zde je 1. log
OTL Extras logfile created on: 30.5.2012 21:00:55 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Tomas\Desktop
64bit-Windows Vista Small Business Server Service Pack 2 (Version = 6.0.6002) - Type = NTDomainController
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,99 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 19,98% Memory free
8,16 Gb Paging File | 2,58 Gb Available in Paging File | 31,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136,69 Gb Total Space | 34,62 Gb Free Space | 25,33% Space Free | Partition Type: NTFS
Drive E: | 931,48 Gb Total Space | 858,75 Gb Free Space | 92,19% Space Free | Partition Type: NTFS
Drive F: | 558,73 Gb Total Space | 449,11 Gb Free Space | 80,38% Space Free | Partition Type: NTFS
Computer Name: SERVERARROW | User Name: tomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E7602DC-16B7-4060-B7BD-B58008CA4404}" = lport=51000 | protocol=6 | dir=in | name=infotracs 51000 |
"{2E5BCAB9-6E94-4237-A973-818AB6C36857}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{30E6B79D-BB1C-4F79-AF7D-BD6376777886}" = lport=1433 | protocol=6 | dir=in | name=et sql |
"{3387C904-A192-40E8-98DE-497064A52EA9}" = lport=3050 | protocol=6 | dir=in | name=speis 3050 |
"{384439CC-E72D-49D5-8D6C-BE704AD5CBF0}" = lport=50010 | protocol=6 | dir=in | name=et maps1 |
"{49C42055-5004-4A24-A613-C01264D5D433}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C3D636E-E2D4-42F2-9EA2-1AE6B2037912}" = rport=445 | protocol=6 | dir=out | app=system |
"{6081EADF-D4C3-48D5-822E-4EE0BFEF758F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{65BE87C5-FD98-487D-AAF8-F3EDBF5D5C02}" = lport=19600 | protocol=6 | dir=in | name=raal |
"{67EAEDCD-C916-4802-A697-FE8F7AD1AB0E}" = rport=138 | protocol=17 | dir=out | app=system |
"{70C766C1-3B40-40D1-9507-4693498F1947}" = lport=56666 | protocol=17 | dir=in | name=infotracs ii 56666 |
"{7F345F5F-1232-4712-8489-F6499E42F84A}" = lport=137 | protocol=17 | dir=in | app=system |
"{88C63FCB-A01D-4233-812E-070AC3DF15B8}" = lport=56666 | protocol=6 | dir=in | name=infotracs 56666 |
"{99EFE46F-8CD6-41FC-9F56-D7A0FEA5AE31}" = lport=138 | protocol=17 | dir=in | app=system |
"{A0FC244C-13B1-4225-8C1B-0F5A184D2B09}" = lport=139 | protocol=6 | dir=in | app=system |
"{A6AC00D7-C3C8-4968-939E-14D27D2F5453}" = lport=51000 | protocol=17 | dir=in | name=infotracs i 51000 |
"{B400E3A3-B20B-4250-AE97-7F8D62943BDD}" = lport=8000 | protocol=6 | dir=in | name=et www |
"{C1E12D15-4B5A-497B-832F-8BFD0030DD2B}" = lport=987 | protocol=6 | dir=in | app=system |
"{DFF3D501-9B41-4198-9846-9022CB5A1440}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC0C8D93-79A7-411B-AF2A-0DA90469009A}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00779611-549E-4A76-8EE8-387C8B53782F}" = dir=in | app=c:\program files\microsoft\exchange server\bin\microsoft.exchange.edgesyncsvc.exe |
"{03EDBE35-D59E-4710-B696-E102706B8832}" = dir=in | app=c:\program files\microsoft\exchange server\bin\mad.exe |
"{07827BFE-4FE1-495F-8FF4-66D90EB6503F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{078D4EC8-B17C-4D31-9178-D6B353807062}" = dir=in | app=c:\windows\system32\inetsrv\inetinfo.exe |
"{07957B17-F3E7-4DC1-A118-821E6A33783F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{09A062AB-9978-464E-A06D-FB4B500663AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{09F38086-879B-4499-A3E5-12EF1CE049BD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\fileserver\fileserver.exe |
"{0D415C38-B607-4525-B0EA-36FF9DF9A88F}" = protocol=17 | dir=in | app=f:\acronis_prgram\ams\managementserver.exe |
"{0DBC78A7-067F-484C-9217-BD3A8EAFC9B5}" = protocol=6 | dir=in | app=c:\program files (x86)\apc\powerchute business edition\agent\pbeagent.exe |
"{15CFA9BD-36B1-419D-A212-2A751A54CDDF}" = dir=in | app=c:\program files\microsoft\exchange server\bin\msexchangemailboxassistants.exe |
"{194F95E8-262C-4CD3-883C-2A67DD9D4D99}" = dir=in | app=c:\program files\microsoft\exchange server\bin\microsoft.exchange.antispamupdatesvc.exe |
"{19574269-5368-4F36-81E0-9A24D5194F25}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1958A662-E82E-4547-956F-D8D7A0330FC4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{255E097C-1DF9-4270-8C81-3CF31AD4AB56}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\webserver\httpd.exe |
"{2F660FD5-FA20-4DB4-96B3-C37B0DA5FBB7}" = protocol=6 | dir=in | app=f:\acronis_prgram\ams\managementserver.exe |
"{46C65660-A488-4C29-975E-557E66E99942}" = protocol=6 | dir=in | app=c:\raal\rtw7608\klient\zachr_k.exe |
"{4714F158-FA8E-4DF0-98DB-FE7C7D04E556}" = protocol=6 | dir=in | app=c:\program files (x86)\infotracs\server\sitracs.exe |
"{4AABE7D5-1C45-41B3-AAF4-A772B06E381C}" = dir=in | app=c:\program files\microsoft\exchange server\bin\msexchangeadtopologyservice.exe |
"{567E3E20-2BF6-40B2-B91E-DFCBA2061511}" = dir=in | app=c:\program files\microsoft\exchange server\bin\microsoft.exchange.cluster.replayservice.exe |
"{575F5A05-7213-4F22-89B7-C07A9156BD28}" = protocol=17 | dir=in | app=c:\raal\rtw7608\klient\zachr_k.exe |
"{5BA467D6-31A8-4F16-8772-01C2445ED973}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{70D71712-06DE-4930-A0A3-A8B18BAFDAF3}" = dir=in | app=c:\program files\microsoft\exchange server\bin\store.exe |
"{7A8705D1-1C89-4648-9572-E2ACF9DCC80B}" = dir=in | app=c:\program files\microsoft\exchange server\bin\edgetransport.exe |
"{7D0D2D8D-8E6A-468A-8B58-06AE3D839456}" = protocol=17 | dir=in | app=c:\program files (x86)\apc\powerchute business edition\agent\pbeagent.exe |
"{82AB366D-B768-4D7B-9C36-2C911D5D9892}" = dir=in | app=c:\program files\microsoft\exchange server\bin\msexchangemailsubmission.exe |
"{8A3AED22-93AF-4C81-ADC2-CDA383F737D6}" = dir=in | app=c:\program files\microsoft\exchange server\clientaccess\popimap\microsoft.exchange.pop3service.exe |
"{8B3015D1-AE48-4141-9BE7-F744849E36AE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe |
"{8BED76AB-0F95-4B7F-9549-6A6098FE24D6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\webserver\httpd.exe |
"{8C28EDDC-1EE4-4CB4-ADFA-FDD770BBAD9B}" = dir=in | app=c:\program files\microsoft\exchange server\bin\msftesql.exe |
"{8DB3BA50-A3C8-437B-8A05-CE7C215CD230}" = dir=in | app=c:\program files\microsoft\exchange server\bin\msexchangetransport.exe |
"{8ECBAD14-E278-463C-8F17-006668AA609E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\fileserver\fileserver.exe |
"{9156CE80-021F-4FCD-ACA7-0C4F422BB213}" = protocol=17 | dir=in | app=f:\acronis_prgram\pxeserver\pxesrv.exe |
"{91862ADC-38B5-4E2A-B526-A1DBFF942544}" = protocol=17 | dir=in | app=f:\acronis_prgram\backupandrecovery\mms.exe |
"{A3DE16F2-5B7C-4CD1-A954-7B02596BC951}" = protocol=6 | dir=in | app=f:\acronis_prgram\pxeserver\pxesrv.exe |
"{A451A647-7DB9-4E2A-A762-B62CDDDD93AF}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{ACA7EA99-554F-43AD-81FF-F22401072925}" = dir=in | app=c:\program files\microsoft\exchange server\bin\microsoft.exchange.search.exsearch.exe |
"{AFCBF464-7368-462F-B479-D9EA8E4E1C29}" = dir=in | app=c:\program files\microsoft\exchange server\bin\msexchangefds.exe |
"{B670A546-0FD1-46FB-9F69-8AFEE0C11159}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
"{B7543396-3570-47F1-B7C2-355983ED92BE}" = dir=in | app=c:\program files\microsoft\exchange server\bin\msexchangetransportlogsearch.exe |
"{BFF7C713-7D32-44DC-A97C-C9D15C43BEA7}" = dir=in | app=c:\program files\microsoft\exchange server\bin\microsoft.exchange.servicehost.exe |
"{C89DEC7B-C79F-4089-85E4-013771395EE3}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
"{CDF296FF-6767-47C4-8326-C1E8475B9875}" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"{D7DBB40B-C3D1-4990-83D6-B5E447042319}" = protocol=17 | dir=in | app=c:\program files (x86)\infotracs\server\sitracs.exe |
"{DA4F2AA7-5F49-4090-8587-89F839B8D507}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DB7806A1-C670-425E-B088-FFE993362587}" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"{E4440975-5268-46AF-A9C7-FF6C87E518CF}" = dir=in | app=c:\program files\microsoft\exchange server\clientaccess\popimap\microsoft.exchange.imap4service.exe |
"{E5CEC3AB-B687-4B7F-BB9B-978F8F93DBB6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe |
"{F11F7A0E-8F91-4CE1-BA7B-A4E810EE2B8C}" = dir=in | app=c:\program files\microsoft\exchange server\bin\microsoft.exchange.monitoring.exe |
"{F72193DE-2D20-4A5E-A40F-BD336815CE42}" = protocol=6 | dir=in | app=f:\acronis_prgram\backupandrecovery\mms.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{14F288C7-C695-40D5-971D-8890605C6040}" = Microsoft Exchange 2007 Enterprise Block List Updates
"{1E9A3874-07DF-42B8-949C-BAA14E402284}" = Windows Small Business Server 2008 IDCRL
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{24B2C164-DE66-44FE-B468-A46D9D5E6B31}" = Microsoft Exchange Server
"{28170EF7-C9BE-4424-A5B3-CDC08EBEC901}" = HP Lights-Out Online Configuration Utility
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6574FDC2-40FC-405A-9554-22D1CE15686B}" = Microsoft Full Text Indexing Engine for Exchange
"{6B4AE4FA-E9CE-4F74-8E1C-5491E512971D}" = Windows Small Business Server 2008
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-1014-0000-1000-0000000FF1CE}" = Microsoft Windows SharePoint Services 3.0
"{90120000-1015-0405-1000-0000000FF1CE}" = Microsoft Windows SharePoint Services 3.0 1029 Lang Pack
"{90120000-1110-0000-1000-0000000FF1CE}" = Microsoft Windows SharePoint Services 3.0
"{93FCFF43-49E2-4AE5-9AD4-0256878AB886}" = Microsoft Exchange 2007 Enterprise Anti-spam Signatures
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9E13F37B-D556-48DB-9894-90B6233A2DA7}" = HP Insight Management WBEM Providers
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{BDD79957-5801-4A2D-B09E-852E7FA64D01}" = Windows Internal Database (MICROSOFT##SSEE)
"{C3F10D8C-BD70-4516-B2B4-BF6901980741}" = Microsoft Exchange 2007 Enterprise Anti-spam Filter Updates
"{C40D6727-57FE-4671-B51A-69B0F21F44B5}" = Microsoft SQL Server Management Studio Express
"{C8DF9235-E246-44BB-8069-BEBDEF6C2F41}" = Visual C++ 8.0 SP1 Runtime DLLs (x64/release)
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32B3BF4-4019-4D62-8400-6B2E16CDEA23}" = HP ProLiant Integrated Management Log Viewer
"{D49E9256-B639-4D13-82B3-8EBECA577680}" = Microsoft SQL Server 2005 Backward compatibility
"{DCEA910B-3269-4F5B-A915-D59293004751}" = HP Insight Diagnostics Online Edition for Windows
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"ATI Display Driver" = ATI Display Driver
"HP-{0D1A88D4-29D7-4ED4-8045-932D7205F589}" = HP Insight Management WBEM Providers for Windows Server 2003/2008 x64 Editions
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Exchange" = Microsoft Exchange Server 2007
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Recuva" = Recuva
"Windows Small Business Server 2008" = Windows Small Business Server 2008
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0B6F7414-A19D-4C98-8D2A-A6051DD0E1F5}" = Tvůrce spouštěcích médií Acronis Backup & Recovery 11
"{22F1877A-DC27-4E3F-A109-55BDB1EEF2DF}" = Microsoft Forefront Security for Exchange Server
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACRONIS)
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}" = HP System Management Homepage
"{41EE877D-C394-4595-A4DA-485D33BF7732}" = Licenční server Acronis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{575E8CD4-1DCD-47DA-BD6E-31696B0BA0E9}" = Nástroj příkazového řádku Acronis Backup & Recovery 11
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76F45E38-D132-4388-9C79-A9DDF7086086}" = Acronis Backup & Recovery 11 Agent
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78098964-F43B-46D5-855B-C3CA0AF7191E}" = Server PXE Acronis
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-1014-0000-1000-0000000FF1CE}_WSS_{1DE4B6EC-F134-4DDF-B75E-649B5AD6DC50}" = The 2007 Microsoft Office Servers Service Pack 3 (SP3) and Windows SharePoint Services 3.0 SP3, 64-bit Editions
"{90120000-1015-0405-1000-0000000FF1CE}_WSS_{25945598-D88E-453F-B545-7AD610831FB3}" = Windows SharePoint Services 3.0 SP3 (SP3)
"{90120000-1110-0000-1000-0000000FF1CE}_WSS_{E65822F8-D000-4E0E-9740-74EF2EFF3A13}" = Windows SharePoint Services 3.0 SP3 (SP3)
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A8EDD9FE-282E-4769-BACB-C236813466BD}" = Server pro správu Acronis Backup & Recovery 11
"{AC76BA86-7AD7-1029-7B44-A95000000001}" = Adobe Reader 9.5.0 - Czech
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (SBSMONITORING)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCE65A84-0632-40B2-89DC-9E7F18C82154}" = Microsoft Forefront Server Security
"{BCE9F441-9027-4911-82E0-5FB28057897D}" = APC PowerChute Business Edition Agent
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C418F8F9-9EBE-477E-9CA9-4AC3F46B2198}" = Sledování v systémové oblasti Acronis Backup & Recovery 11
"{C56B23C5-699A-44CF-8CBE-1B993295D11B}" = Součásti pro vzdálenou instalaci Acronis
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{E33BCC17-0E55-473C-AEF7-DB9C12B8B0CB}" = Acronis Backup & Recovery 11 Jádro agenta
"{E51F34D7-9F38-457F-8103-23D914567A9F}" = Konzola pro správu Acronis Backup & Recovery 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FDBA22DA-2061-4A52-B02B-0AB83D8DF53E}" = Microsoft Forefront Server Security
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Borland Database Engine Setup" = Borland Database Engine Setup
"EchoTrack_is1" = EchoTrack 2.7
"EchoTrack_Spedition" = EchoTrack_Spedition
"ESET Online Scanner" = ESET Online Scanner v3
"FBDBServer_2_1_is1" = Firebird 2.1.2.18118 (Win32)
"FreeCommander_is1" = FreeCommander 2009.02b
"FUSION WOL_is1" = FUSION WOL v1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.61.0.1400
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"NIS" = Norton Internet Security
"Opera 11.64.1403" = Opera 11.64
"RAALTRANS 7.608" = RAALTRANS 7.608
"RealVNC_is1" = VNC Free Edition 4.1.3
"SPEiS Doprava_is1" = SPEiS Doprava
"TightVNC" = TightVNC 2.0.4
"Totalcmd" = Total Commander (Remove or Repair)
"Undelete Plus_is1" = Undelete Plus 2.93
"WSS" = Microsoft Windows SharePoint Services 3.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.5.2012 14:44:06 | Computer Name = SERVERARROW.arrow.local | Source = MSSQL$SBSMONITORING | ID = 824
Description = SQL Server detected a logical consistency-based I/O error: incorrect
checksum (expected: 0x9143ea61; actual: 0x91436a61). It occurred during a read
of page (1:55902) in database ID 5 at offset 0x0000001b4bc000 in file 'C:\Program
Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\SBSMonitoring.mdf'. Additional
messages in the SQL Server error log or system event log may provide more detail.
This is a severe error condition that threatens database integrity and must be
corrected immediately. Complete a full database consistency check (DBCC CHECKDB).
This error can be caused by many factors; for more information, see SQL Server
Books Online.
Error - 30.5.2012 14:46:27 | Computer Name = SERVERARROW.arrow.local | Source = MSSQL$SBSMONITORING | ID = 824
Description = SQL Server detected a logical consistency-based I/O error: incorrect
checksum (expected: 0x9143ea61; actual: 0x91436a61). It occurred during a read
of page (1:55902) in database ID 5 at offset 0x0000001b4bc000 in file 'C:\Program
Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\SBSMonitoring.mdf'. Additional
messages in the SQL Server error log or system event log may provide more detail.
This is a severe error condition that threatens database integrity and must be
corrected immediately. Complete a full database consistency check (DBCC CHECKDB).
This error can be caused by many factors; for more information, see SQL Server
Books Online.
Error - 30.5.2012 14:46:30 | Computer Name = SERVERARROW.arrow.local | Source = MSSQL$SBSMONITORING | ID = 824
Description = SQL Server detected a logical consistency-based I/O error: incorrect
checksum (expected: 0x9143ea61; actual: 0x91436a61). It occurred during a read
of page (1:55902) in database ID 5 at offset 0x0000001b4bc000 in file 'C:\Program
Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\SBSMonitoring.mdf'. Additional
messages in the SQL Server error log or system event log may provide more detail.
This is a severe error condition that threatens database integrity and must be
corrected immediately. Complete a full database consistency check (DBCC CHECKDB).
This error can be caused by many factors; for more information, see SQL Server
Books Online.
Error - 30.5.2012 14:49:31 | Computer Name = SERVERARROW.arrow.local | Source = MSSQL$SBSMONITORING | ID = 824
Description = SQL Server detected a logical consistency-based I/O error: incorrect
checksum (expected: 0x9143ea61; actual: 0x91436a61). It occurred during a read
of page (1:55902) in database ID 5 at offset 0x0000001b4bc000 in file 'C:\Program
Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\SBSMonitoring.mdf'. Additional
messages in the SQL Server error log or system event log may provide more detail.
