Files (x86)\COR4AN.DBF
[2010.02.08 14:49:18 | 03,425,280 | ---- | C] () -- C:\Program Files (x86)\COR4AN.CDX
[2010.02.08 14:49:18 | 02,864,128 | ---- | C] () -- C:\Program Files (x86)\COR4AN2.CDX
[2010.02.08 14:49:18 | 01,678,504 | ---- | C] () -- C:\Program Files (x86)\CZCS.DIC
[2010.02.08 14:49:18 | 01,597,440 | ---- | C] () -- C:\Program Files (x86)\CSANTCX.DBF
[2010.02.08 14:49:18 | 01,345,536 | ---- | C] () -- C:\Program Files (x86)\CSANTCX.CDX
[2010.02.08 14:49:18 | 00,923,648 | ---- | C] () -- C:\Program Files (x86)\pronan.cdx
[2010.02.08 14:49:18 | 00,770,516 | ---- | C] () -- C:\Program Files (x86)\CZL4.DBF
[2010.02.08 14:49:18 | 00,743,424 | ---- | C] () -- C:\Program Files (x86)\CZL4.CDX
[2010.02.08 14:49:18 | 00,460,625 | ---- | C] () -- C:\Program Files (x86)\NAME.DBF
[2010.02.08 14:49:18 | 00,387,072 | ---- | C] () -- C:\Program Files (x86)\NAME.CDX
[2010.02.08 14:49:18 | 00,113,111 | ---- | C] () -- C:\Program Files (x86)\CORRECT.CS0
[2010.02.08 14:49:18 | 00,043,556 | ---- | C] () -- C:\Program Files (x86)\CORRECT.AN
[2010.02.08 14:49:18 | 00,031,581 | ---- | C] () -- C:\Program Files (x86)\CORRECT.CS
[2010.02.08 14:49:18 | 00,022,779 | ---- | C] () -- C:\Program Files (x86)\CORRECT.CZN
[2010.02.08 14:49:18 | 00,012,139 | ---- | C] () -- C:\Program Files (x86)\CORRECT.CZA
[2010.02.08 14:49:18 | 00,007,795 | ---- | C] () -- C:\Program Files (x86)\CORRECTF.AN
[2010.02.08 14:49:18 | 00,007,131 | ---- | C] () -- C:\Program Files (x86)\CORRECT.PJS
[2010.02.08 14:49:18 | 00,002,806 | ---- | C] () -- C:\Program Files (x86)\CORRECT.AN0
[2010.02.08 14:49:18 | 00,001,358 | ---- | C] () -- C:\Program Files (x86)\GRCS.CET
[2010.02.08 14:49:18 | 00,001,286 | ---- | C] () -- C:\Program Files (x86)\FRCS.CET
[2010.02.08 14:49:18 | 00,001,253 | ---- | C] () -- C:\Program Files (x86)\ITCS.CET
[2010.02.08 14:49:18 | 00,000,974 | ---- | C] () -- C:\Program Files (x86)\CORRECTX.AN
[2010.02.08 14:49:17 | 16,059,792 | ---- | C] () -- C:\Program Files (x86)\ANTCX70.DBF
[2010.02.08 14:49:17 | 06,645,110 | ---- | C] () -- C:\Program Files (x86)\ANCSTCX2.DBF
[2010.02.08 14:49:17 | 06,599,680 | ---- | C] () -- C:\Program Files (x86)\CSAN.CDX
[2010.02.08 14:49:17 | 06,400,512 | ---- | C] () -- C:\Program Files (x86)\ANCS.CDX
[2010.02.08 14:49:17 | 01,030,343 | ---- | C] () -- C:\Program Files (x86)\ANCS.DIC
[2010.02.08 14:49:17 | 00,748,766 | ---- | C] () -- C:\Program Files (x86)\ANCSTCX.DBF
[2010.02.08 14:49:17 | 00,660,480 | ---- | C] () -- C:\Program Files (x86)\ANCSTCX.CDX
[2010.02.08 14:49:17 | 00,013,285 | ---- | C] () -- C:\Program Files (x86)\ANCS.GRM
[2010.02.08 14:49:17 | 00,001,170 | ---- | C] () -- C:\Program Files (x86)\ANCS.CET
[2010.02.08 14:49:16 | 42,935,282 | ---- | C] () -- C:\Program Files (x86)\ANCS.DBF
[2010.02.08 14:49:16 | 01,720,288 | ---- | C] () -- C:\Program Files (x86)\ANCS2.DBF