This is a severe error condition that threatens database integrity and must be
corrected immediately. Complete a full database consistency check (DBCC CHECKDB).
This error can be caused by many factors; for more information, see SQL Server
Books Online.
Error - 30.5.2012 14:49:34 | Computer Name = SERVERARROW.arrow.local | Source = MSSQL$SBSMONITORING | ID = 824
Description = SQL Server detected a logical consistency-based I/O error: incorrect
checksum (expected: 0x9143ea61; actual: 0x91436a61). It occurred during a read
of page (1:55902) in database ID 5 at offset 0x0000001b4bc000 in file 'C:\Program
Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\SBSMonitoring.mdf'. Additional
messages in the SQL Server error log or system event log may provide more detail.
This is a severe error condition that threatens database integrity and must be
corrected immediately. Complete a full database consistency check (DBCC CHECKDB).
This error can be caused by many factors; for more information, see SQL Server
Books Online.
Error - 30.5.2012 14:50:11 | Computer Name = SERVERARROW.arrow.local | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 30.5.2012 14:52:35 | Computer Name = SERVERARROW.arrow.local | Source = MSSQL$SBSMONITORING | ID = 824
Description = SQL Server detected a logical consistency-based I/O error: incorrect
checksum (expected: 0x9143ea61; actual: 0x91436a61). It occurred during a read
of page (1:55902) in database ID 5 at offset 0x0000001b4bc000 in file 'C:\Program
Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\SBSMonitoring.mdf'. Additional
messages in the SQL Server error log or system event log may provide more detail.
This is a severe error condition that threatens database integrity and must be
corrected immediately. Complete a full database consistency check (DBCC CHECKDB).
This error can be caused by many factors; for more information, see SQL Server
Books Online.
Error - 30.5.2012 14:52:37 | Computer Name = SERVERARROW.arrow.local | Source = MSSQL$SBSMONITORING | ID = 824
Description = SQL Server detected a logical consistency-based I/O error: incorrect
checksum (expected: 0x9143ea61; actual: 0x91436a61). It occurred during a read
of page (1:55902) in database ID 5 at offset 0x0000001b4bc000 in file 'C:\Program
Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\SBSMonitoring.mdf'. Additional
messages in the SQL Server error log or system event log may provide more detail.
This is a severe error condition that threatens database integrity and must be
corrected immediately. Complete a full database consistency check (DBCC CHECKDB).
This error can be caused by many factors; for more information, see SQL Server
Books Online.
Error - 30.5.2012 14:55:39 | Computer Name = SERVERARROW.arrow.local | Source = MSSQL$SBSMONITORING | ID = 824
Description = SQL Server detected a logical consistency-based I/O error: incorrect
checksum (expected: 0x9143ea61; actual: 0x91436a61). It occurred during a read
of page (1:55902) in database ID 5 at offset 0x0000001b4bc000 in file 'C:\Program
Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\SBSMonitoring.mdf'. Additional
messages in the SQL Server error log or system event log may provide more detail.
This is a severe error condition that threatens database integrity and must be
corrected immediately. Complete a full database consistency check (DBCC CHECKDB).
This error can be caused by many factors; for more information, see SQL Server
Books Online.
Error - 30.5.2012 14:55:42 | Computer Name = SERVERARROW.arrow.local | Source = MSSQL$SBSMONITORING | ID = 824
Description = SQL Server detected a logical consistency-based I/O error: incorrect
checksum (expected: 0x9143ea61; actual: 0x91436a61). It occurred during a read
of page (1:55902) in database ID 5 at offset 0x0000001b4bc000 in file 'C:\Program
Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\SBSMonitoring.mdf'. Additional
messages in the SQL Server error log or system event log may provide more detail.
This is a severe error condition that threatens database integrity and must be
corrected immediately. Complete a full database consistency check (DBCC CHECKDB).
This error can be caused by many factors; for more information, see SQL Server
Books Online.
[ DFS Replication Events ]
Error - 9.7.2009 16:43:07 | Computer Name = WIN-U5Y7FHLY8SX | Source = DFSR | ID = 1202
Description = Službě Replikace distribuovaného systému souborů (DFSR) se nepodařilo
kontaktovat řadič domény ?0?????????????????????????? s cílem získat přístup k informacím
o konfiguraci. Replikace se zastavila. Služba bude pokus opakovat během příštího
cyklu dotazování na konfiguraci, ke kterému dojde za ???5???????????????????????.
min. Tato událost může být způsobena problémy s připojením TCP/IP, branou firewall,
službou Active Directory Domain Services nebo službou DNS. Další informace: Chyba:
?????????????????????????? (???????????????????????.)
Error - 9.7.2009 16:50:48 | Computer Name = WIN-U5Y7FHLY8SX | Source = DFSR | ID = 1202
Description = Službě Replikace distribuovaného systému souborů (DFSR) se nepodařilo
kontaktovat řadič domény ?0?????????????????????????? s cílem získat přístup k informacím
o konfiguraci. Replikace se zastavila. Služba bude pokus opakovat během příštího
cyklu dotazování na konfiguraci, ke kterému dojde za ???5???????????????????????.
min. Tato událost může být způsobena problémy s připojením TCP/IP, branou firewall,
službou Active Directory Domain Services nebo službou DNS. Další informace: Chyba:
?????????????????????????? (???????????????????????.)
Error - 1.3.2012 11:03:44 | Computer Name = SERVERARROW.arrow.local | Source = DFSR | ID = 1302
Description = Služba Replikace distribuovaného systému souborů (DFSR) nalezla chybu
při zápisu do souboru protokolu ladění. K neúspěšnému zápisu do souboru protokolu
ladění může dojít, protože je disk zaplněn, protože disk selhává nebo protože bylo
u složky, do které se protokoly zapisují, dosaženo limitu kvóty. Protokolování bude
zakázáno do vyřešení této chyby. Další informace: Chyba: ?2????????????.????????\?04???
(????????????.????????\?04???) Cesta k souboru protokolu ladění: ????????\?04???
Maximální
počet souborů protokolů ladění: ?04??? Závažnost protokolu ladění: 4??? Maximální
počet zpráv v protokolech ladění: ???
Error - 1.3.2012 11:28:44 | Computer Name = SERVERARROW.arrow.local | Source = DFSR | ID = 1302
Description = Služba Replikace distribuovaného systému souborů (DFSR) nalezla chybu
při zápisu do souboru protokolu ladění. K neúspěšnému zápisu do souboru protokolu
ladění může dojít, protože je disk zaplněn, protože disk selhává nebo protože bylo
u složky, do které se protokoly zapisují, dosaženo limitu kvóty. Protokolování bude
zakázáno do vyřešení této chyby. Další informace: Chyba: ?2????????????.????????\?04???
(????????????.????????\?04???) Cesta k souboru protokolu ladění: ????????\?04???
Maximální
počet souborů protokolů ladění: ?04??? Závažnost protokolu ladění: 4??? Maximální
počet zpráv v protokolech ladění: ???
Error - 1.3.2012 11:48:45 | Computer Name = SERVERARROW.arrow.local | Source = DFSR | ID = 1302
Description = Služba Replikace distribuovaného systému souborů (DFSR) nalezla chybu
při zápisu do souboru protokolu ladění. K neúspěšnému zápisu do souboru protokolu
ladění může dojít, protože je disk zaplněn, protože disk selhává nebo protože bylo
u složky, do které se protokoly zapisují, dosaženo limitu kvóty. Protokolování bude
zakázáno do vyřešení této chyby. Další informace: Chyba: ?2????????????.????????\?04???
(????????????.????????\?04???) Cesta k souboru protokolu ladění: ????????\?04???
Maximální
počet souborů protokolů ladění: ?04??? Závažnost protokolu ladění: 4??? Maximální
počet zpráv v protokolech ladění: ???
Error - 1.3.2012 13:08:45 | Computer Name = SERVERARROW.arrow.local | Source = DFSR | ID = 1302
Description = Služba Replikace distribuovaného systému souborů (DFSR) nalezla chybu
při zápisu do souboru protokolu ladění. K neúspěšnému zápisu do souboru protokolu
ladění může dojít, protože je disk zaplněn, protože disk selhává nebo protože bylo
u složky, do které se protokoly zapisují, dosaženo limitu kvóty. Protokolování bude
zakázáno do vyřešení této chyby. Další informace: Chyba: ?2????????????.????????\?04???
(????????????.????????\?04???) Cesta k souboru protokolu ladění: ????????\?04???
Maximální
počet souborů protokolů ladění: ?04??? Závažnost protokolu ladění: 4??? Maximální
počet zpráv v protokolech ladění: ???
Error - 1.3.2012 13:33:46 | Computer Name = SERVERARROW.arrow.local | Source = DFSR | ID = 1302
Description = Služba Replikace distribuovaného systému souborů (DFSR) nalezla chybu
při zápisu do souboru protokolu ladění. K neúspěšnému zápisu do souboru protokolu
ladění může dojít, protože je disk zaplněn, protože disk selhává nebo protože bylo
u složky, do které se protokoly zapisují, dosaženo limitu kvóty. Protokolování bude
zakázáno do vyřešení této chyby. Další informace: Chyba: ?2????????????.????????\?04???
(????????????.????????\?04???) Cesta k souboru protokolu ladění: ????????\?04???
Maximální
počet souborů protokolů ladění: ?04??? Závažnost protokolu ladění: 4??? Maximální
počet zpráv v protokolech ladění: ???
[ DNS Server Events ]
Error - 18.7.2011 8:32:40 | Computer Name = SERVERARROW.arrow.local | Source = DNS | ID = 404
Description = Server DNS nemohl vytvořit vazbu soketu protokolu TCP (Transmission
Control Protocol) na adresu 192.168.1.100. Kód chyby je uložen v datovém bloku
události. Adresa IP s hodnotou 0.0.0.0 může označovat platnou konfiguraci typu Libovolná
adresa, při které jsou všechny adresy IP nakonfigurované v daném počítači k dispozici
pro použití. Restartujte server DNS nebo počítač.
Error - 18.7.2011 8:32:40 | Computer Name = SERVERARROW.arrow.local | Source = DNS | ID = 408
Description = Server DNS nemohl otevřít soket pro adresu 192.168.1.100. Ověřte,
zda se jedná o platnou adresu IP pro daný počítač se serverem. Jestliže se NEJEDNÁ
o platnou adresu, odeberte ji ze seznamu rozhraní protokolu IP pomocí dialogového
okna Rozhraní ve vlastnostech serveru ve Správci DNS. Poté zastavte a restartujte
server DNS. (V případě, že se jednalo o jediné rozhraní protokolu IP v tomto počítači
a server DNS nemohl být následkem této chyby spuštěn, odeberte z oddílu služeb
registru hodnotu DNS\Parameters\ListenAddress a restartujte server.) Jestliže se
jedná o platnou adresu IP pro tento počítač, zkontrolujte, zda není spuštěna žádná
jiná aplikace (například další server DNS), která by se pokoušela použít port DNS.
Další informace naleznete v online nápovědě v tématu Referenční informace k protokolům
serverů DNS.
Error - 25.4.2012 2:44:07 | Computer Name = SERVERARROW.arrow.local | Source = DNS | ID = 4015
Description = Server DNS zjistil kritickou chybu ze služby Active Directory. Zkontrolujte,
zda služba Active Directory pracuje správně. Rozšířené ladicí informace o chybě
(mohou být prázdné): . Chyba je uložena v datovém bloku události.
Error - 25.4.2012 2:44:07 | Computer Name = SERVERARROW.arrow.local | Source = DNS | ID = 4004
Description = Server DNS nemohl dokončit vytváření výčtu adresářových služeb u zóny
.. Tento server DNS je nakonfigurován tak, aby pro tuto zónu používal informace
získané ze služby Active Directory, a bez těchto informací nemůže zónu načíst.
Zkontrolujte, zda služba Active Directory pracuje správně, a zopakujte vytvoření
výčtu u této zóny. Rozšířené ladicí informace o chybě (mohou být prázdné): . Chyba
je uložena v datovém bloku události.
Error - 25.4.2012 2:44:07 | Computer Name = SERVERARROW.arrow.local | Source = DNS | ID = 4004
Description = Server DNS nemohl dokončit vytváření výčtu adresářových služeb u zóny
_msdcs.arrow.local. Tento server DNS je nakonfigurován tak, aby pro tuto zónu používal
informace získané ze služby Active Directory, a bez těchto informací nemůže zónu
načíst. Zkontrolujte, zda služba Active Directory pracuje správně, a zopakujte
vytvoření výčtu u této zóny. Rozšířené ladicí informace o chybě (mohou být prázdné):
. Chyba je uložena v datovém bloku události.
Error - 25.4.2012 2:44:07 | Computer Name = SERVERARROW.arrow.local | Source = DNS | ID = 4004
Description = Server DNS nemohl dokončit vytváření výčtu adresářových služeb u zóny
arrow.local. Tento server DNS je nakonfigurován tak, aby pro tuto zónu používal
informace získané ze služby Active Directory, a bez těchto informací nemůže zónu
načíst. Zkontrolujte, zda služba Active Directory pracuje správně, a zopakujte
vytvoření výčtu u této zóny. Rozšířené ladicí informace o chybě (mohou být prázdné):
. Chyba je uložena v datovém bloku události.
Error - 25.4.2012 2:47:07 | Computer Name = SERVERARROW.arrow.local | Source = DNS | ID = 4000
Description = Server DNS nemohl spustit službu Active Directory. Tento server DNS
je nakonfigurován tak, aby pro tuto zónu získával a používal informace z adresáře,
a bez těchto informací nemůže zónu načíst. Zkontrolujte, zda služba Active Directory
pracuje správně, a načtěte zónu znovu. Kód chyby je uložen v datovém bloku události.
Error - 25.4.2012 2:50:07 | Computer Name = SERVERARROW.arrow.local | Source = DNS | ID = 4000
Description = Server DNS nemohl spustit službu Active Directory. Tento server DNS
je nakonfigurován tak, aby pro tuto zónu získával a používal informace z adresáře,
a bez těchto informací nemůže zónu načíst. Zkontrolujte, zda služba Active Directory
pracuje správně, a načtěte zónu znovu. Kód chyby je uložen v datovém bloku události.
Error - 25.4.2012 2:53:07 | Computer Name = SERVERARROW.arrow.local | Source = DNS | ID = 4000
Description = Server DNS nemohl spustit službu Active Directory. Tento server DNS
je nakonfigurován tak, aby pro tuto zónu získával a používal informace z adresáře,
a bez těchto informací nemůže zónu načíst. Zkontrolujte, zda služba Active Directory
pracuje správně, a načtěte zónu znovu. Kód chyby je uložen v datovém bloku události.
Error - 25.4.2012 2:56:07 | Computer Name = SERVERARROW.arrow.local | Source = DNS | ID = 4000
Description = Server DNS nemohl spustit službu Active Directory. Tento server DNS
je nakonfigurován tak, aby pro tuto zónu získával a používal informace z adresáře,
a bez těchto informací nemůže zónu načíst. Zkontrolujte, zda služba Active Directory
pracuje správně, a načtěte zónu znovu. Kód chyby je uložen v datovém bloku události.
[ File Replication Service Events ]
Error - 27.2.2012 20:15:06 | Computer Name = SERVERARROW.arrow.local | Source = NtFrs | ID = 13570
Description = Služba replikace souborů zjistila, že na svazku, který je hostitelem
cesty c:, není dostatek místa na disku. Dokud na tomto svazku nebude uvolněno místo
na disku, soubory pravděpodobně nebudou replikovány. Volné místo na svazku lze zjistit
zadáním příkazu "dir /a c:". Další informace o správě místa na svazku získáte zadáním
příkazů "copy /?", "rename /?", "del /?", "rmdir /?" a "dir /?".
Error - 27.2.2012 20:15:06 | Computer Name = SERVERARROW.arrow.local | Source = NtFrs | ID = 13570
Description = Služba replikace souborů zjistila, že na svazku, který je hostitelem
cesty C:, není dostatek místa na disku. Dokud na tomto svazku nebude uvolněno místo
na disku, soubory pravděpodobně nebudou replikovány. Volné místo na svazku lze zjistit
zadáním příkazu "dir /a C:". Další informace o správě místa na svazku získáte zadáním
příkazů "copy /?", "rename /?", "del /?", "rmdir /?" a "dir /?".
Error - 28.2.2012 20:15:56 | Computer Name = SERVERARROW.arrow.local | Source = NtFrs | ID = 13570
Description = Služba replikace souborů zjistila, že na svazku, který je hostitelem
cesty c:, není dostatek místa na disku. Dokud na tomto svazku nebude uvolněno místo
na disku, soubory pravděpodobně nebudou replikovány. Volné místo na svazku lze zjistit
zadáním příkazu "dir /a c:". Další informace o správě místa na svazku získáte zadáním
příkazů "copy /?", "rename /?", "del /?", "rmdir /?" a "dir /?".
Error - 28.2.2012 20:15:56 | Computer Name = SERVERARROW.arrow.local | Source = NtFrs | ID = 13570
Description = Služba replikace souborů zjistila, že na svazku, který je hostitelem
cesty C:, není dostatek místa na disku. Dokud na tomto svazku nebude uvolněno místo
na disku, soubory pravděpodobně nebudou replikovány. Volné místo na svazku lze zjistit
zadáním příkazu "dir /a C:". Další informace o správě místa na svazku získáte zadáním
příkazů "copy /?", "rename /?", "del /?", "rmdir /?" a "dir /?".
Error - 29.2.2012 20:16:46 | Computer Name = SERVERARROW.arrow.local | Source = NtFrs | ID = 13570
Description = Služba replikace souborů zjistila, že na svazku, který je hostitelem
cesty c:, není dostatek místa na disku. Dokud na tomto svazku nebude uvolněno místo
na disku, soubory pravděpodobně nebudou replikovány. Volné místo na svazku lze zjistit
zadáním příkazu "dir /a c:". Další informace o správě místa na svazku získáte zadáním
příkazů "copy /?", "rename /?", "del /?", "rmdir /?" a "dir /?".
Error - 29.2.2012 20:16:46 | Computer Name = SERVERARROW.arrow.local | Source = NtFrs | ID = 13570
Description = Služba replikace souborů zjistila, že na svazku, který je hostitelem
cesty C:, není dostatek místa na disku. Dokud na tomto svazku nebude uvolněno místo
na disku, soubory pravděpodobně nebudou replikovány. Volné místo na svazku lze zjistit
zadáním příkazu "dir /a C:". Další informace o správě místa na svazku získáte zadáním
příkazů "copy /?", "rename /?", "del /?", "rmdir /?" a "dir /?".
Error - 1.3.2012 15:14:11 | Computer Name = SERVERARROW.arrow.local | Source = NtFrs | ID = 13570
Description = Služba replikace souborů zjistila, že na svazku, který je hostitelem
cesty c:, není dostatek místa na disku. Dokud na tomto svazku nebude uvolněno místo
na disku, soubory pravděpodobně nebudou replikovány. Volné místo na svazku lze zjistit
zadáním příkazu "dir /a c:". Další informace o správě místa na svazku získáte zadáním
příkazů "copy /?", "rename /?", "del /?", "rmdir /?" a "dir /?".
Error - 1.3.2012 15:14:11 | Computer Name = SERVERARROW.arrow.local | Source = NtFrs | ID = 13570
Description = Služba replikace souborů zjistila, že na svazku, který je hostitelem
cesty C:, není dostatek místa na disku. Dokud na tomto svazku nebude uvolněno místo
na disku, soubory pravděpodobně nebudou replikovány. Volné místo na svazku lze zjistit
zadáním příkazu "dir /a C:". Další informace o správě místa na svazku získáte zadáním
příkazů "copy /?", "rename /?", "del /?", "rmdir /?" a "dir /?".
Error - 1.4.2012 18:16:16 | Computer Name = SERVERARROW.arrow.local | Source = NtFrs | ID = 13519
Description = Služba replikace souborů nemohla neznámému uživateli poskytnout přístup
k
API Get Perfmon Data. Kontrola přístupu může být pro Get Perfmon Data vypnuta spuštěním
regedit. Klepněte na tlačítko Start, položku Spustit a zadejte regedit. Rozbalte
větev HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Services, NtFrs, Parameters,
Access
Checks, Get Perfmon Data a Access checks are [Enabled or Disabled]. Změňte řetězec
na Disabled. Oprávnění mohou být změněna zvýrazněním Get Perfmon Data, dále klepnutím
na
možnost panelu nástrojů Zabezpečení a poté na Oprávnění...
Error - 25.4.2012 2:36:54 | Computer Name = SERVERARROW.arrow.local | Source = NtFrs | ID = 13568
Description =
[ System Events ]
Error - 30.5.2012 14:36:47 | Computer Name = SERVERARROW.arrow.local | Source = DCOM | ID = 10009
Description =
Error - 30.5.2012 14:37:09 | Computer Name = SERVERARROW.arrow.local | Source = DCOM | ID = 10009
Description =
Error - 30.5.2012 14:37:31 | Computer Name = SERVERARROW.arrow.local | Source = DCOM | ID = 10009
Description =
Error - 30.5.2012 14:37:53 | Computer Name = SERVERARROW.arrow.local | Source = DCOM | ID = 10009
Description =
Error - 30.5.2012 14:38:15 | Computer Name = SERVERARROW.arrow.local | Source = DCOM | ID = 10009
Description =
Error - 30.5.2012 14:38:37 | Computer Name = SERVERARROW.arrow.local | Source = DCOM | ID = 10009
Description =
Error - 30.5.2012 14:38:59 | Computer Name = SERVERARROW.arrow.local | Source = DCOM | ID = 10009
Description =
Error - 30.5.2012 15:06:27 | Computer Name = SERVERARROW.arrow.local | Source = DCOM | ID = 10009
Description =
Error - 30.5.2012 15:06:49 | Computer Name = SERVERARROW.arrow.local | Source = DCOM | ID = 10009
Description =
Error - 30.5.2012 15:07:11 | Computer Name = SERVERARROW.arrow.local | Source = DCOM | ID = 10009
Description =
< End of report >
Mohu poprosit o kontrolu logu HiJackThis Vyřešeno
Re: Mohu poprosit o kontrolu logu HiJackThis
a druhý:
OTL logfile created on: 30.5.2012 21:00:55 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Tomas\Desktop
64bit-Windows Vista Small Business Server Service Pack 2 (Version = 6.0.6002) - Type = NTDomainController
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,99 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 19,98% Memory free
8,16 Gb Paging File | 2,58 Gb Available in Paging File | 31,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136,69 Gb Total Space | 34,62 Gb Free Space | 25,33% Space Free | Partition Type: NTFS
Drive E: | 931,48 Gb Total Space | 858,75 Gb Free Space | 92,19% Space Free | Partition Type: NTFS
Drive F: | 558,73 Gb Total Space | 449,11 Gb Free Space | 80,38% Space Free | Partition Type: NTFS
Computer Name: SERVERARROW | User Name: tomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Tomas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\WindowsUpdate\gserver.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
PRC - F:\Acronis_prgram\AMS\ManagementServer.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\ARSM\arsm.exe (Acronis)
PRC - F:\Acronis_prgram\BackupAndRecovery\mms.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\FileServer\fileserver.exe (Acronis)
PRC - F:\Acronis_prgram\PXEServer\pxesrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis)
PRC - c:\EchoTrack\WEB\Bin\ETServer03.exe ()
PRC - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\EchoTrack\Bin\Auris Report Service.exe (AURIS CZ, s.r.o.)
PRC - c:\EchoTrack\Bin\Auris GPRS Automat.exe (AURIS CZ, s.r.o.)
PRC - C:\EchoTrack\EchoAgent\EchoAgent.exe (Auris CZ, spol. s r.o.)
PRC - C:\Program Files (x86)\Common Files\Acronis\WebServer\httpd.exe (Apache Software Foundation)
PRC - C:\RAAL\RTW7608\Server\RAALSrvr.exe (ComArr, s.r.o.)
PRC - C:\hp\hpsmh\bin\smhstart.exe (Hewlett-Packard Company)
PRC - C:\hp\hpsmh\bin\hpsmhd.exe (Hewlett-Packard Company)
PRC - C:\hp\hpsmh\bin\rotatelogs.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TightVNC\WinVNC.exe (TightVNC Group)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
PRC - C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe (APC)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\WindowsUpdate\gserver.exe ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (Nationaljrw) -- C:\Windows\SysNative\hexsvchost.exe ()
SRV:64bit: - (DNS) -- C:\Windows\SysNative\dns.exe (Microsoft Corporation)
SRV:64bit: - (SQLAgent$ECHOTRACK) SQL Server Agent (ECHOTRACK) -- C:\Program Files\Microsoft SQL Server\MSSQL10_50.ECHOTRACK\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV:64bit: - (DataCollectorSvc) -- C:\Program Files\Windows Small Business Server\Bin\DataCollectorSvc.exe (Microsoft Corporation)
SRV:64bit: - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeIS) -- C:\Program Files\Microsoft\Exchange Server\Bin\store.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeImap4) -- C:\Program Files\Microsoft\Exchange Server\ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangePop3) -- C:\Program Files\Microsoft\Exchange Server\ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeMonitoring) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Monitoring.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeMailSubmission) -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailSubmission.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeMailboxAssistants) -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailboxAssistants.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeAntispamUpdate) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeTransportLogSearch) -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransportLogSearch.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeTransport) -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransport.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeEdgeSync) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.EdgeSyncSvc.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeServiceHost) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.ServiceHost.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeADTopology) -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeADTopologyService.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeFDS) -- C:\Program Files\Microsoft\Exchange Server\Bin\MsExchangeFDS.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeSearch) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Search.ExSearch.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeRepl) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Cluster.ReplayService.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeSA) -- C:\Program Files\Microsoft\Exchange Server\Bin\mad.exe (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\shsvcs.dll (Microsoft Corporation)
SRV:64bit: - (sysdown) -- C:\Windows\SysNative\sysdown.exe (Hewlett-Packard Company)
SRV:64bit: - (HPWMISTOR) -- C:\Program Files\HPWBEM\Storage\Service\hpwmistor.exe (Hewlett-Packard Company)
SRV:64bit: - (SysMain) -- C:\Windows\SysNative\sysmain.dll (Microsoft Corporation)
SRV:64bit: - (SrmSvc) -- C:\Windows\SysNative\srmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DHCPServer) -- C:\Windows\SysNative\dhcpssvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (RPCHTTPLBS) -- C:\Windows\SysNative\RpcProxy\LBService.dll (Microsoft Corporation)
SRV:64bit: - (TSGateway) -- C:\Windows\SysNative\aaedge.dll (Microsoft Corporation)
SRV:64bit: - (SrmReports) -- C:\Windows\SysNative\srmhost.exe (Microsoft Corporation)
SRV:64bit: - (silsvc) -- C:\Windows\SysNative\silsvc.exe (Microsoft Corporation)
SRV:64bit: - (RSoPProv) -- C:\Windows\SysNative\RSoPProv.exe (Microsoft Corporation)
SRV:64bit: - (NtFrs) -- C:\Windows\SysNative\ntfrs.exe (Microsoft Corporation)
SRV:64bit: - (DFSR) -- C:\Windows\SysNative\DFSRs.exe (Microsoft Corporation)
SRV:64bit: - (CertSvc) -- C:\Windows\SysNative\certsrv.exe (Microsoft Corporation)
SRV:64bit: - (Dfs) -- C:\Windows\SysNative\dfssvc.exe (Microsoft Corporation)
SRV:64bit: - (Pop3Connector) -- C:\Program Files\Windows Small Business Server\Bin\Pop3Connector.exe (Microsoft Corporation)
SRV:64bit: - (wsbexchange) -- C:\Program Files\Windows Small Business Server\Bin\wsbexchange.exe (Microsoft Corporation)
SRV:64bit: - (ddnsclient) -- C:\Program Files\Windows Small Business Server\Bin\DDnsClient.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Rqs) -- C:\Windows\SysNative\rqs.exe (Microsoft Corporation)
SRV:64bit: - (IsmServ) -- C:\Windows\SysNative\ismserv.exe (Microsoft Corporation)
SRV:64bit: - (WMSvc) -- C:\Windows\SysNative\inetsrv\wmsvc.exe (Microsoft Corporation)
SRV:64bit: - (MSFTPSVC) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (sacsvr) -- C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation)
SRV:64bit: - (FCRegSvc) -- C:\Windows\SysNative\FCRegSvc.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
SRV:64bit: - (IPBusEnum) -- C:\Windows\SysNative\ipbusenum.dll (Microsoft Corporation)
SRV:64bit: - (Browser) -- C:\Windows\SysNative\browser.dll (Microsoft Corporation)
SRV:64bit: - (.Net CLRAA) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (msftesql-Exchange) Microsoft Search (Exchange) -- C:\Program Files\Microsoft\Exchange Server\Bin\msftesql.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)
SRV - (AMS) -- F:\Acronis_prgram\AMS\ManagementServer.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ARSM) -- C:\Program Files (x86)\Acronis\ARSM\arsm.exe (Acronis)
SRV - (MMS) -- F:\Acronis_prgram\BackupAndRecovery\mms.exe (Acronis)
SRV - (AcronisFS) -- C:\Program Files (x86)\Common Files\Acronis\FileServer\fileserver.exe (Acronis)
SRV - (AcronisPXE) -- F:\Acronis_prgram\PXEServer\pxesrv.exe (Acronis)
SRV - (AcronisAgent) -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis)
SRV - (ETServer03) -- c:\EchoTrack\WEB\Bin\ETServer03.exe ()
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (Auris Report Service) -- C:\EchoTrack\Bin\Auris Report Service.exe (AURIS CZ, s.r.o.)
SRV - (Auris GPRS Automat) -- c:\EchoTrack\Bin\Auris GPRS Automat.exe (AURIS CZ, s.r.o.)
SRV - (GSM Automat) -- c:\EchoTrack\Bin\Auris GSM Automat.exe (AURIS CZ, s.r.o.)
SRV - (EchoAgent) -- C:\EchoTrack\EchoAgent\EchoAgent.exe (Auris CZ, spol. s r.o.)
SRV - (AmsWebServer) -- C:\Program Files (x86)\Common Files\Acronis\WebServer\httpd.exe (Apache Software Foundation)
SRV - (MSSQLServerADHelper) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MSSQL$MICROSOFT##SSEE) Windows Internal Database (MICROSOFT##SSEE) -- C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SysMgmtHp) -- C:\hp\hpsmh\bin\smhstart.exe (Hewlett-Packard Company)
SRV - (Themes) -- C:\Windows\SysWOW64\shsvcs.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV - (APCPBEAgent) -- C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe (APC)
SRV - (AdoNavSvc) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\AdoNavSvc.exe (Microsoft Corporation)
SRV - (FSCController) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\FSCController.exe (Microsoft Corporation)
SRV - (FSEIMC) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\FSEIMC.exe (Microsoft Corporation)
SRV - (FSCStatisticsService) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\FSCStatsServ.exe (Microsoft Corporation)
SRV - (FSCMonitor) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\FSCMonitor.exe (Microsoft Corporation)
SRV - (FSEMailPickup) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\FSEMailPickup.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1307010.005\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1307010.005\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\DRIVERS\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\DRIVERS\snapman.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\DRIVERS\fltsrv.sys (Acronis)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\DRIVERS\RsFx0150.sys (Microsoft Corporation)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (l2nd) -- C:\Windows\SysNative\DRIVERS\bxnd60a.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\DRIVERS\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (HpCISSs2) -- C:\Windows\SysNative\DRIVERS\HpCISSs2.sys (Hewlett-Packard Company)
DRV:64bit: - (hpqilo2) -- C:\Windows\SysNative\DRIVERS\hpqilo2.sys (Hewlett-Packard Company)
DRV:64bit: - (ati2mtag) -- C:\Windows\SysNative\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV:64bit: - (CpqCiDrv) -- C:\Windows\SysNative\DRIVERS\cpqcidrv.sys (Hewlett-Packard Company)
DRV:64bit: - (Datascrn) -- C:\Windows\SysNative\drivers\datascrn.sys (Microsoft Corporation)
DRV:64bit: - (Quota) -- C:\Windows\SysNative\drivers\quota.sys (Microsoft Corporation)
DRV:64bit: - (silsvc) -- C:\Windows\SysNative\silsvc.exe (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\DRIVERS\udfs.sys (Microsoft Corporation)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (DfsDriver) -- C:\Windows\SysNative\drivers\dfs.sys (Microsoft Corporation)
DRV:64bit: - (sacdrv) -- C:\Windows\SysNative\DRIVERS\sacdrv.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (ioatdma) Intel(R) -- C:\Windows\SysNative\drivers\qd260x64.sys (Intel Corporation)
DRV:64bit: - (ql2300) -- C:\Windows\SysNative\drivers\ql2300.sys (QLogic Corporation)
DRV:64bit: - (adp94xx) -- C:\Windows\SysNative\drivers\adp94xx.sys (Adaptec, Inc.)
DRV:64bit: - (MegaSR) -- C:\Windows\SysNative\drivers\megasr.sys (LSI Corporation, Inc.)
DRV:64bit: - (elxstor) -- C:\Windows\SysNative\drivers\elxstor.sys (Emulex)
DRV:64bit: - (adpahci) -- C:\Windows\SysNative\drivers\adpahci.sys (Adaptec, Inc.)
DRV:64bit: - (iaStorV) -- C:\Windows\SysNative\drivers\iastorv.sys (Intel Corporation)
DRV:64bit: - (uliahci) -- C:\Windows\SysNative\drivers\uliahci.sys (ULi Electronics Inc.)
DRV:64bit: - (pcmcia) -- C:\Windows\SysNative\drivers\pcmcia.sys (Microsoft Corporation)
DRV:64bit: - (adpu320) -- C:\Windows\SysNative\drivers\adpu320.sys (Adaptec, Inc.)
DRV:64bit: - (vsmraid) -- C:\Windows\SysNative\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV:64bit: - (nvraid) -- C:\Windows\SysNative\drivers\nvraid.sys (NVIDIA Corporation)
DRV:64bit: - (mpio) -- C:\Windows\SysNative\drivers\mpio.sys (Microsoft Corporation)
DRV:64bit: - (adpu160m) -- C:\Windows\SysNative\drivers\adpu160m.sys (Adaptec, Inc.)
DRV:64bit: - (LSI_FC) -- C:\Windows\SysNative\drivers\lsi_fc.sys (LSI Logic)
DRV:64bit: - (LSI_SCSI) -- C:\Windows\SysNative\drivers\lsi_scsi.sys (LSI Logic)
DRV:64bit: - (msdsm) -- C:\Windows\SysNative\drivers\msdsm.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS) -- C:\Windows\SysNative\drivers\lsi_sas.sys (LSI Logic)
DRV:64bit: - (sbp2port) -- C:\Windows\SysNative\drivers\sbp2port.sys (Microsoft Corporation)
DRV:64bit: - (arcsas) -- C:\Windows\SysNative\drivers\arcsas.sys (Adaptec, Inc.)
DRV:64bit: - (arc) -- C:\Windows\SysNative\drivers\arc.sys (Adaptec, Inc.)