[2010.02.08 14:49:15 | 00,000,004 | ---- | C] () -- C:\Program Files (x86)\USER.NET
[2010.02.08 14:48:59 | 11,265,369 | ---- | C] () -- C:\Program Files (x86)\A4.CMP
[2010.02.08 14:48:58 | 15,636,753 | ---- | C] () -- C:\Program Files (x86)\A3.CMP
[2010.02.08 14:48:58 | 15,319,767 | ---- | C] () -- C:\Program Files (x86)\A2.CMP
[2010.02.08 14:48:57 | 17,604,649 | ---- | C] () -- C:\Program Files (x86)\A1.CMP
[2010.02.08 14:48:57 | 17,179,235 | ---- | C] () -- C:\Program Files (x86)\A0.CMP
[2010.02.08 14:48:57 | 00,365,568 | ---- | C] () -- C:\Program Files (x86)\READERA.CDX
[2010.02.08 14:48:56 | 01,912,405 | ---- | C] () -- C:\Program Files (x86)\READERA.DBF
[2010.02.08 14:48:52 | 00,004,974 | ---- | C] () -- C:\Program Files (x86)\TRANSLAT.UNI
[2010.02.08 14:48:52 | 00,002,476 | ---- | C] () -- C:\Program Files (x86)\TRNCOM.CFG
[2010.02.08 14:48:51 | 02,371,636 | ---- | C] () -- C:\Program Files (x86)\TRNCOM.DLL
[2010.02.08 14:48:51 | 00,495,616 | ---- | C] () -- C:\Program Files (x86)\WEBIE.DL_
[2010.02.08 14:48:51 | 00,001,678 | ---- | C] () -- C:\Program Files (x86)\MAILTRAN.CFG
[2010.02.08 14:48:50 | 02,371,636 | ---- | C] () -- C:\Program Files (x86)\TRNCOM.DL_
[2010.02.08 14:48:50 | 00,038,754 | ---- | C] () -- C:\Program Files (x86)\TRNCOMc.CHM
[2010.02.08 14:48:50 | 00,026,624 | ---- | C] () -- C:\Program Files (x86)\OETRN.EX_
[2010.02.08 14:48:49 | 00,387,774 | ---- | C] () -- C:\Program Files (x86)\WDICT32g.CHM
[2010.02.08 14:48:49 | 00,089,352 | ---- | C] () -- C:\Program Files (x86)\WDCTM32g.CHM
[2010.02.08 14:48:49 | 00,038,754 | ---- | C] () -- C:\Program Files (x86)\TRNCOMg.CHM
[2010.02.08 14:48:48 | 00,281,635 | ---- | C] () -- C:\Program Files (x86)\WTRAN32g.CHM
[2010.02.08 14:48:48 | 00,114,995 | ---- | C] () -- C:\Program Files (x86)\WDICT32a.CHM
[2010.02.08 14:48:48 | 00,038,754 | ---- | C] () -- C:\Program Files (x86)\TRNCOMa.CHM
[2010.02.08 14:48:47 | 00,231,443 | ---- | C] () -- C:\Program Files (x86)\WTRAN32a.CHM
[2010.02.08 14:48:47 | 00,098,304 | ---- | C] () -- C:\Program Files (x86)\MAILTRANg.DLL
[2010.02.08 14:48:47 | 00,021,164 | ---- | C] () -- C:\Program Files (x86)\WDCTM32a.CHM
[2010.02.08 14:48:46 | 00,098,304 | ---- | C] () -- C:\Program Files (x86)\MAILTRANc.DLL
[2010.02.08 14:48:46 | 00,098,304 | ---- | C] () -- C:\Program Files (x86)\MAILTRANa.DLL
[2010.02.08 14:48:45 | 00,073,728 | ---- | C] () -- C:\Program Files (x86)\WDCTM32g.DLL
[2010.02.08 14:48:45 | 00,065,536 | ---- | C] () -- C:\Program Files (x86)\WDCTM32a.DLL
[2010.02.08 14:48:45 | 00,053,248 | ---- | C] () -- C:\Program Files (x86)\WDCTM32c.DLL
[2010.02.08 14:48:44 | 00,037,641 | ---- | C] () -- C:\Program Files (x86)\MAILTRANg.CHM
[2010.02.08 14:48:44 | 00,037,641 | ---- | C] () -- C:\Program Files (x86)\MAILTRANa.CHM