DRV:64bit: - (SiSRaid4) -- C:\Windows\SysNative\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV:64bit: - (nvstor) -- C:\Windows\SysNative\drivers\nvstor.sys (NVIDIA Corporation)
DRV:64bit: - (SiSRaid2) -- C:\Windows\SysNative\drivers\sisraid2.sys (Microsoft Corporation)
DRV:64bit: - (megasas) -- C:\Windows\SysNative\drivers\megasas.sys (LSI Corporation)
DRV:64bit: - (i2omp) -- C:\Windows\SysNative\drivers\i2omp.sys (Microsoft Corporation)
DRV:64bit: - (msahci) -- C:\Windows\SysNative\drivers\msahci.sys (Microsoft Corporation)
DRV:64bit: - (Wd) -- C:\Windows\SysNative\drivers\wd.sys (Microsoft Corporation)
DRV:64bit: - (isapnp) -- C:\Windows\SysNative\drivers\isapnp.sys (Microsoft Corporation)
DRV:64bit: - (Compbatt) -- C:\Windows\SysNative\drivers\compbatt.sys (Microsoft Corporation)
DRV:64bit: - (intelide) -- C:\Windows\SysNative\drivers\intelide.sys (Microsoft Corporation)
DRV:64bit: - (usbprint) -- C:\Windows\SysNative\drivers\usbprint.sys (Microsoft Corporation)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (UMPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (HidBth) -- C:\Windows\SysNative\drivers\hidbth.sys (Microsoft Corporation)
DRV:64bit: - (ohci1394) -- C:\Windows\SysNative\drivers\ohci1394.sys (Microsoft Corporation)
DRV:64bit: - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\SysNative\drivers\usbcir.sys (Microsoft Corporation)
DRV:64bit: - (circlass) -- C:\Windows\SysNative\drivers\circlass.sys (Microsoft Corporation)
DRV:64bit: - (usbohci) -- C:\Windows\SysNative\drivers\usbohci.sys (Microsoft Corporation)
DRV:64bit: - (HidIr) -- C:\Windows\SysNative\drivers\hidir.sys (Microsoft Corporation)
DRV:64bit: - (WacomPen) -- C:\Windows\SysNative\drivers\wacompen.sys (Microsoft Corporation)
DRV:64bit: - (sfloppy) -- C:\Windows\SysNative\drivers\sfloppy.sys (Microsoft Corporation)
DRV:64bit: - (sffdisk) -- C:\Windows\SysNative\drivers\sffdisk.sys (Microsoft Corporation)
DRV:64bit: - (fdc) -- C:\Windows\SysNative\DRIVERS\fdc.sys (Microsoft Corporation)
DRV:64bit: - (flpydisk) -- C:\Windows\SysNative\DRIVERS\flpydisk.sys (Microsoft Corporation)
DRV:64bit: - (Parport) -- C:\Windows\SysNative\drivers\parport.sys (Microsoft Corporation)
DRV:64bit: - (sermouse) -- C:\Windows\SysNative\drivers\sermouse.sys (Microsoft Corporation)
DRV:64bit: - (ErrDev) -- C:\Windows\SysNative\drivers\errdev.sys (Microsoft Corporation)
DRV:64bit: - (WmiAcpi) -- C:\Windows\SysNative\drivers\wmiacpi.sys (Microsoft Corporation)
DRV:64bit: - (AmdK8) -- C:\Windows\SysNative\drivers\amdk8.sys (Microsoft Corporation)
DRV:64bit: - (Processor) -- C:\Windows\SysNative\drivers\processr.sys (Microsoft Corporation)
DRV:64bit: - (HDAudBus) -- C:\Windows\SysNative\drivers\hdaudbus.sys (Microsoft Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (nfrd960) -- C:\Windows\SysNative\drivers\nfrd960.sys (IBM Corporation)
DRV:64bit: - (Symc8xx) -- C:\Windows\SysNative\drivers\symc8xx.sys (LSI Logic)
DRV:64bit: - (Sym_u3) -- C:\Windows\SysNative\drivers\sym_u3.sys (LSI Logic)
DRV:64bit: - (iirsp) -- C:\Windows\SysNative\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV:64bit: - (Sym_hi) -- C:\Windows\SysNative\drivers\sym_hi.sys (LSI Logic)
DRV:64bit: - (Mraid35x) -- C:\Windows\SysNative\drivers\mraid35x.sys (LSI Logic Corporation)
DRV:64bit: - (iteraid) -- C:\Windows\SysNative\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV:64bit: - (iteatapi) -- C:\Windows\SysNative\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV:64bit: - (cmdide) -- C:\Windows\SysNative\drivers\cmdide.sys (CMD Technology, Inc.)
DRV:64bit: - (viaide) -- C:\Windows\SysNative\drivers\viaide.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdide) -- C:\Windows\SysNative\drivers\amdide.sys (Microsoft Corporation)
DRV:64bit: - (aliide) -- C:\Windows\SysNative\drivers\aliide.sys (Acer Laboratories Inc.)
DRV:64bit: - (ulsata2) -- C:\Windows\SysNative\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV:64bit: - (UlSata) -- C:\Windows\SysNative\drivers\ulsata.sys (Promise Technology, Inc.)
DRV:64bit: - (ql40xx) -- C:\Windows\SysNative\drivers\ql40xx.sys (QLogic Corporation)
DRV:64bit: - (aic78xx) -- C:\Windows\SysNative\drivers\djsvs.sys (Adaptec, Inc.)
DRV:64bit: - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\SysNative\drivers\brserid.sys (Brother Industries Ltd.)
DRV:64bit: - (BrSerWdm) -- C:\Windows\SysNative\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbMdm) -- C:\Windows\SysNative\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120529.034\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120529.034\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120528.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.01.02 11:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.01.08 22:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.05.28 22:20:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.07.11 20:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.02 11:18:10 | 000,000,000 | ---D | M]
[2009.07.11 20:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Extensions
[2009.07.11 20:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.02.27 20:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\h7pi7se8.default\extensions
[2010.02.27 20:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\h7pi7se8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.27 20:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\h7pi7se8.default\extensions\staged-xpis
[2012.01.07 18:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.07.11 20:08:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.11.11 00:46:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.16 16:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.17 15:37:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.12.11 20:34:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.01.02 11:35:59 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2010.01.08 22:31:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2009.04.24 07:26:57 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009.04.24 07:26:57 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.04.24 07:26:57 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2012.01.03 09:22:02 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2008.04.16 06:08:20 | 000,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2008.03.31 21:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2012.05.22 09:06:46 | 000,442,859 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15218 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
OTL logfile created on: 30.5.2012 21:00:55 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Tomas\Desktop
64bit-Windows Vista Small Business Server Service Pack 2 (Version = 6.0.6002) - Type = NTDomainController
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,99 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 19,98% Memory free
8,16 Gb Paging File | 2,58 Gb Available in Paging File | 31,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136,69 Gb Total Space | 34,62 Gb Free Space | 25,33% Space Free | Partition Type: NTFS
Drive E: | 931,48 Gb Total Space | 858,75 Gb Free Space | 92,19% Space Free | Partition Type: NTFS
Drive F: | 558,73 Gb Total Space | 449,11 Gb Free Space | 80,38% Space Free | Partition Type: NTFS
Computer Name: SERVERARROW | User Name: tomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Tomas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\WindowsUpdate\gserver.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
PRC - F:\Acronis_prgram\AMS\ManagementServer.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\ARSM\arsm.exe (Acronis)
PRC - F:\Acronis_prgram\BackupAndRecovery\mms.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\FileServer\fileserver.exe (Acronis)
PRC - F:\Acronis_prgram\PXEServer\pxesrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis)
PRC - c:\EchoTrack\WEB\Bin\ETServer03.exe ()
PRC - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\EchoTrack\Bin\Auris Report Service.exe (AURIS CZ, s.r.o.)
PRC - c:\EchoTrack\Bin\Auris GPRS Automat.exe (AURIS CZ, s.r.o.)
PRC - C:\EchoTrack\EchoAgent\EchoAgent.exe (Auris CZ, spol. s r.o.)
PRC - C:\Program Files (x86)\Common Files\Acronis\WebServer\httpd.exe (Apache Software Foundation)
PRC - C:\RAAL\RTW7608\Server\RAALSrvr.exe (ComArr, s.r.o.)
PRC - C:\hp\hpsmh\bin\smhstart.exe (Hewlett-Packard Company)
PRC - C:\hp\hpsmh\bin\hpsmhd.exe (Hewlett-Packard Company)
PRC - C:\hp\hpsmh\bin\rotatelogs.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TightVNC\WinVNC.exe (TightVNC Group)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
PRC - C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe (APC)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\WindowsUpdate\gserver.exe ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (Nationaljrw) -- C:\Windows\SysNative\hexsvchost.exe ()
SRV:64bit: - (DNS) -- C:\Windows\SysNative\dns.exe (Microsoft Corporation)
SRV:64bit: - (SQLAgent$ECHOTRACK) SQL Server Agent (ECHOTRACK) -- C:\Program Files\Microsoft SQL Server\MSSQL10_50.ECHOTRACK\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV:64bit: - (DataCollectorSvc) -- C:\Program Files\Windows Small Business Server\Bin\DataCollectorSvc.exe (Microsoft Corporation)
SRV:64bit: - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeIS) -- C:\Program Files\Microsoft\Exchange Server\Bin\store.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeImap4) -- C:\Program Files\Microsoft\Exchange Server\ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangePop3) -- C:\Program Files\Microsoft\Exchange Server\ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeMonitoring) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Monitoring.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeMailSubmission) -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailSubmission.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeMailboxAssistants) -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailboxAssistants.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeAntispamUpdate) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeTransportLogSearch) -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransportLogSearch.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeTransport) -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransport.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeEdgeSync) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.EdgeSyncSvc.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeServiceHost) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.ServiceHost.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeADTopology) -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeADTopologyService.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeFDS) -- C:\Program Files\Microsoft\Exchange Server\Bin\MsExchangeFDS.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeSearch) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Search.ExSearch.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeRepl) -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Cluster.ReplayService.exe (Microsoft Corporation)
SRV:64bit: - (MSExchangeSA) -- C:\Program Files\Microsoft\Exchange Server\Bin\mad.exe (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\shsvcs.dll (Microsoft Corporation)
SRV:64bit: - (sysdown) -- C:\Windows\SysNative\sysdown.exe (Hewlett-Packard Company)
SRV:64bit: - (HPWMISTOR) -- C:\Program Files\HPWBEM\Storage\Service\hpwmistor.exe (Hewlett-Packard Company)
SRV:64bit: - (SysMain) -- C:\Windows\SysNative\sysmain.dll (Microsoft Corporation)
SRV:64bit: - (SrmSvc) -- C:\Windows\SysNative\srmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DHCPServer) -- C:\Windows\SysNative\dhcpssvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (RPCHTTPLBS) -- C:\Windows\SysNative\RpcProxy\LBService.dll (Microsoft Corporation)
SRV:64bit: - (TSGateway) -- C:\Windows\SysNative\aaedge.dll (Microsoft Corporation)
SRV:64bit: - (SrmReports) -- C:\Windows\SysNative\srmhost.exe (Microsoft Corporation)
SRV:64bit: - (silsvc) -- C:\Windows\SysNative\silsvc.exe (Microsoft Corporation)
SRV:64bit: - (RSoPProv) -- C:\Windows\SysNative\RSoPProv.exe (Microsoft Corporation)
SRV:64bit: - (NtFrs) -- C:\Windows\SysNative\ntfrs.exe (Microsoft Corporation)
SRV:64bit: - (DFSR) -- C:\Windows\SysNative\DFSRs.exe (Microsoft Corporation)
SRV:64bit: - (CertSvc) -- C:\Windows\SysNative\certsrv.exe (Microsoft Corporation)
SRV:64bit: - (Dfs) -- C:\Windows\SysNative\dfssvc.exe (Microsoft Corporation)
SRV:64bit: - (Pop3Connector) -- C:\Program Files\Windows Small Business Server\Bin\Pop3Connector.exe (Microsoft Corporation)
SRV:64bit: - (wsbexchange) -- C:\Program Files\Windows Small Business Server\Bin\wsbexchange.exe (Microsoft Corporation)
SRV:64bit: - (ddnsclient) -- C:\Program Files\Windows Small Business Server\Bin\DDnsClient.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Rqs) -- C:\Windows\SysNative\rqs.exe (Microsoft Corporation)
SRV:64bit: - (IsmServ) -- C:\Windows\SysNative\ismserv.exe (Microsoft Corporation)
SRV:64bit: - (WMSvc) -- C:\Windows\SysNative\inetsrv\wmsvc.exe (Microsoft Corporation)
SRV:64bit: - (MSFTPSVC) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (sacsvr) -- C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation)
SRV:64bit: - (FCRegSvc) -- C:\Windows\SysNative\FCRegSvc.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
SRV:64bit: - (IPBusEnum) -- C:\Windows\SysNative\ipbusenum.dll (Microsoft Corporation)
SRV:64bit: - (Browser) -- C:\Windows\SysNative\browser.dll (Microsoft Corporation)
SRV:64bit: - (.Net CLRAA) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (msftesql-Exchange) Microsoft Search (Exchange) -- C:\Program Files\Microsoft\Exchange Server\Bin\msftesql.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)
SRV - (AMS) -- F:\Acronis_prgram\AMS\ManagementServer.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ARSM) -- C:\Program Files (x86)\Acronis\ARSM\arsm.exe (Acronis)
SRV - (MMS) -- F:\Acronis_prgram\BackupAndRecovery\mms.exe (Acronis)
SRV - (AcronisFS) -- C:\Program Files (x86)\Common Files\Acronis\FileServer\fileserver.exe (Acronis)
SRV - (AcronisPXE) -- F:\Acronis_prgram\PXEServer\pxesrv.exe (Acronis)
SRV - (AcronisAgent) -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis)
SRV - (ETServer03) -- c:\EchoTrack\WEB\Bin\ETServer03.exe ()
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (Auris Report Service) -- C:\EchoTrack\Bin\Auris Report Service.exe (AURIS CZ, s.r.o.)
SRV - (Auris GPRS Automat) -- c:\EchoTrack\Bin\Auris GPRS Automat.exe (AURIS CZ, s.r.o.)
SRV - (GSM Automat) -- c:\EchoTrack\Bin\Auris GSM Automat.exe (AURIS CZ, s.r.o.)
SRV - (EchoAgent) -- C:\EchoTrack\EchoAgent\EchoAgent.exe (Auris CZ, spol. s r.o.)
SRV - (AmsWebServer) -- C:\Program Files (x86)\Common Files\Acronis\WebServer\httpd.exe (Apache Software Foundation)
SRV - (MSSQLServerADHelper) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MSSQL$MICROSOFT##SSEE) Windows Internal Database (MICROSOFT##SSEE) -- C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SysMgmtHp) -- C:\hp\hpsmh\bin\smhstart.exe (Hewlett-Packard Company)
SRV - (Themes) -- C:\Windows\SysWOW64\shsvcs.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV - (APCPBEAgent) -- C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe (APC)
SRV - (AdoNavSvc) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\AdoNavSvc.exe (Microsoft Corporation)
SRV - (FSCController) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\FSCController.exe (Microsoft Corporation)
SRV - (FSEIMC) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\FSEIMC.exe (Microsoft Corporation)
SRV - (FSCStatisticsService) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\FSCStatsServ.exe (Microsoft Corporation)
SRV - (FSCMonitor) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\FSCMonitor.exe (Microsoft Corporation)
SRV - (FSEMailPickup) -- C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\FSEMailPickup.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1307010.005\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1307010.005\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\DRIVERS\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\DRIVERS\snapman.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\DRIVERS\fltsrv.sys (Acronis)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\DRIVERS\RsFx0150.sys (Microsoft Corporation)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (l2nd) -- C:\Windows\SysNative\DRIVERS\bxnd60a.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\DRIVERS\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (HpCISSs2) -- C:\Windows\SysNative\DRIVERS\HpCISSs2.sys (Hewlett-Packard Company)
DRV:64bit: - (hpqilo2) -- C:\Windows\SysNative\DRIVERS\hpqilo2.sys (Hewlett-Packard Company)
DRV:64bit: - (ati2mtag) -- C:\Windows\SysNative\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV:64bit: - (CpqCiDrv) -- C:\Windows\SysNative\DRIVERS\cpqcidrv.sys (Hewlett-Packard Company)
DRV:64bit: - (Datascrn) -- C:\Windows\SysNative\drivers\datascrn.sys (Microsoft Corporation)
DRV:64bit: - (Quota) -- C:\Windows\SysNative\drivers\quota.sys (Microsoft Corporation)
DRV:64bit: - (silsvc) -- C:\Windows\SysNative\silsvc.exe (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\DRIVERS\udfs.sys (Microsoft Corporation)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (DfsDriver) -- C:\Windows\SysNative\drivers\dfs.sys (Microsoft Corporation)
DRV:64bit: - (sacdrv) -- C:\Windows\SysNative\DRIVERS\sacdrv.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (ioatdma) Intel(R) -- C:\Windows\SysNative\drivers\qd260x64.sys (Intel Corporation)
DRV:64bit: - (ql2300) -- C:\Windows\SysNative\drivers\ql2300.sys (QLogic Corporation)
DRV:64bit: - (adp94xx) -- C:\Windows\SysNative\drivers\adp94xx.sys (Adaptec, Inc.)
DRV:64bit: - (MegaSR) -- C:\Windows\SysNative\drivers\megasr.sys (LSI Corporation, Inc.)
DRV:64bit: - (elxstor) -- C:\Windows\SysNative\drivers\elxstor.sys (Emulex)
DRV:64bit: - (adpahci) -- C:\Windows\SysNative\drivers\adpahci.sys (Adaptec, Inc.)
DRV:64bit: - (iaStorV) -- C:\Windows\SysNative\drivers\iastorv.sys (Intel Corporation)
DRV:64bit: - (uliahci) -- C:\Windows\SysNative\drivers\uliahci.sys (ULi Electronics Inc.)
DRV:64bit: - (pcmcia) -- C:\Windows\SysNative\drivers\pcmcia.sys (Microsoft Corporation)
DRV:64bit: - (adpu320) -- C:\Windows\SysNative\drivers\adpu320.sys (Adaptec, Inc.)
DRV:64bit: - (vsmraid) -- C:\Windows\SysNative\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV:64bit: - (nvraid) -- C:\Windows\SysNative\drivers\nvraid.sys (NVIDIA Corporation)
DRV:64bit: - (mpio) -- C:\Windows\SysNative\drivers\mpio.sys (Microsoft Corporation)
DRV:64bit: - (adpu160m) -- C:\Windows\SysNative\drivers\adpu160m.sys (Adaptec, Inc.)
DRV:64bit: - (LSI_FC) -- C:\Windows\SysNative\drivers\lsi_fc.sys (LSI Logic)
DRV:64bit: - (LSI_SCSI) -- C:\Windows\SysNative\drivers\lsi_scsi.sys (LSI Logic)
DRV:64bit: - (msdsm) -- C:\Windows\SysNative\drivers\msdsm.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS) -- C:\Windows\SysNative\drivers\lsi_sas.sys (LSI Logic)
DRV:64bit: - (sbp2port) -- C:\Windows\SysNative\drivers\sbp2port.sys (Microsoft Corporation)
DRV:64bit: - (arcsas) -- C:\Windows\SysNative\drivers\arcsas.sys (Adaptec, Inc.)
DRV:64bit: - (arc) -- C:\Windows\SysNative\drivers\arc.sys (Adaptec, Inc.)
DRV:64bit: - (SiSRaid4) -- C:\Windows\SysNative\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV:64bit: - (nvstor) -- C:\Windows\SysNative\drivers\nvstor.sys (NVIDIA Corporation)
DRV:64bit: - (SiSRaid2) -- C:\Windows\SysNative\drivers\sisraid2.sys (Microsoft Corporation)
DRV:64bit: - (megasas) -- C:\Windows\SysNative\drivers\megasas.sys (LSI Corporation)
DRV:64bit: - (i2omp) -- C:\Windows\SysNative\drivers\i2omp.sys (Microsoft Corporation)
DRV:64bit: - (msahci) -- C:\Windows\SysNative\drivers\msahci.sys (Microsoft Corporation)
DRV:64bit: - (Wd) -- C:\Windows\SysNative\drivers\wd.sys (Microsoft Corporation)
DRV:64bit: - (isapnp) -- C:\Windows\SysNative\drivers\isapnp.sys (Microsoft Corporation)
DRV:64bit: - (Compbatt) -- C:\Windows\SysNative\drivers\compbatt.sys (Microsoft Corporation)
DRV:64bit: - (intelide) -- C:\Windows\SysNative\drivers\intelide.sys (Microsoft Corporation)
DRV:64bit: - (usbprint) -- C:\Windows\SysNative\drivers\usbprint.sys (Microsoft Corporation)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (UMPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (HidBth) -- C:\Windows\SysNative\drivers\hidbth.sys (Microsoft Corporation)
DRV:64bit: - (ohci1394) -- C:\Windows\SysNative\drivers\ohci1394.sys (Microsoft Corporation)
DRV:64bit: - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\SysNative\drivers\usbcir.sys (Microsoft Corporation)
DRV:64bit: - (circlass) -- C:\Windows\SysNative\drivers\circlass.sys (Microsoft Corporation)
DRV:64bit: - (usbohci) -- C:\Windows\SysNative\drivers\usbohci.sys (Microsoft Corporation)
DRV:64bit: - (HidIr) -- C:\Windows\SysNative\drivers\hidir.sys (Microsoft Corporation)
DRV:64bit: - (WacomPen) -- C:\Windows\SysNative\drivers\wacompen.sys (Microsoft Corporation)
DRV:64bit: - (sfloppy) -- C:\Windows\SysNative\drivers\sfloppy.sys (Microsoft Corporation)
DRV:64bit: - (sffdisk) -- C:\Windows\SysNative\drivers\sffdisk.sys (Microsoft Corporation)
DRV:64bit: - (fdc) -- C:\Windows\SysNative\DRIVERS\fdc.sys (Microsoft Corporation)
DRV:64bit: - (flpydisk) -- C:\Windows\SysNative\DRIVERS\flpydisk.sys (Microsoft Corporation)
DRV:64bit: - (Parport) -- C:\Windows\SysNative\drivers\parport.sys (Microsoft Corporation)
DRV:64bit: - (sermouse) -- C:\Windows\SysNative\drivers\sermouse.sys (Microsoft Corporation)
DRV:64bit: - (ErrDev) -- C:\Windows\SysNative\drivers\errdev.sys (Microsoft Corporation)
DRV:64bit: - (WmiAcpi) -- C:\Windows\SysNative\drivers\wmiacpi.sys (Microsoft Corporation)
DRV:64bit: - (AmdK8) -- C:\Windows\SysNative\drivers\amdk8.sys (Microsoft Corporation)
DRV:64bit: - (Processor) -- C:\Windows\SysNative\drivers\processr.sys (Microsoft Corporation)
DRV:64bit: - (HDAudBus) -- C:\Windows\SysNative\drivers\hdaudbus.sys (Microsoft Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (nfrd960) -- C:\Windows\SysNative\drivers\nfrd960.sys (IBM Corporation)
DRV:64bit: - (Symc8xx) -- C:\Windows\SysNative\drivers\symc8xx.sys (LSI Logic)
DRV:64bit: - (Sym_u3) -- C:\Windows\SysNative\drivers\sym_u3.sys (LSI Logic)
DRV:64bit: - (iirsp) -- C:\Windows\SysNative\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV:64bit: - (Sym_hi) -- C:\Windows\SysNative\drivers\sym_hi.sys (LSI Logic)
DRV:64bit: - (Mraid35x) -- C:\Windows\SysNative\drivers\mraid35x.sys (LSI Logic Corporation)
DRV:64bit: - (iteraid) -- C:\Windows\SysNative\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV:64bit: - (iteatapi) -- C:\Windows\SysNative\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV:64bit: - (cmdide) -- C:\Windows\SysNative\drivers\cmdide.sys (CMD Technology, Inc.)
DRV:64bit: - (viaide) -- C:\Windows\SysNative\drivers\viaide.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdide) -- C:\Windows\SysNative\drivers\amdide.sys (Microsoft Corporation)
DRV:64bit: - (aliide) -- C:\Windows\SysNative\drivers\aliide.sys (Acer Laboratories Inc.)
DRV:64bit: - (ulsata2) -- C:\Windows\SysNative\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV:64bit: - (UlSata) -- C:\Windows\SysNative\drivers\ulsata.sys (Promise Technology, Inc.)
DRV:64bit: - (ql40xx) -- C:\Windows\SysNative\drivers\ql40xx.sys (QLogic Corporation)
DRV:64bit: - (aic78xx) -- C:\Windows\SysNative\drivers\djsvs.sys (Adaptec, Inc.)
DRV:64bit: - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\SysNative\drivers\brserid.sys (Brother Industries Ltd.)
DRV:64bit: - (BrSerWdm) -- C:\Windows\SysNative\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbMdm) -- C:\Windows\SysNative\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120529.034\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120529.034\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120528.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.01.02 11:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.01.08 22:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.05.28 22:20:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.07.11 20:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.02 11:18:10 | 000,000,000 | ---D | M]
[2009.07.11 20:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Extensions
[2009.07.11 20:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.02.27 20:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\h7pi7se8.default\extensions
[2010.02.27 20:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\h7pi7se8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.27 20:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\h7pi7se8.default\extensions\staged-xpis
[2012.01.07 18:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.07.11 20:08:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.11.11 00:46:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.16 16:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.17 15:37:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.12.11 20:34:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.01.02 11:35:59 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2010.01.08 22:31:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2009.04.24 07:26:57 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009.04.24 07:26:57 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.04.24 07:26:57 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2012.01.03 09:22:02 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2008.04.16 06:08:20 | 000,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2008.03.31 21:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2012.05.22 09:06:46 | 000,442,859 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15218 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
Re: Mohu poprosit o kontrolu logu HiJackThis
O4:64bit: - HKLM..\Run: [Služba Acronis Scheduler2] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [TrayMonitor.exe] C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BA5E73F7] C:\Windows\BA5E73F7\svchsot.exe File not found
O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] F:\Acronis_prgram\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis)
O4 - HKLM..\Run: [gserver] C:\Program Files\WindowsUpdate\gserver.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RAALTRANS 7.608] C:\RAAL\RTW7608\Server\RAALSrvr.exe (ComArr, s.r.o.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch TightVNC Server.lnk = C:\Program Files (x86)\TightVNC\WinVNC.exe (TightVNC Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Společnost Microsoft)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([i2.technet] http in Důvěryhodné servery)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arrow.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFC0D7C8-AD11-4EFD-B116-503E5B3A8E98}: NameServer = 192.168.1.100,127.0.0.1,192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O27:64bit: - HKLM IFEO\sethc.exe: Debugger - c:\windows\aq.bat File not found
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (pwdssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - File not found
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.05.30 19:50:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tomas\Desktop\OTL.exe
[2012.05.30 07:15:46 | 000,000,000 | ---D | C] -- C:\Windows\XXXXXXEA2B6E4F
[2012.05.30 02:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\WindowsUpdate
[2012.05.30 01:18:34 | 000,000,000 | ---D | C] -- C:\Windows\0CB1C4BC
[2012.05.29 21:49:59 | 000,000,000 | ---D | C] -- C:\Windows\EB8F2793
[2012.05.29 20:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rnop
[2012.05.28 11:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vrst
[2012.05.28 11:16:48 | 000,070,144 | ---- | C] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\hex22.exe
[2012.05.28 11:16:07 | 000,131,087 | ---- | C] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\boot22.exe
[2012.05.27 23:33:18 | 000,000,000 | ---D | C] -- C:\Windows\BA5E73F7
[2012.05.27 22:58:48 | 000,000,000 | ---D | C] -- C:\Windows\059D72F5
[2012.05.27 14:03:42 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012.05.26 12:12:16 | 000,000,000 | ---D | C] -- C:\Windows\A988A84B
[2012.05.25 22:29:11 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Local\Adobe
[2012.05.24 22:26:08 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tomas\Desktop\TDSSKiller.exe
[2012.05.23 18:59:37 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Roaming\Malwarebytes
[2012.05.23 18:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.23 18:59:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.23 18:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.23 18:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.23 17:41:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\S
[2012.05.22 11:05:16 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Local\NPE
[2012.05.22 08:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.22 08:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.05.22 08:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.05.22 01:47:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3218
[2012.05.22 01:09:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2632
[2012.05.22 00:08:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2212
[2012.05.21 23:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6464
[2012.05.21 23:41:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2860
[2012.05.21 23:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.21 23:27:18 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Tomas\Desktop\esetsmartinstaller_csy.exe
[2012.05.21 22:54:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7128
[2012.05.21 22:34:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3208
[2012.05.21 21:17:11 | 000,000,000 | ---D | C] -- C:\zaloha
[2012.05.21 16:44:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8120
[2012.05.21 16:23:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8411
[2012.05.21 14:59:42 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\BTkCUmD.exe
[2012.05.21 14:41:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6222
[2012.05.21 14:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uexu
[2012.05.21 14:31:52 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\frDOamy.exe
[2012.05.21 13:33:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8645
[2012.05.21 13:21:43 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\JpUAfLq.exe
[2012.05.21 12:38:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7662
[2012.05.21 12:34:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.05.21 12:34:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.05.21 12:33:59 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.05.21 12:33:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.05.21 12:33:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.05.21 12:33:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.05.21 12:33:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.05.21 12:33:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.05.21 12:33:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.05.21 12:33:57 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.05.21 12:33:57 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.05.21 11:58:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4168
[2012.05.21 11:22:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4421
[2012.05.21 09:25:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2499
[2012.05.21 08:24:05 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\FczWtPm.exe
[2012.05.21 07:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8376
[2012.05.21 07:43:28 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\bipwCJQ.exe
[2012.05.21 07:15:19 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\ryELSYf.exe
[2012.05.20 17:49:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3017
[2012.05.20 16:38:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5897
[2012.05.20 16:15:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9686
[2012.05.20 15:10:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3746
[2012.05.20 14:15:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5320
[2012.05.20 09:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\-2146824231
[2012.05.20 09:32:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7174
[2012.05.20 09:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\2146482059
[2012.05.20 07:37:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5908
[2012.05.20 06:57:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7397
[2012.05.20 04:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7170
[2012.05.20 02:54:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6193
[2012.05.20 02:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\2123716100
[2012.05.20 02:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fbcd
[2012.05.20 02:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jski
[2012.05.20 02:43:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\i5294
[2012.05.20 02:43:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5294
[2012.05.20 02:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8676
[2012.05.20 01:46:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6448
[2012.05.20 01:13:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8364
[2012.05.20 01:07:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8951
[2012.05.19 23:28:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4479
[2012.05.19 23:13:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6645
[2012.05.19 23:00:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7424
[2012.05.19 22:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2343
[2012.05.19 20:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6532
[2012.05.19 20:27:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7772
[2012.05.19 19:23:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2129
[2012.05.19 18:16:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4045
[2012.05.19 17:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i1587
[2012.05.19 15:59:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2815
[2012.05.19 11:32:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6465
[2012.05.19 10:18:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6096
[2012.05.19 09:01:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8625
[2012.05.19 08:45:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5796
[2012.05.19 08:36:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2927
[2012.05.19 08:25:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2144
[2012.05.19 08:06:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3105
[2012.05.19 07:59:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2854
[2012.05.19 06:54:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4548
[2012.05.19 06:19:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4398
[2012.05.19 06:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5401
[2012.05.19 05:45:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6747
[2012.05.19 05:45:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2528
[2012.05.19 04:35:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8598
[2012.05.19 04:01:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3982
[2012.05.19 04:01:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i1669
[2012.05.19 02:52:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4483
[2012.05.19 02:18:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6899
[2012.05.19 02:17:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i1330
[2012.05.19 01:43:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4938
[2012.05.19 01:08:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5668
[2012.05.19 01:08:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9250
[2012.05.19 00:34:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5368
[2012.05.19 00:08:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9792
[2012.05.19 00:07:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i1729
[2012.05.19 00:05:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3842
[2012.05.19 00:03:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3272
[2012.05.19 00:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2466
[2012.05.19 00:02:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9017
[2012.05.19 00:01:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7860
[2012.05.18 23:34:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9679
[2012.05.18 23:25:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3562
[2012.05.18 23:24:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7823
[2012.05.18 23:13:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5282
[2012.05.18 23:13:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5443
[2012.05.18 23:08:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7225
[2012.05.18 23:08:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5712
[2012.05.18 23:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8244
[2012.05.18 22:55:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7587
[2012.05.18 22:47:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7612
[2012.05.18 22:43:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3147
[2012.05.18 22:43:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3100
[2012.05.18 22:40:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8730
[2012.05.18 22:39:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8623
[2012.05.18 22:24:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2216
[2012.05.18 22:24:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6758
[2012.05.18 22:17:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7230
[2012.05.18 22:15:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6001
[2012.05.18 22:09:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2803
[2012.05.18 22:08:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5656
[2012.05.18 22:02:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2597
[2012.05.18 22:00:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9151
[2012.05.18 21:42:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3907
[2012.05.18 21:41:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7210
[2012.05.18 21:37:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2513
[2012.05.18 21:26:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6870
[2012.05.18 21:09:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2760
[2012.05.18 21:09:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9560
[2012.05.18 21:08:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2713
[2012.05.18 21:07:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2990
[2012.05.18 21:00:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3424
[2012.05.18 21:00:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3383