[2010.02.08 14:48:43 | 00,839,680 | ---- | C] () -- C:\Program Files (x86)\WDICT32g.DLL
[2010.02.08 14:48:43 | 00,835,584 | ---- | C] () -- C:\Program Files (x86)\WDICT32a.DLL
[2010.02.08 14:48:43 | 00,827,392 | ---- | C] () -- C:\Program Files (x86)\WDICT32c.DLL
[2010.02.08 14:48:40 | 00,548,864 | ---- | C] () -- C:\Program Files (x86)\WEN.DLL
[2010.02.08 14:48:40 | 00,261,166 | ---- | C] () -- C:\Program Files (x86)\WEN.DAT
[2010.02.08 14:48:40 | 00,139,956 | ---- | C] () -- C:\Program Files (x86)\WEBFF.XPI
[2010.02.08 14:48:39 | 00,343,689 | ---- | C] () -- C:\Program Files (x86)\APPEND.DTN
[2010.02.08 14:48:39 | 00,105,456 | ---- | C] () -- C:\Program Files (x86)\APPENDO.DTN
[2010.02.08 14:48:39 | 00,011,264 | ---- | C] () -- C:\Program Files (x86)\WWWHOOK.DLL
[2010.02.08 14:48:38 | 00,000,101 | ---- | C] () -- C:\Program Files (x86)\TRANSLAT.INI
[2010.02.08 14:48:36 | 00,037,641 | ---- | C] () -- C:\Program Files (x86)\MAILTRANc.CHM
[2010.02.08 14:48:35 | 00,761,910 | ---- | C] () -- C:\Program Files (x86)\MAILTRAN.EXE
[2010.02.08 14:48:34 | 00,693,990 | ---- | C] () -- C:\Program Files (x86)\TRNIKONY.BMP
[2010.02.08 14:48:34 | 00,200,704 | ---- | C] () -- C:\Program Files (x86)\TRNOET.DL_
[2010.02.08 14:48:33 | 00,045,056 | ---- | C] () -- C:\Program Files (x86)\TRNOEH.DL_
[2010.02.08 14:48:33 | 00,032,109 | ---- | C] () -- C:\Program Files (x86)\APPEND.DTA
[2010.02.08 14:48:33 | 00,010,401 | ---- | C] () -- C:\Program Files (x86)\APPENDO.DTA
[2010.02.08 14:48:32 | 00,249,856 | ---- | C] () -- C:\Program Files (x86)\CLIPDLL.DLL
[2010.02.08 14:48:31 | 00,499,878 | ---- | C] () -- C:\Program Files (x86)\WINTRAN.DCZ
[2010.02.08 14:48:31 | 00,000,555 | ---- | C] () -- C:\Program Files (x86)\TRNIKONY.IST
[2010.02.08 14:48:25 | 00,326,134 | ---- | C] () -- C:\Program Files (x86)\WTRAN32c.CHM
[2010.02.08 14:48:25 | 00,131,233 | ---- | C] () -- C:\Program Files (x86)\WDICT32c.CHM
[2010.02.08 14:48:25 | 00,024,011 | ---- | C] () -- C:\Program Files (x86)\WDCTM32c.CHM
[2010.02.08 14:48:24 | 00,004,738 | ---- | C] () -- C:\Program Files (x86)\WTRAN32.CFG
[2010.02.08 14:48:24 | 00,001,581 | ---- | C] () -- C:\Program Files (x86)\WDICT32.CFG
[2010.02.08 14:48:23 | 03,727,360 | ---- | C] () -- C:\Program Files (x86)\WTRAN32.EXE
[2010.02.08 14:48:23 | 00,494,592 | ---- | C] () -- C:\Program Files (x86)\WTRDCTM.EXE
[2010.02.08 14:48:22 | 02,572,288 | ---- | C] () -- C:\Program Files (x86)\WDICT32.EXE
[2010.02.08 12:42:55 | 00,782,326 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.08 11:51:39 | 00,050,390 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.20 20:19:30 | 00,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.03 01:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.07 04:00:44 | 00,499,712 | R--- | C] () -- C:\Windows\SysWow64\XmlSpyLib.dll