[2012.05.18 20:59:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9453
[2012.05.18 20:52:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8694
[2012.05.18 20:51:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8648
[2012.05.18 20:43:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i1624
[2012.05.18 20:21:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8937
[2012.05.18 20:09:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7874
[2012.05.18 20:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3206
[2012.05.18 20:01:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2405
[2012.05.18 20:01:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3609
[2012.05.18 19:59:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5867
[2012.05.18 19:58:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9384
[2012.05.18 19:58:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5492
[2012.05.18 19:37:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2575
[2012.05.18 19:32:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9063
[2012.05.18 19:31:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6525
[2012.05.18 19:28:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8769
[2012.05.18 19:24:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3362
[2012.05.16 16:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\temp
[2012.05.16 04:53:39 | 000,000,000 | ---D | C] -- C:\Windows\EE2E9730
[2012.05.14 20:40:59 | 000,000,000 | ---D | C] -- C:\Windows\AC86A234
[2012.05.11 22:14:26 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.11 22:14:26 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.11 22:14:26 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.11 22:14:26 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.11 22:14:26 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.11 22:14:07 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.11 10:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iefg
[2012.05.11 10:46:44 | 000,063,503 | ---- | C] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\hex33.exe
[2012.05.11 10:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lhij
[2012.05.11 10:46:10 | 000,131,584 | ---- | C] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\boot33.exe
[2012.05.11 04:15:11 | 000,000,000 | ---D | C] -- C:\Windows\EB7E350E
[2012.05.02 18:29:20 | 000,311,728 | ---- | C] (360.cn) -- C:\Windows\SysNative\hex12.exe
[2012.05.02 18:28:48 | 000,311,728 | ---- | C] (360.cn) -- C:\Windows\SysNative\boot12.exe
========== Files - Modified Within 30 Days ==========
[2012.05.30 20:56:48 | 000,000,680 | ---- | M] () -- C:\Users\Tomas\AppData\Local\d3d9caps.dat
[2012.05.30 20:20:08 | 000,003,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 20:20:07 | 000,003,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 19:53:01 | 000,001,460 | ---- | M] () -- C:\Users\Tomas\AppData\Local\d3d9caps64.dat
[2012.05.30 19:40:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tomas\Desktop\OTL.exe
[2012.05.30 13:10:17 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\onf1.dat
[2012.05.30 09:56:29 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\tmp.db
[2012.05.30 08:07:05 | 000,002,160 | ---- | M] () -- C:\{E324A991-D805-40FC-9BE0-6563772A72C5}
[2012.05.30 06:52:45 | 000,002,192 | ---- | M] () -- C:\{C8BE8929-6EDB-4715-888A-BFC1ABA4A1CD}
[2012.05.30 06:35:32 | 000,002,200 | ---- | M] () -- C:\{10612DB9-EFE6-4A7E-9862-F97385B8A416}
[2012.05.30 06:25:42 | 000,002,800 | ---- | M] () -- C:\{BACAE543-8D7A-4C95-B27C-F9656252D05B}
[2012.05.30 06:18:35 | 000,002,208 | ---- | M] () -- C:\{49B78047-78F6-423C-A8D6-9E7F8AC6CDA9}
[2012.05.30 06:10:57 | 000,002,184 | ---- | M] () -- C:\{2F564691-938F-4BD1-AC87-6EA5722ADAF7}
[2012.05.30 06:09:21 | 000,002,264 | ---- | M] () -- C:\{7D2A906E-1298-4206-9A9E-DD70C04C3C14}
[2012.05.30 05:30:00 | 000,002,208 | ---- | M] () -- C:\{05C90361-1BA0-447E-9F80-336359B596C2}
[2012.05.30 05:23:11 | 000,002,152 | ---- | M] () -- C:\{306A4029-8CA0-45A5-B7CE-F498D471C89B}
[2012.05.30 04:57:45 | 000,002,168 | ---- | M] () -- C:\{D258C2AF-F63A-4FA0-B3FD-2D88A0B50C97}
[2012.05.30 04:52:41 | 000,002,272 | ---- | M] () -- C:\{C783B299-B96E-45FB-9813-58EBDD8E0977}
[2012.05.30 04:46:05 | 000,002,160 | ---- | M] () -- C:\{454681C8-ECB8-4C24-BB2F-7FA9AB8A26FE}
[2012.05.30 03:22:37 | 000,003,784 | ---- | M] () -- C:\{8A59635A-A264-416E-B42D-2EA62EFBFC3A}
[2012.05.30 03:17:52 | 000,000,066 | ---- | M] () -- C:\xpsys.exe
[2012.05.30 03:17:50 | 000,000,063 | ---- | M] () -- C:\Windows\SysNative\xpsys.exe
[2012.05.30 02:42:22 | 000,100,276 | ---- | M] () -- C:\Windows\SysNative\hexlsass.exe
[2012.05.30 02:41:07 | 000,000,061 | ---- | M] () -- C:\Windows\SysNative\onflsass.dat
[2012.05.30 01:20:14 | 000,002,120 | ---- | M] () -- C:\{1922D329-9780-4863-82D9-1D17BF0F3065}
[2012.05.30 01:14:34 | 000,000,067 | ---- | M] () -- C:\xplsass.exe
[2012.05.30 01:14:32 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\xplsass.exe
[2012.05.29 21:49:03 | 000,081,920 | ---- | M] () -- C:\Windows\SysNative\hexsql.exe
[2012.05.29 21:48:14 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\onfsql.dat
[2012.05.29 20:38:33 | 000,020,480 | ---- | M] () -- C:\Windows\start.exe
[2012.05.29 20:09:18 | 000,003,368 | ---- | M] () -- C:\{657D50FE-D1B8-4DFA-8FEE-6AC16115AEB8}
[2012.05.29 20:07:47 | 000,000,043 | ---- | M] () -- C:\WinWall32.gif
[2012.05.29 20:06:49 | 000,000,060 | ---- | M] () -- C:\xp1.exe
[2012.05.29 20:06:47 | 000,000,057 | ---- | M] () -- C:\Windows\SysNative\xp1.exe
[2012.05.29 19:15:33 | 000,020,480 | ---- | M] () -- C:\Windows\test.dat
[2012.05.29 14:43:48 | 000,000,000 | ---- | M] () -- C:\hexvpn.exe
[2012.05.29 14:43:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hexvpn.exe
[2012.05.29 14:42:39 | 000,000,067 | ---- | M] () -- C:\xpvpn.exe
[2012.05.29 14:42:37 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\xpvpn.exe
[2012.05.29 13:04:13 | 000,000,065 | ---- | M] () -- C:\xp123.exe
[2012.05.29 13:04:10 | 000,000,062 | ---- | M] () -- C:\Windows\SysNative\xp123.exe
[2012.05.29 07:32:29 | 000,000,067 | ---- | M] () -- C:\xp360re.exe
[2012.05.29 07:32:25 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\xp360re.exe
[2012.05.29 07:25:06 | 000,003,768 | ---- | M] () -- C:\{5ABD6270-A621-4D9C-96FF-B2578FDE95CF}
[2012.05.29 06:26:07 | 000,002,248 | ---- | M] () -- C:\{0359F883-AD14-4E90-B668-5DB66AD15C60}
[2012.05.29 05:25:06 | 000,002,144 | ---- | M] () -- C:\{115DC873-2257-4A5F-9F39-F0EC81A71353}
[2012.05.29 05:22:51 | 000,003,752 | ---- | M] () -- C:\{3A2BF1B8-C8A3-4F88-9358-82DEBDEEA83C}
[2012.05.29 05:15:07 | 000,003,768 | ---- | M] () -- C:\{96125E87-E06A-4E4B-9E08-5AF3E8AB1469}
[2012.05.29 04:53:37 | 000,002,272 | ---- | M] () -- C:\{70E6544C-035D-42F8-833F-17A098E7FBE8}
[2012.05.29 04:52:32 | 000,002,272 | ---- | M] () -- C:\{AF416FA8-83D6-4B91-9E8F-D1506D75E038}
[2012.05.28 22:19:40 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.05.28 22:18:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.28 21:20:26 | 000,000,060 | ---- | M] () -- C:\xp2.exe
[2012.05.28 21:20:25 | 000,000,057 | ---- | M] () -- C:\Windows\SysNative\xp2.exe
[2012.05.28 11:16:48 | 000,070,144 | ---- | M] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\hex22.exe
[2012.05.28 11:16:20 | 000,131,087 | ---- | M] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\boot22.exe
[2012.05.28 11:16:03 | 000,000,061 | ---- | M] () -- C:\xp22.exe
[2012.05.28 11:16:02 | 000,000,058 | ---- | M] () -- C:\Windows\SysNative\xp22.exe
[2012.05.28 06:14:57 | 000,002,208 | ---- | M] () -- C:\{B3258F53-449C-4FDA-982B-8E50A2AAB75E}
[2012.05.28 06:10:21 | 000,002,800 | ---- | M] () -- C:\{81A58222-451C-4A31-A545-F8148631EBAF}
[2012.05.28 04:57:56 | 000,002,168 | ---- | M] () -- C:\{E0E38467-6A8A-4A04-807D-798AC5AFBC79}
[2012.05.27 23:58:53 | 000,003,800 | ---- | M] () -- C:\{9155AEA7-B91F-4FCB-9C88-059581473FD9}
[2012.05.27 23:56:38 | 000,003,792 | ---- | M] () -- C:\{4CA87552-D328-407B-AA67-45B3C847DE19}
[2012.05.27 23:38:30 | 000,000,066 | ---- | M] () -- C:\xpDark.exe
[2012.05.27 23:38:28 | 000,000,063 | ---- | M] () -- C:\Windows\SysNative\xpDark.exe
[2012.05.27 06:02:36 | 000,002,192 | ---- | M] () -- C:\{E0D8FDAD-18E0-487F-BBC6-DBD448B6BACF}
[2012.05.27 05:31:48 | 000,002,208 | ---- | M] () -- C:\{BC563C32-485C-42D4-91CD-13AAAF9C38C3}
[2012.05.27 05:25:25 | 000,002,800 | ---- | M] () -- C:\{DB76307A-60CD-4582-8058-315B435CCDF2}
[2012.05.27 04:50:58 | 000,002,272 | ---- | M] () -- C:\{52AA5B3A-6D94-4774-8FD5-F0B7BA12536C}
[2012.05.27 00:22:34 | 000,002,208 | ---- | M] () -- C:\{716F0142-6C7A-4AAA-918F-A99D2E6CD97F}
[2012.05.27 00:13:09 | 000,002,168 | ---- | M] () -- C:\{432A73A3-F8C6-4C1A-BF9D-319B2B933F79}
[2012.05.26 23:14:15 | 000,002,272 | ---- | M] () -- C:\{F2DC457B-2F89-49A5-86FC-A3A27901A50D}
[2012.05.26 12:11:43 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\xp18ks.exe
[2012.05.26 07:59:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hexguaji.exe
[2012.05.26 07:58:06 | 000,000,065 | ---- | M] () -- C:\Windows\SysNative\xpguaji.exe
[2012.05.25 05:18:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hexsvchost.exe
[2012.05.25 05:17:16 | 000,000,069 | ---- | M] () -- C:\Windows\SysNative\xpsvchost.exe
[2012.05.24 22:26:08 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tomas\Desktop\TDSSKiller.exe
[2012.05.23 19:17:29 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.05.23 19:16:06 | 002,371,058 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Cat.DB
[2012.05.23 19:15:35 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\VT20120410.034
[2012.05.23 18:59:28 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.23 15:23:15 | 000,000,062 | ---- | M] () -- C:\Windows\SysNative\xp16s.exe
[2012.05.22 20:01:02 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\xp360.exe
[2012.05.22 17:59:29 | 000,000,057 | ---- | M] () -- C:\Windows\SysNative\onffs.dat
[2012.05.22 17:54:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hexkaspas.exe
[2012.05.22 17:51:57 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\xpkaspas.exe
[2012.05.22 09:06:46 | 000,442,859 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.05.22 08:35:13 | 000,001,005 | ---- | M] () -- C:\Users\Tomas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.22 01:53:00 | 000,172,032 | ---- | M] () -- C:\Windows\SysNative\KsaIqXF.exe
[2012.05.22 01:50:16 | 000,073,728 | ---- | M] () -- C:\Windows\SysNative\NfxPhzR.exe
[2012.05.21 23:28:11 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Tomas\Desktop\esetsmartinstaller_csy.exe
[2012.05.21 17:28:24 | 004,671,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.21 17:28:24 | 001,809,194 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.05.21 17:28:24 | 001,794,312 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.21 17:28:24 | 000,516,726 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.05.21 17:28:24 | 000,487,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.21 14:59:43 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\BTkCUmD.exe
[2012.05.21 14:31:53 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\frDOamy.exe
[2012.05.21 14:23:27 | 000,001,742 | -H-- | M] () -- C:\Users\Tomas\Documents\Default.rdp
[2012.05.21 13:30:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\axUrNkH.exe
[2012.05.21 13:27:40 | 000,228,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.21 13:21:43 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\JpUAfLq.exe
[2012.05.21 08:24:06 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\FczWtPm.exe
[2012.05.21 07:43:30 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\bipwCJQ.exe
[2012.05.21 07:15:21 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\ryELSYf.exe
[2012.05.21 01:26:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hexg1r5g15r.exe
[2012.05.21 01:23:45 | 000,000,072 | ---- | M] () -- C:\Windows\SysNative\xpg1r5g15r.exe
[2012.05.20 11:33:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hex158477567.exe
[2012.05.20 11:32:27 | 000,000,074 | ---- | M] () -- C:\Windows\SysNative\xp158477567.exe
[2012.05.18 07:20:42 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\xp21.exe
[2012.05.16 16:03:16 | 000,000,062 | ---- | M] () -- C:\Windows\SysNative\onfNet.dat
[2012.05.15 11:00:10 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\xp11.exe
[2012.05.14 21:37:57 | 000,000,066 | ---- | M] () -- C:\Windows\SysNative\xp1433.exe
[2012.05.14 20:40:33 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\onfserver.dat
[2012.05.13 09:40:04 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\isolate.ini
[2012.05.11 10:46:44 | 000,063,503 | ---- | M] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\hex33.exe
[2012.05.11 10:46:20 | 000,131,584 | ---- | M] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\boot33.exe
[2012.05.11 10:46:07 | 000,000,058 | ---- | M] () -- C:\Windows\SysNative\xp33.exe
[2012.05.08 13:26:52 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\xpsymtac.exe
[2012.05.02 18:29:20 | 000,311,728 | ---- | M] (360.cn) -- C:\Windows\SysNative\hex12.exe
[2012.05.02 18:28:49 | 000,311,728 | ---- | M] (360.cn) -- C:\Windows\SysNative\boot12.exe
[2012.05.02 18:28:47 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\xp12.exe
========== Files Created - No Company Name ==========
[2012.05.30 09:56:29 | 000,000,054 | ---- | C] () -- C:\Windows\SysNative\tmp.db
[2012.05.30 08:07:05 | 000,002,160 | ---- | C] () -- C:\{E324A991-D805-40FC-9BE0-6563772A72C5}
[2012.05.30 06:52:45 | 000,002,192 | ---- | C] () -- C:\{C8BE8929-6EDB-4715-888A-BFC1ABA4A1CD}
[2012.05.30 06:35:31 | 000,002,200 | ---- | C] () -- C:\{10612DB9-EFE6-4A7E-9862-F97385B8A416}
[2012.05.30 06:25:42 | 000,002,800 | ---- | C] () -- C:\{BACAE543-8D7A-4C95-B27C-F9656252D05B}
[2012.05.30 06:18:35 | 000,002,208 | ---- | C] () -- C:\{49B78047-78F6-423C-A8D6-9E7F8AC6CDA9}
[2012.05.30 06:10:57 | 000,002,184 | ---- | C] () -- C:\{2F564691-938F-4BD1-AC87-6EA5722ADAF7}
[2012.05.30 06:09:21 | 000,002,264 | ---- | C] () -- C:\{7D2A906E-1298-4206-9A9E-DD70C04C3C14}
[2012.05.30 05:30:00 | 000,002,208 | ---- | C] () -- C:\{05C90361-1BA0-447E-9F80-336359B596C2}
[2012.05.30 05:23:11 | 000,002,152 | ---- | C] () -- C:\{306A4029-8CA0-45A5-B7CE-F498D471C89B}
[2012.05.30 04:57:45 | 000,002,168 | ---- | C] () -- C:\{D258C2AF-F63A-4FA0-B3FD-2D88A0B50C97}
[2012.05.30 04:52:40 | 000,002,272 | ---- | C] () -- C:\{C783B299-B96E-45FB-9813-58EBDD8E0977}
[2012.05.30 04:46:05 | 000,002,160 | ---- | C] () -- C:\{454681C8-ECB8-4C24-BB2F-7FA9AB8A26FE}
[2012.05.30 03:22:37 | 000,003,784 | ---- | C] () -- C:\{8A59635A-A264-416E-B42D-2EA62EFBFC3A}
[2012.05.30 02:43:03 | 000,020,480 | ---- | C] () -- C:\Windows\test.dat
[2012.05.30 02:43:03 | 000,020,480 | ---- | C] () -- C:\Windows\start.exe
[2012.05.30 02:42:22 | 000,100,276 | ---- | C] () -- C:\Windows\SysNative\hexlsass.exe
[2012.05.30 02:41:07 | 000,000,061 | ---- | C] () -- C:\Windows\SysNative\onflsass.dat
[2012.05.30 01:20:14 | 000,002,120 | ---- | C] () -- C:\{1922D329-9780-4863-82D9-1D17BF0F3065}
[2012.05.30 01:14:34 | 000,000,067 | ---- | C] () -- C:\xplsass.exe
[2012.05.30 01:14:32 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\xplsass.exe
[2012.05.29 20:09:18 | 000,003,368 | ---- | C] () -- C:\{657D50FE-D1B8-4DFA-8FEE-6AC16115AEB8}
[2012.05.29 14:43:48 | 000,000,000 | ---- | C] () -- C:\hexvpn.exe
[2012.05.29 14:43:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hexvpn.exe
[2012.05.29 14:42:39 | 000,000,067 | ---- | C] () -- C:\xpvpn.exe
[2012.05.29 14:42:37 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\xpvpn.exe
[2012.05.29 13:04:13 | 000,000,065 | ---- | C] () -- C:\xp123.exe
[2012.05.29 07:32:29 | 000,000,067 | ---- | C] () -- C:\xp360re.exe
[2012.05.29 07:32:25 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\xp360re.exe
[2012.05.29 07:25:06 | 000,003,768 | ---- | C] () -- C:\{5ABD6270-A621-4D9C-96FF-B2578FDE95CF}
[2012.05.29 06:26:06 | 000,002,248 | ---- | C] () -- C:\{0359F883-AD14-4E90-B668-5DB66AD15C60}
[2012.05.29 05:25:06 | 000,002,144 | ---- | C] () -- C:\{115DC873-2257-4A5F-9F39-F0EC81A71353}
[2012.05.29 05:22:50 | 000,003,752 | ---- | C] () -- C:\{3A2BF1B8-C8A3-4F88-9358-82DEBDEEA83C}
[2012.05.29 05:15:07 | 000,003,768 | ---- | C] () -- C:\{96125E87-E06A-4E4B-9E08-5AF3E8AB1469}
[2012.05.29 04:53:37 | 000,002,272 | ---- | C] () -- C:\{70E6544C-035D-42F8-833F-17A098E7FBE8}
[2012.05.29 04:52:31 | 000,002,272 | ---- | C] () -- C:\{AF416FA8-83D6-4B91-9E8F-D1506D75E038}
[2012.05.28 21:20:26 | 000,000,060 | ---- | C] () -- C:\xp2.exe
[2012.05.28 21:20:25 | 000,000,057 | ---- | C] () -- C:\Windows\SysNative\xp2.exe
[2012.05.28 11:16:03 | 000,000,061 | ---- | C] () -- C:\xp22.exe
[2012.05.28 11:16:02 | 000,000,058 | ---- | C] () -- C:\Windows\SysNative\xp22.exe
[2012.05.28 06:14:57 | 000,002,208 | ---- | C] () -- C:\{B3258F53-449C-4FDA-982B-8E50A2AAB75E}
[2012.05.28 06:10:21 | 000,002,800 | ---- | C] () -- C:\{81A58222-451C-4A31-A545-F8148631EBAF}
[2012.05.28 04:57:56 | 000,002,168 | ---- | C] () -- C:\{E0E38467-6A8A-4A04-807D-798AC5AFBC79}
[2012.05.28 01:39:40 | 000,000,043 | ---- | C] () -- C:\WinWall32.gif
[2012.05.27 23:58:53 | 000,003,800 | ---- | C] () -- C:\{9155AEA7-B91F-4FCB-9C88-059581473FD9}
[2012.05.27 23:56:37 | 000,003,792 | ---- | C] () -- C:\{4CA87552-D328-407B-AA67-45B3C847DE19}
[2012.05.27 23:31:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysNative\hexsql.exe
[2012.05.27 23:30:13 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\onfsql.dat
[2012.05.27 23:28:28 | 000,000,066 | ---- | C] () -- C:\xpDark.exe
[2012.05.27 23:28:25 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\xpDark.exe
[2012.05.27 20:38:55 | 000,000,066 | ---- | C] () -- C:\xpsys.exe
[2012.05.27 18:12:04 | 000,000,060 | ---- | C] () -- C:\xp1.exe
[2012.05.27 06:02:36 | 000,002,192 | ---- | C] () -- C:\{E0D8FDAD-18E0-487F-BBC6-DBD448B6BACF}
[2012.05.27 05:31:47 | 000,002,208 | ---- | C] () -- C:\{BC563C32-485C-42D4-91CD-13AAAF9C38C3}
[2012.05.27 05:25:25 | 000,002,800 | ---- | C] () -- C:\{DB76307A-60CD-4582-8058-315B435CCDF2}
[2012.05.27 04:50:57 | 000,002,272 | ---- | C] () -- C:\{52AA5B3A-6D94-4774-8FD5-F0B7BA12536C}
[2012.05.27 00:22:34 | 000,002,208 | ---- | C] () -- C:\{716F0142-6C7A-4AAA-918F-A99D2E6CD97F}
[2012.05.27 00:13:09 | 000,002,168 | ---- | C] () -- C:\{432A73A3-F8C6-4C1A-BF9D-319B2B933F79}
[2012.05.26 23:14:15 | 000,002,272 | ---- | C] () -- C:\{F2DC457B-2F89-49A5-86FC-A3A27901A50D}
[2012.05.26 12:11:43 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\xp18ks.exe
[2012.05.26 07:59:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hexguaji.exe
[2012.05.26 07:58:06 | 000,000,065 | ---- | C] () -- C:\Windows\SysNative\xpguaji.exe
[2012.05.24 21:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hexsvchost.exe
[2012.05.23 19:58:27 | 000,000,680 | ---- | C] () -- C:\Users\Tomas\AppData\Local\d3d9caps.dat
[2012.05.23 19:44:44 | 000,001,460 | ---- | C] () -- C:\Users\Tomas\AppData\Local\d3d9caps64.dat
[2012.05.23 18:59:28 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.23 15:23:15 | 000,000,062 | ---- | C] () -- C:\Windows\SysNative\xp16s.exe
[2012.05.22 17:59:29 | 000,000,057 | ---- | C] () -- C:\Windows\SysNative\onffs.dat
[2012.05.22 17:54:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hexkaspas.exe
[2012.05.22 17:51:56 | 000,000,068 | ---- | C] () -- C:\Windows\SysNative\xpkaspas.exe
[2012.05.22 08:35:13 | 000,001,005 | ---- | C] () -- C:\Users\Tomas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.22 01:52:57 | 000,172,032 | ---- | C] () -- C:\Windows\SysNative\KsaIqXF.exe
[2012.05.22 01:50:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysNative\NfxPhzR.exe
[2012.05.21 13:30:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\axUrNkH.exe
[2012.05.21 01:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hexg1r5g15r.exe
[2012.05.21 01:23:45 | 000,000,072 | ---- | C] () -- C:\Windows\SysNative\xpg1r5g15r.exe
[2012.05.20 11:33:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hex158477567.exe
[2012.05.20 11:32:27 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\xp158477567.exe
[2012.05.18 07:20:42 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\xp21.exe
[2012.05.16 04:52:54 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\xpsys.exe
[2012.05.15 11:00:10 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\xp11.exe
[2012.05.14 21:37:57 | 000,000,066 | ---- | C] () -- C:\Windows\SysNative\xp1433.exe
[2012.05.14 20:40:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\onfserver.dat
[2012.05.10 23:40:49 | 000,000,062 | ---- | C] () -- C:\Windows\SysNative\onfNet.dat
[2012.05.08 13:26:52 | 000,000,068 | ---- | C] () -- C:\Windows\SysNative\xpsymtac.exe
[2012.05.02 18:28:47 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\xp12.exe
[2011.07.18 10:22:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\Sifrovani.dll
[2010.11.29 12:20:37 | 000,244,984 | ---- | C] () -- C:\Windows\SysWow64\Tutil32.dll
[2010.11.29 12:20:28 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\FODBCLib.dll
========== LOP Check ==========
[2011.07.18 10:31:12 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\GHISLER
[2010.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\HK-Software
[2009.07.10 01:19:37 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\IsolatedStorage
[2009.10.27 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Opera
[2011.06.07 14:14:16 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\TeamViewer
[2010.03.07 21:57:49 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\TightVNC
[2012.05.28 22:14:56 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
O4:64bit: - HKLM..\Run: [TrayMonitor.exe] C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BA5E73F7] C:\Windows\BA5E73F7\svchsot.exe File not found
O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] F:\Acronis_prgram\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis)
O4 - HKLM..\Run: [gserver] C:\Program Files\WindowsUpdate\gserver.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RAALTRANS 7.608] C:\RAAL\RTW7608\Server\RAALSrvr.exe (ComArr, s.r.o.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch TightVNC Server.lnk = C:\Program Files (x86)\TightVNC\WinVNC.exe (TightVNC Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Společnost Microsoft)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([i2.technet] http in Důvěryhodné servery)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arrow.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFC0D7C8-AD11-4EFD-B116-503E5B3A8E98}: NameServer = 192.168.1.100,127.0.0.1,192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O27:64bit: - HKLM IFEO\sethc.exe: Debugger - c:\windows\aq.bat File not found
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (pwdssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - File not found
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.05.30 19:50:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tomas\Desktop\OTL.exe
[2012.05.30 07:15:46 | 000,000,000 | ---D | C] -- C:\Windows\XXXXXXEA2B6E4F
[2012.05.30 02:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\WindowsUpdate
[2012.05.30 01:18:34 | 000,000,000 | ---D | C] -- C:\Windows\0CB1C4BC
[2012.05.29 21:49:59 | 000,000,000 | ---D | C] -- C:\Windows\EB8F2793
[2012.05.29 20:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rnop
[2012.05.28 11:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vrst
[2012.05.28 11:16:48 | 000,070,144 | ---- | C] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\hex22.exe
[2012.05.28 11:16:07 | 000,131,087 | ---- | C] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\boot22.exe
[2012.05.27 23:33:18 | 000,000,000 | ---D | C] -- C:\Windows\BA5E73F7
[2012.05.27 22:58:48 | 000,000,000 | ---D | C] -- C:\Windows\059D72F5
[2012.05.27 14:03:42 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012.05.26 12:12:16 | 000,000,000 | ---D | C] -- C:\Windows\A988A84B
[2012.05.25 22:29:11 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Local\Adobe
[2012.05.24 22:26:08 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tomas\Desktop\TDSSKiller.exe
[2012.05.23 18:59:37 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Roaming\Malwarebytes
[2012.05.23 18:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.23 18:59:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.23 18:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.23 18:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.23 17:41:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\S
[2012.05.22 11:05:16 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Local\NPE
[2012.05.22 08:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.22 08:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.05.22 08:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.05.22 01:47:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3218
[2012.05.22 01:09:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2632
[2012.05.22 00:08:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2212
[2012.05.21 23:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6464
[2012.05.21 23:41:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2860
[2012.05.21 23:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.21 23:27:18 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Tomas\Desktop\esetsmartinstaller_csy.exe
[2012.05.21 22:54:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7128
[2012.05.21 22:34:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3208
[2012.05.21 21:17:11 | 000,000,000 | ---D | C] -- C:\zaloha
[2012.05.21 16:44:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8120
[2012.05.21 16:23:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8411
[2012.05.21 14:59:42 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\BTkCUmD.exe
[2012.05.21 14:41:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6222
[2012.05.21 14:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uexu
[2012.05.21 14:31:52 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\frDOamy.exe
[2012.05.21 13:33:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8645
[2012.05.21 13:21:43 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\JpUAfLq.exe
[2012.05.21 12:38:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7662
[2012.05.21 12:34:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.05.21 12:34:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.05.21 12:33:59 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.05.21 12:33:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.05.21 12:33:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.05.21 12:33:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.05.21 12:33:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.05.21 12:33:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.05.21 12:33:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.05.21 12:33:57 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.05.21 12:33:57 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.05.21 11:58:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4168
[2012.05.21 11:22:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4421
[2012.05.21 09:25:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2499
[2012.05.21 08:24:05 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\FczWtPm.exe
[2012.05.21 07:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8376
[2012.05.21 07:43:28 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\bipwCJQ.exe
[2012.05.21 07:15:19 | 000,072,704 | ---- | C] (Sogou.com Inc.) -- C:\Windows\SysNative\ryELSYf.exe
[2012.05.20 17:49:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3017
[2012.05.20 16:38:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5897
[2012.05.20 16:15:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9686
[2012.05.20 15:10:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3746
[2012.05.20 14:15:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5320
[2012.05.20 09:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\-2146824231
[2012.05.20 09:32:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7174
[2012.05.20 09:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\2146482059
[2012.05.20 07:37:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5908
[2012.05.20 06:57:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7397
[2012.05.20 04:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7170
[2012.05.20 02:54:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6193
[2012.05.20 02:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\2123716100
[2012.05.20 02:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fbcd
[2012.05.20 02:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jski
[2012.05.20 02:43:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\i5294
[2012.05.20 02:43:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5294
[2012.05.20 02:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8676
[2012.05.20 01:46:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6448
[2012.05.20 01:13:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8364
[2012.05.20 01:07:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8951
[2012.05.19 23:28:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4479
[2012.05.19 23:13:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6645
[2012.05.19 23:00:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7424
[2012.05.19 22:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2343
[2012.05.19 20:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6532
[2012.05.19 20:27:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7772
[2012.05.19 19:23:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2129
[2012.05.19 18:16:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4045
[2012.05.19 17:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i1587
[2012.05.19 15:59:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2815
[2012.05.19 11:32:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6465
[2012.05.19 10:18:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6096
[2012.05.19 09:01:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8625
[2012.05.19 08:45:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5796
[2012.05.19 08:36:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2927
[2012.05.19 08:25:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2144
[2012.05.19 08:06:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3105
[2012.05.19 07:59:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2854
[2012.05.19 06:54:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4548
[2012.05.19 06:19:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4398
[2012.05.19 06:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5401
[2012.05.19 05:45:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6747
[2012.05.19 05:45:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2528
[2012.05.19 04:35:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8598
[2012.05.19 04:01:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3982
[2012.05.19 04:01:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i1669
[2012.05.19 02:52:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4483
[2012.05.19 02:18:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6899
[2012.05.19 02:17:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i1330
[2012.05.19 01:43:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i4938
[2012.05.19 01:08:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5668
[2012.05.19 01:08:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9250
[2012.05.19 00:34:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5368
[2012.05.19 00:08:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9792
[2012.05.19 00:07:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i1729
[2012.05.19 00:05:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3842
[2012.05.19 00:03:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3272
[2012.05.19 00:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2466
[2012.05.19 00:02:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9017
[2012.05.19 00:01:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7860
[2012.05.18 23:34:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9679
[2012.05.18 23:25:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3562
[2012.05.18 23:24:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7823
[2012.05.18 23:13:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5282
[2012.05.18 23:13:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5443
[2012.05.18 23:08:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7225
[2012.05.18 23:08:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5712
[2012.05.18 23:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8244
[2012.05.18 22:55:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7587
[2012.05.18 22:47:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7612
[2012.05.18 22:43:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3147
[2012.05.18 22:43:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3100
[2012.05.18 22:40:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8730
[2012.05.18 22:39:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8623
[2012.05.18 22:24:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2216
[2012.05.18 22:24:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6758
[2012.05.18 22:17:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7230
[2012.05.18 22:15:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6001
[2012.05.18 22:09:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2803
[2012.05.18 22:08:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5656
[2012.05.18 22:02:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2597
[2012.05.18 22:00:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9151
[2012.05.18 21:42:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3907
[2012.05.18 21:41:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7210
[2012.05.18 21:37:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2513
[2012.05.18 21:26:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6870
[2012.05.18 21:09:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2760
[2012.05.18 21:09:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9560
[2012.05.18 21:08:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2713
[2012.05.18 21:07:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2990
[2012.05.18 21:00:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3424
[2012.05.18 21:00:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3383
[2012.05.18 20:59:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9453
[2012.05.18 20:52:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8694
[2012.05.18 20:51:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8648
[2012.05.18 20:43:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i1624
[2012.05.18 20:21:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8937
[2012.05.18 20:09:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i7874
[2012.05.18 20:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3206
[2012.05.18 20:01:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2405
[2012.05.18 20:01:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3609
[2012.05.18 19:59:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5867
[2012.05.18 19:58:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9384
[2012.05.18 19:58:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i5492
[2012.05.18 19:37:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i2575
[2012.05.18 19:32:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i9063
[2012.05.18 19:31:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i6525
[2012.05.18 19:28:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i8769
[2012.05.18 19:24:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\i3362
[2012.05.16 16:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\temp
[2012.05.16 04:53:39 | 000,000,000 | ---D | C] -- C:\Windows\EE2E9730
[2012.05.14 20:40:59 | 000,000,000 | ---D | C] -- C:\Windows\AC86A234
[2012.05.11 22:14:26 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.11 22:14:26 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.11 22:14:26 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.11 22:14:26 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.11 22:14:26 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.11 22:14:07 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.11 10:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iefg
[2012.05.11 10:46:44 | 000,063,503 | ---- | C] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\hex33.exe
[2012.05.11 10:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lhij
[2012.05.11 10:46:10 | 000,131,584 | ---- | C] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\boot33.exe
[2012.05.11 04:15:11 | 000,000,000 | ---D | C] -- C:\Windows\EB7E350E
[2012.05.02 18:29:20 | 000,311,728 | ---- | C] (360.cn) -- C:\Windows\SysNative\hex12.exe
[2012.05.02 18:28:48 | 000,311,728 | ---- | C] (360.cn) -- C:\Windows\SysNative\boot12.exe
========== Files - Modified Within 30 Days ==========
[2012.05.30 20:56:48 | 000,000,680 | ---- | M] () -- C:\Users\Tomas\AppData\Local\d3d9caps.dat
[2012.05.30 20:20:08 | 000,003,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 20:20:07 | 000,003,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 19:53:01 | 000,001,460 | ---- | M] () -- C:\Users\Tomas\AppData\Local\d3d9caps64.dat
[2012.05.30 19:40:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tomas\Desktop\OTL.exe
[2012.05.30 13:10:17 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\onf1.dat
[2012.05.30 09:56:29 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\tmp.db
[2012.05.30 08:07:05 | 000,002,160 | ---- | M] () -- C:\{E324A991-D805-40FC-9BE0-6563772A72C5}
[2012.05.30 06:52:45 | 000,002,192 | ---- | M] () -- C:\{C8BE8929-6EDB-4715-888A-BFC1ABA4A1CD}
[2012.05.30 06:35:32 | 000,002,200 | ---- | M] () -- C:\{10612DB9-EFE6-4A7E-9862-F97385B8A416}
[2012.05.30 06:25:42 | 000,002,800 | ---- | M] () -- C:\{BACAE543-8D7A-4C95-B27C-F9656252D05B}
[2012.05.30 06:18:35 | 000,002,208 | ---- | M] () -- C:\{49B78047-78F6-423C-A8D6-9E7F8AC6CDA9}
[2012.05.30 06:10:57 | 000,002,184 | ---- | M] () -- C:\{2F564691-938F-4BD1-AC87-6EA5722ADAF7}
[2012.05.30 06:09:21 | 000,002,264 | ---- | M] () -- C:\{7D2A906E-1298-4206-9A9E-DD70C04C3C14}
[2012.05.30 05:30:00 | 000,002,208 | ---- | M] () -- C:\{05C90361-1BA0-447E-9F80-336359B596C2}
[2012.05.30 05:23:11 | 000,002,152 | ---- | M] () -- C:\{306A4029-8CA0-45A5-B7CE-F498D471C89B}
[2012.05.30 04:57:45 | 000,002,168 | ---- | M] () -- C:\{D258C2AF-F63A-4FA0-B3FD-2D88A0B50C97}
[2012.05.30 04:52:41 | 000,002,272 | ---- | M] () -- C:\{C783B299-B96E-45FB-9813-58EBDD8E0977}
[2012.05.30 04:46:05 | 000,002,160 | ---- | M] () -- C:\{454681C8-ECB8-4C24-BB2F-7FA9AB8A26FE}
[2012.05.30 03:22:37 | 000,003,784 | ---- | M] () -- C:\{8A59635A-A264-416E-B42D-2EA62EFBFC3A}
[2012.05.30 03:17:52 | 000,000,066 | ---- | M] () -- C:\xpsys.exe
[2012.05.30 03:17:50 | 000,000,063 | ---- | M] () -- C:\Windows\SysNative\xpsys.exe
[2012.05.30 02:42:22 | 000,100,276 | ---- | M] () -- C:\Windows\SysNative\hexlsass.exe
[2012.05.30 02:41:07 | 000,000,061 | ---- | M] () -- C:\Windows\SysNative\onflsass.dat