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"" =
"PC Suite Tray" = "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2009.11.11 10:57:36 | 01,451,520 | ---- | M] (Nokia)

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 02,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 02,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 02,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 02,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 02,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 02,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 02,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 02,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 02,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 02,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 02,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 02,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 00,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 00,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 00,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 00,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 00,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 00,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 00,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 00,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 00,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 00,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 00,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 00,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 00,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 00,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 00,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 00,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 00,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 00,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< End of report >

[bledulka]

Otestuj na http://www.virustotal.com


C:\Program Files (x86)\Ixia\licensing\noded.exe

-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.




Tuhle stránku znáš?
http://www.qword.com/?s=1
O15 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..Trusted Domains: esmoss ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..Trusted Domains: esprint ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..Trusted Domains: esreq ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..Trusted Domains: intranet ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..Trusted Domains: qword.com ([]* in Trusted sites)

[kryton]

JJ ten qword znám nějak se mi nainstaloval do internet exploreru, ale teď jsem ho odinstaloval tak doufám, že už nebude otravovat. Strašně mi pak padal IE. Jinak ty ostatní esmoss, intranet apod. znám ty jsou důvěryhodný - tedy naší firmy

[kryton]

tady je ještě odkaz
http://www.virustotal.com/cs/analisis/4 ... 1279718820

dal jsem odstranit ty problémové soubory co mi našel mbab ok?

dík

[bledulka]

Promin, Jsem se v těch lozích ztratila . Jasně, v mbamu smazat.
Ty IP adresy znáš?

Já teda nikde problém nevidím, ale zkusime ještě AVPtool



Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.

[kryton]

Ahoj, tady je report. IP adresy nevidím, ale ty stránky jako essmoss a esdev01 znám ty jsou ok. Ještě jsem se chtěl zeptat jestli nemůže vadit, že mám ntb v doméně (je pracovní).

[jaro3]

Znáš tento program:
C:\Program Files (x86)\Ixia ??

Odinstaluj:
InternetDownloadToolBar
Crawler Toolbar
F-Secure


Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qword.com/?s=1
IE - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
O3 - HKLM\..\Toolbar: (InternetDownloadToolBar) - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\NBget\InternetDownload\IDTB.dll ()
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe File not found
O4 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\GPActivities present
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2096504233-149639012-1869945473-1910\..Trusted Domains: qword.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: iLO 2 Remote Console Applet https://172.20.109.12/dvc.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\ctbr.dll (Crawler.com)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - AutoRun File - [2008.10.03 22:10:05 | 00,000,095 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{2cb6c010-148b-11df-92cb-001c234e5b6d}\Shell - "" = AutoRun
O33 - MountPoints2\{2cb6c010-148b-11df-92cb-001c234e5b6d}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Users\vpa.ERA\*.tmp
D:\AUTORUN.INF
C:\Users\vpa.ERA\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP
C:\ProgramData\F-Secure
C:\Windows\tasks\SA.DAT

:Reg
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Aktualizuj javu:
Java SE Runtime Environment 6u21
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u21-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Program Files (x86)\TRNConfigA.DLL
C:\Users\vpa.ERA\Desktop\ggkywjh.png
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

[kryton]

Tu Ixia znám, to je náš firemní SW, u těch toolbarů a F-secure nevím jak odinstalovat v přidat odebrat programy nejsou a stáhnul jsem revo uninstaler a ten je taky nenašel jedině ten download toolbar jde vypnout v IE. Soubor ggkywjh.png jsem už nenašel na ploše, ale byl to jen printscreen jednoho problému co jsem řešil. Tady je log z OT:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Unable to set value : HKU\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
Unable to set value : HKU\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{376CA00C-3F95-46F7-8F04-E69906E52A1F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376CA00C-3F95-46F7-8F04-E69906E52A1F}\ deleted successfully.
C:\Program Files (x86)\NBget\InternetDownload\IDTB.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files (x86)\Crawler\ctbr.dll not found.
Registry value HKEY_USERS\S-1-5-21-2096504233-149639012-1869945473-1910\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files (x86)\Crawler\ctbr.dll not found.
Registry value HKEY_USERS\S-1-5-21-2096504233-149639012-1869945473-1910\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\GPActivities\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2096504233-149639012-1869945473-1910\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\qword.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control iLO 2 Remote Console Applet
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\iLO 2 Remote Console Applet\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\iLO 2 Remote Console Applet\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\iLO 2 Remote Console Applet\ not found.
File C:\Program Files (x86)\Crawler\ctbr.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr\ not found.
Invalid CLSID key: C:\Program Files (x86)\Crawler\ctbr.dll
File C:\Program Files (x86)\Crawler\ctbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
D:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cb6c010-148b-11df-92cb-001c234e5b6d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cb6c010-148b-11df-92cb-001c234e5b6d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cb6c010-148b-11df-92cb-001c234e5b6d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cb6c010-148b-11df-92cb-001c234e5b6d}\ not found.
File F:\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\ADP3F28.tmp moved successfully.
C:\WINDOWS\System32\adpinit.TMP moved successfully.
C:\WINDOWS\21E247D45E274BEAAA4D19A81203FE2A.TMP folder moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
C:\Windows\SysWow64\drivers\ADP3D14.tmp moved successfully.
C:\Users\vpa.ERA\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP folder moved successfully.
File\Folder D:\AUTORUN.INF not found.
File\Folder C:\Users\vpa.ERA\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP not found.
C:\ProgramData\F-Secure\Daas2\cert folder moved successfully.
C:\ProgramData\F-Secure\Daas2 folder moved successfully.
C:\ProgramData\F-Secure folder moved successfully.
C:\Windows\tasks\SA.DAT moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 52510 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jhl
->Temp folder emptied: 51147 bytes
->Temporary Internet Files folder emptied: 877495 bytes

User: pne
->Temp folder emptied: 51147 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

User: vpa
->Temp folder emptied: 1188401 bytes
->Temporary Internet Files folder emptied: 2175621 bytes

User: vpa.ERA
->Temp folder emptied: 16210407 bytes
->Temporary Internet Files folder emptied: 128616403 bytes
->Java cache emptied: 1898958 bytes
->FireFox cache emptied: 14183392 bytes

User: vpa~ERA
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1381298042 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 106826 bytes
RecycleBin emptied: 3898759544 bytes

Total Files Cleaned = 5 193,00 mb

Error: Unable to interpret <[EMPTYFLASH]> in the current context!

OTL by OldTimer - Version 3.1.27.0 log created on 07232010_113023

Files\Folders moved on Reboot...
C:\Users\vpa.ERA\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\hsperfdata_VPANB$\1836 not found!
File\Folder C:\Windows\temp\e4j5B29.tmp_dir29245\exe4jlib.jar not found!
File\Folder C:\Windows\temp\e4j5B29.tmp_dir29245\jRegistryKey.jar not found!
File\Folder C:\Windows\temp\e4j5B29.tmp_dir29245\lrcu-all.jar not found!
File\Folder C:\Windows\temp\e4j5B29.tmp_dir29245\simple-core-2.4.1.jar not found!
File\Folder C:\Windows\temp\e4j5B29.tmp_dir29245\xml-rpc.jar not found!

Registry entries deleted on Reboot...