[2012.05.30 01:20:14 | 000,002,120 | ---- | M] () -- C:\{1922D329-9780-4863-82D9-1D17BF0F3065}
[2012.05.30 01:14:34 | 000,000,067 | ---- | M] () -- C:\xplsass.exe
[2012.05.30 01:14:32 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\xplsass.exe
[2012.05.29 21:49:03 | 000,081,920 | ---- | M] () -- C:\Windows\SysNative\hexsql.exe
[2012.05.29 21:48:14 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\onfsql.dat
[2012.05.29 20:38:33 | 000,020,480 | ---- | M] () -- C:\Windows\start.exe
[2012.05.29 20:09:18 | 000,003,368 | ---- | M] () -- C:\{657D50FE-D1B8-4DFA-8FEE-6AC16115AEB8}
[2012.05.29 20:07:47 | 000,000,043 | ---- | M] () -- C:\WinWall32.gif
[2012.05.29 20:06:49 | 000,000,060 | ---- | M] () -- C:\xp1.exe
[2012.05.29 20:06:47 | 000,000,057 | ---- | M] () -- C:\Windows\SysNative\xp1.exe
[2012.05.29 19:15:33 | 000,020,480 | ---- | M] () -- C:\Windows\test.dat
[2012.05.29 14:43:48 | 000,000,000 | ---- | M] () -- C:\hexvpn.exe
[2012.05.29 14:43:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hexvpn.exe
[2012.05.29 14:42:39 | 000,000,067 | ---- | M] () -- C:\xpvpn.exe
[2012.05.29 14:42:37 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\xpvpn.exe
[2012.05.29 13:04:13 | 000,000,065 | ---- | M] () -- C:\xp123.exe
[2012.05.29 13:04:10 | 000,000,062 | ---- | M] () -- C:\Windows\SysNative\xp123.exe
[2012.05.29 07:32:29 | 000,000,067 | ---- | M] () -- C:\xp360re.exe
[2012.05.29 07:32:25 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\xp360re.exe
[2012.05.29 07:25:06 | 000,003,768 | ---- | M] () -- C:\{5ABD6270-A621-4D9C-96FF-B2578FDE95CF}
[2012.05.29 06:26:07 | 000,002,248 | ---- | M] () -- C:\{0359F883-AD14-4E90-B668-5DB66AD15C60}
[2012.05.29 05:25:06 | 000,002,144 | ---- | M] () -- C:\{115DC873-2257-4A5F-9F39-F0EC81A71353}
[2012.05.29 05:22:51 | 000,003,752 | ---- | M] () -- C:\{3A2BF1B8-C8A3-4F88-9358-82DEBDEEA83C}
[2012.05.29 05:15:07 | 000,003,768 | ---- | M] () -- C:\{96125E87-E06A-4E4B-9E08-5AF3E8AB1469}
[2012.05.29 04:53:37 | 000,002,272 | ---- | M] () -- C:\{70E6544C-035D-42F8-833F-17A098E7FBE8}
[2012.05.29 04:52:32 | 000,002,272 | ---- | M] () -- C:\{AF416FA8-83D6-4B91-9E8F-D1506D75E038}
[2012.05.28 22:19:40 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.05.28 22:18:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.28 21:20:26 | 000,000,060 | ---- | M] () -- C:\xp2.exe
[2012.05.28 21:20:25 | 000,000,057 | ---- | M] () -- C:\Windows\SysNative\xp2.exe
[2012.05.28 11:16:48 | 000,070,144 | ---- | M] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\hex22.exe
[2012.05.28 11:16:20 | 000,131,087 | ---- | M] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\boot22.exe
[2012.05.28 11:16:03 | 000,000,061 | ---- | M] () -- C:\xp22.exe
[2012.05.28 11:16:02 | 000,000,058 | ---- | M] () -- C:\Windows\SysNative\xp22.exe
[2012.05.28 06:14:57 | 000,002,208 | ---- | M] () -- C:\{B3258F53-449C-4FDA-982B-8E50A2AAB75E}
[2012.05.28 06:10:21 | 000,002,800 | ---- | M] () -- C:\{81A58222-451C-4A31-A545-F8148631EBAF}
[2012.05.28 04:57:56 | 000,002,168 | ---- | M] () -- C:\{E0E38467-6A8A-4A04-807D-798AC5AFBC79}
[2012.05.27 23:58:53 | 000,003,800 | ---- | M] () -- C:\{9155AEA7-B91F-4FCB-9C88-059581473FD9}
[2012.05.27 23:56:38 | 000,003,792 | ---- | M] () -- C:\{4CA87552-D328-407B-AA67-45B3C847DE19}
[2012.05.27 23:38:30 | 000,000,066 | ---- | M] () -- C:\xpDark.exe
[2012.05.27 23:38:28 | 000,000,063 | ---- | M] () -- C:\Windows\SysNative\xpDark.exe
[2012.05.27 06:02:36 | 000,002,192 | ---- | M] () -- C:\{E0D8FDAD-18E0-487F-BBC6-DBD448B6BACF}
[2012.05.27 05:31:48 | 000,002,208 | ---- | M] () -- C:\{BC563C32-485C-42D4-91CD-13AAAF9C38C3}
[2012.05.27 05:25:25 | 000,002,800 | ---- | M] () -- C:\{DB76307A-60CD-4582-8058-315B435CCDF2}
[2012.05.27 04:50:58 | 000,002,272 | ---- | M] () -- C:\{52AA5B3A-6D94-4774-8FD5-F0B7BA12536C}
[2012.05.27 00:22:34 | 000,002,208 | ---- | M] () -- C:\{716F0142-6C7A-4AAA-918F-A99D2E6CD97F}
[2012.05.27 00:13:09 | 000,002,168 | ---- | M] () -- C:\{432A73A3-F8C6-4C1A-BF9D-319B2B933F79}
[2012.05.26 23:14:15 | 000,002,272 | ---- | M] () -- C:\{F2DC457B-2F89-49A5-86FC-A3A27901A50D}
[2012.05.26 12:11:43 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\xp18ks.exe
[2012.05.26 07:59:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hexguaji.exe
[2012.05.26 07:58:06 | 000,000,065 | ---- | M] () -- C:\Windows\SysNative\xpguaji.exe
[2012.05.25 05:18:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hexsvchost.exe
[2012.05.25 05:17:16 | 000,000,069 | ---- | M] () -- C:\Windows\SysNative\xpsvchost.exe
[2012.05.24 22:26:08 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tomas\Desktop\TDSSKiller.exe
[2012.05.23 19:17:29 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.05.23 19:16:06 | 002,371,058 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Cat.DB
[2012.05.23 19:15:35 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\VT20120410.034
[2012.05.23 18:59:28 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.23 15:23:15 | 000,000,062 | ---- | M] () -- C:\Windows\SysNative\xp16s.exe
[2012.05.22 20:01:02 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\xp360.exe
[2012.05.22 17:59:29 | 000,000,057 | ---- | M] () -- C:\Windows\SysNative\onffs.dat
[2012.05.22 17:54:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hexkaspas.exe
[2012.05.22 17:51:57 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\xpkaspas.exe
[2012.05.22 09:06:46 | 000,442,859 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.05.22 08:35:13 | 000,001,005 | ---- | M] () -- C:\Users\Tomas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.22 01:53:00 | 000,172,032 | ---- | M] () -- C:\Windows\SysNative\KsaIqXF.exe
[2012.05.22 01:50:16 | 000,073,728 | ---- | M] () -- C:\Windows\SysNative\NfxPhzR.exe
[2012.05.21 23:28:11 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Tomas\Desktop\esetsmartinstaller_csy.exe
[2012.05.21 17:28:24 | 004,671,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.21 17:28:24 | 001,809,194 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.05.21 17:28:24 | 001,794,312 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.21 17:28:24 | 000,516,726 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.05.21 17:28:24 | 000,487,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.21 14:59:43 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\BTkCUmD.exe
[2012.05.21 14:31:53 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\frDOamy.exe
[2012.05.21 14:23:27 | 000,001,742 | -H-- | M] () -- C:\Users\Tomas\Documents\Default.rdp
[2012.05.21 13:30:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\axUrNkH.exe
[2012.05.21 13:27:40 | 000,228,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.21 13:21:43 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\JpUAfLq.exe
[2012.05.21 08:24:06 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\FczWtPm.exe
[2012.05.21 07:43:30 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\bipwCJQ.exe
[2012.05.21 07:15:21 | 000,072,704 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysNative\ryELSYf.exe
[2012.05.21 01:26:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hexg1r5g15r.exe
[2012.05.21 01:23:45 | 000,000,072 | ---- | M] () -- C:\Windows\SysNative\xpg1r5g15r.exe
[2012.05.20 11:33:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\hex158477567.exe
[2012.05.20 11:32:27 | 000,000,074 | ---- | M] () -- C:\Windows\SysNative\xp158477567.exe
[2012.05.18 07:20:42 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\xp21.exe
[2012.05.16 16:03:16 | 000,000,062 | ---- | M] () -- C:\Windows\SysNative\onfNet.dat
[2012.05.15 11:00:10 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\xp11.exe
[2012.05.14 21:37:57 | 000,000,066 | ---- | M] () -- C:\Windows\SysNative\xp1433.exe
[2012.05.14 20:40:33 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\onfserver.dat
[2012.05.13 09:40:04 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\isolate.ini
[2012.05.11 10:46:44 | 000,063,503 | ---- | M] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\hex33.exe
[2012.05.11 10:46:20 | 000,131,584 | ---- | M] (Alibaba software (Shanghai) Corporation.) -- C:\Windows\SysNative\boot33.exe
[2012.05.11 10:46:07 | 000,000,058 | ---- | M] () -- C:\Windows\SysNative\xp33.exe
[2012.05.08 13:26:52 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\xpsymtac.exe
[2012.05.02 18:29:20 | 000,311,728 | ---- | M] (360.cn) -- C:\Windows\SysNative\hex12.exe
[2012.05.02 18:28:49 | 000,311,728 | ---- | M] (360.cn) -- C:\Windows\SysNative\boot12.exe
[2012.05.02 18:28:47 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\xp12.exe
========== Files Created - No Company Name ==========
[2012.05.30 09:56:29 | 000,000,054 | ---- | C] () -- C:\Windows\SysNative\tmp.db
[2012.05.30 08:07:05 | 000,002,160 | ---- | C] () -- C:\{E324A991-D805-40FC-9BE0-6563772A72C5}
[2012.05.30 06:52:45 | 000,002,192 | ---- | C] () -- C:\{C8BE8929-6EDB-4715-888A-BFC1ABA4A1CD}
[2012.05.30 06:35:31 | 000,002,200 | ---- | C] () -- C:\{10612DB9-EFE6-4A7E-9862-F97385B8A416}
[2012.05.30 06:25:42 | 000,002,800 | ---- | C] () -- C:\{BACAE543-8D7A-4C95-B27C-F9656252D05B}
[2012.05.30 06:18:35 | 000,002,208 | ---- | C] () -- C:\{49B78047-78F6-423C-A8D6-9E7F8AC6CDA9}
[2012.05.30 06:10:57 | 000,002,184 | ---- | C] () -- C:\{2F564691-938F-4BD1-AC87-6EA5722ADAF7}
[2012.05.30 06:09:21 | 000,002,264 | ---- | C] () -- C:\{7D2A906E-1298-4206-9A9E-DD70C04C3C14}
[2012.05.30 05:30:00 | 000,002,208 | ---- | C] () -- C:\{05C90361-1BA0-447E-9F80-336359B596C2}
[2012.05.30 05:23:11 | 000,002,152 | ---- | C] () -- C:\{306A4029-8CA0-45A5-B7CE-F498D471C89B}
[2012.05.30 04:57:45 | 000,002,168 | ---- | C] () -- C:\{D258C2AF-F63A-4FA0-B3FD-2D88A0B50C97}
[2012.05.30 04:52:40 | 000,002,272 | ---- | C] () -- C:\{C783B299-B96E-45FB-9813-58EBDD8E0977}
[2012.05.30 04:46:05 | 000,002,160 | ---- | C] () -- C:\{454681C8-ECB8-4C24-BB2F-7FA9AB8A26FE}
[2012.05.30 03:22:37 | 000,003,784 | ---- | C] () -- C:\{8A59635A-A264-416E-B42D-2EA62EFBFC3A}
[2012.05.30 02:43:03 | 000,020,480 | ---- | C] () -- C:\Windows\test.dat
[2012.05.30 02:43:03 | 000,020,480 | ---- | C] () -- C:\Windows\start.exe
[2012.05.30 02:42:22 | 000,100,276 | ---- | C] () -- C:\Windows\SysNative\hexlsass.exe
[2012.05.30 02:41:07 | 000,000,061 | ---- | C] () -- C:\Windows\SysNative\onflsass.dat
[2012.05.30 01:20:14 | 000,002,120 | ---- | C] () -- C:\{1922D329-9780-4863-82D9-1D17BF0F3065}
[2012.05.30 01:14:34 | 000,000,067 | ---- | C] () -- C:\xplsass.exe
[2012.05.30 01:14:32 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\xplsass.exe
[2012.05.29 20:09:18 | 000,003,368 | ---- | C] () -- C:\{657D50FE-D1B8-4DFA-8FEE-6AC16115AEB8}
[2012.05.29 14:43:48 | 000,000,000 | ---- | C] () -- C:\hexvpn.exe
[2012.05.29 14:43:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hexvpn.exe
[2012.05.29 14:42:39 | 000,000,067 | ---- | C] () -- C:\xpvpn.exe
[2012.05.29 14:42:37 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\xpvpn.exe
[2012.05.29 13:04:13 | 000,000,065 | ---- | C] () -- C:\xp123.exe
[2012.05.29 07:32:29 | 000,000,067 | ---- | C] () -- C:\xp360re.exe
[2012.05.29 07:32:25 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\xp360re.exe
[2012.05.29 07:25:06 | 000,003,768 | ---- | C] () -- C:\{5ABD6270-A621-4D9C-96FF-B2578FDE95CF}
[2012.05.29 06:26:06 | 000,002,248 | ---- | C] () -- C:\{0359F883-AD14-4E90-B668-5DB66AD15C60}
[2012.05.29 05:25:06 | 000,002,144 | ---- | C] () -- C:\{115DC873-2257-4A5F-9F39-F0EC81A71353}
[2012.05.29 05:22:50 | 000,003,752 | ---- | C] () -- C:\{3A2BF1B8-C8A3-4F88-9358-82DEBDEEA83C}
[2012.05.29 05:15:07 | 000,003,768 | ---- | C] () -- C:\{96125E87-E06A-4E4B-9E08-5AF3E8AB1469}
[2012.05.29 04:53:37 | 000,002,272 | ---- | C] () -- C:\{70E6544C-035D-42F8-833F-17A098E7FBE8}
[2012.05.29 04:52:31 | 000,002,272 | ---- | C] () -- C:\{AF416FA8-83D6-4B91-9E8F-D1506D75E038}
[2012.05.28 21:20:26 | 000,000,060 | ---- | C] () -- C:\xp2.exe
[2012.05.28 21:20:25 | 000,000,057 | ---- | C] () -- C:\Windows\SysNative\xp2.exe
[2012.05.28 11:16:03 | 000,000,061 | ---- | C] () -- C:\xp22.exe
[2012.05.28 11:16:02 | 000,000,058 | ---- | C] () -- C:\Windows\SysNative\xp22.exe
[2012.05.28 06:14:57 | 000,002,208 | ---- | C] () -- C:\{B3258F53-449C-4FDA-982B-8E50A2AAB75E}
[2012.05.28 06:10:21 | 000,002,800 | ---- | C] () -- C:\{81A58222-451C-4A31-A545-F8148631EBAF}
[2012.05.28 04:57:56 | 000,002,168 | ---- | C] () -- C:\{E0E38467-6A8A-4A04-807D-798AC5AFBC79}
[2012.05.28 01:39:40 | 000,000,043 | ---- | C] () -- C:\WinWall32.gif
[2012.05.27 23:58:53 | 000,003,800 | ---- | C] () -- C:\{9155AEA7-B91F-4FCB-9C88-059581473FD9}
[2012.05.27 23:56:37 | 000,003,792 | ---- | C] () -- C:\{4CA87552-D328-407B-AA67-45B3C847DE19}
[2012.05.27 23:31:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysNative\hexsql.exe
[2012.05.27 23:30:13 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\onfsql.dat
[2012.05.27 23:28:28 | 000,000,066 | ---- | C] () -- C:\xpDark.exe
[2012.05.27 23:28:25 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\xpDark.exe
[2012.05.27 20:38:55 | 000,000,066 | ---- | C] () -- C:\xpsys.exe
[2012.05.27 18:12:04 | 000,000,060 | ---- | C] () -- C:\xp1.exe
[2012.05.27 06:02:36 | 000,002,192 | ---- | C] () -- C:\{E0D8FDAD-18E0-487F-BBC6-DBD448B6BACF}
[2012.05.27 05:31:47 | 000,002,208 | ---- | C] () -- C:\{BC563C32-485C-42D4-91CD-13AAAF9C38C3}
[2012.05.27 05:25:25 | 000,002,800 | ---- | C] () -- C:\{DB76307A-60CD-4582-8058-315B435CCDF2}
[2012.05.27 04:50:57 | 000,002,272 | ---- | C] () -- C:\{52AA5B3A-6D94-4774-8FD5-F0B7BA12536C}
[2012.05.27 00:22:34 | 000,002,208 | ---- | C] () -- C:\{716F0142-6C7A-4AAA-918F-A99D2E6CD97F}
[2012.05.27 00:13:09 | 000,002,168 | ---- | C] () -- C:\{432A73A3-F8C6-4C1A-BF9D-319B2B933F79}
[2012.05.26 23:14:15 | 000,002,272 | ---- | C] () -- C:\{F2DC457B-2F89-49A5-86FC-A3A27901A50D}
[2012.05.26 12:11:43 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\xp18ks.exe
[2012.05.26 07:59:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hexguaji.exe
[2012.05.26 07:58:06 | 000,000,065 | ---- | C] () -- C:\Windows\SysNative\xpguaji.exe
[2012.05.24 21:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hexsvchost.exe
[2012.05.23 19:58:27 | 000,000,680 | ---- | C] () -- C:\Users\Tomas\AppData\Local\d3d9caps.dat
[2012.05.23 19:44:44 | 000,001,460 | ---- | C] () -- C:\Users\Tomas\AppData\Local\d3d9caps64.dat
[2012.05.23 18:59:28 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.23 15:23:15 | 000,000,062 | ---- | C] () -- C:\Windows\SysNative\xp16s.exe
[2012.05.22 17:59:29 | 000,000,057 | ---- | C] () -- C:\Windows\SysNative\onffs.dat
[2012.05.22 17:54:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hexkaspas.exe
[2012.05.22 17:51:56 | 000,000,068 | ---- | C] () -- C:\Windows\SysNative\xpkaspas.exe
[2012.05.22 08:35:13 | 000,001,005 | ---- | C] () -- C:\Users\Tomas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.22 01:52:57 | 000,172,032 | ---- | C] () -- C:\Windows\SysNative\KsaIqXF.exe
[2012.05.22 01:50:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysNative\NfxPhzR.exe
[2012.05.21 13:30:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\axUrNkH.exe
[2012.05.21 01:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hexg1r5g15r.exe
[2012.05.21 01:23:45 | 000,000,072 | ---- | C] () -- C:\Windows\SysNative\xpg1r5g15r.exe
[2012.05.20 11:33:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\hex158477567.exe
[2012.05.20 11:32:27 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\xp158477567.exe
[2012.05.18 07:20:42 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\xp21.exe
[2012.05.16 04:52:54 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\xpsys.exe
[2012.05.15 11:00:10 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\xp11.exe
[2012.05.14 21:37:57 | 000,000,066 | ---- | C] () -- C:\Windows\SysNative\xp1433.exe
[2012.05.14 20:40:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\onfserver.dat
[2012.05.10 23:40:49 | 000,000,062 | ---- | C] () -- C:\Windows\SysNative\onfNet.dat
[2012.05.08 13:26:52 | 000,000,068 | ---- | C] () -- C:\Windows\SysNative\xpsymtac.exe
[2012.05.02 18:28:47 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\xp12.exe
[2011.07.18 10:22:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\Sifrovani.dll
[2010.11.29 12:20:37 | 000,244,984 | ---- | C] () -- C:\Windows\SysWow64\Tutil32.dll
[2010.11.29 12:20:28 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\FODBCLib.dll
========== LOP Check ==========
[2011.07.18 10:31:12 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\GHISLER
[2010.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\HK-Software
[2009.07.10 01:19:37 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\IsolatedStorage
[2009.10.27 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Opera
[2011.06.07 14:14:16 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\TeamViewer
[2010.03.07 21:57:49 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\TightVNC
[2012.05.28 22:14:56 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Mohu poprosit o kontrolu logu HiJackThis
Pane bože!! Tak to je síla!! To už jsem dlouho neviděl , skoro to vypadá na viruta!
Stáhni AVP Tools
na svojí plochu.
Zaškrtni :
Hidden startup objects
System Memory
Disk boot sectors
Dokumenty
My email
Počítač
Místní disk C
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
A jiné , např. Flash disky , které máš připojeny.
Pokračuj podle instrukcí.Na konci se objeví textový soubor , který si hned ulož (save log) na svojí plochu pod názvem KAS.txt .Poté sem vlož celý obsah toho logu.
Pokud se Ti log nezobrazí:
Pokud máš AVPtool stále zapnutý, zkus zmáčknout tlačítko Zpráva (Report).
Pokud se Ti zobrazí tabulka, klikni na ní pravým myšítkem a dej Maximalize a měli by se Ti zobrazit výsledky.
http://www.sosej.cz/Download/Kaspersky- ... nload.html
Stáhni si z jiného PC Kaspersky Rescue Disk 10
Soubor .iso vypal na CD v tomto programu:
http://www.slunecnice.cz/sw/active-iso-burner/
Při startu windows drž klávesu Delete a dostaneš se do BIOSu. V něm , na záložce BOOT, změň boot na prvním místě na CD/DVD. Potvrď změnu (Save and Exit).
Po restartu se na chvíli objeví BIOS a poté černá obrazovka ,nahoře s textem:
Boot z CD/DVD pokračujte libovolnou klávesou- nějakou hned stiskni.
Pak se již nabootuje Kaspersky Rescue Disk. V tomto programu můžeš odstranit viry, spyware nebo jiný nebezpečný a škodlivý software.
Měl by si vybrat myslím tu druhou možnost od shora, pak vybrat :
All peripherialls ( to je všechny disky- oddíly), flešky, mechaniky, MBR atd.
Při pokračování trvá někdy dlouho černá obrazovka , vydrž , program stále pracuje.
http://www.softpedia.com/progScreenshot ... 00454.html
http://www.softpedia.com/get/Antivirus/ ... Disk.shtml
zatím si nic nezálohuj!! Hlavně žádné .exe soubory!!
Stáhni AVP Tools
na svojí plochu.
Zaškrtni :
Hidden startup objects
System Memory
Disk boot sectors
Dokumenty
My email
Počítač
Místní disk C
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
A jiné , např. Flash disky , které máš připojeny.
Pokračuj podle instrukcí.Na konci se objeví textový soubor , který si hned ulož (save log) na svojí plochu pod názvem KAS.txt .Poté sem vlož celý obsah toho logu.
Pokud se Ti log nezobrazí:
Pokud máš AVPtool stále zapnutý, zkus zmáčknout tlačítko Zpráva (Report).
Pokud se Ti zobrazí tabulka, klikni na ní pravým myšítkem a dej Maximalize a měli by se Ti zobrazit výsledky.
http://www.sosej.cz/Download/Kaspersky- ... nload.html
Stáhni si z jiného PC Kaspersky Rescue Disk 10
Soubor .iso vypal na CD v tomto programu:
http://www.slunecnice.cz/sw/active-iso-burner/
Při startu windows drž klávesu Delete a dostaneš se do BIOSu. V něm , na záložce BOOT, změň boot na prvním místě na CD/DVD. Potvrď změnu (Save and Exit).
Po restartu se na chvíli objeví BIOS a poté černá obrazovka ,nahoře s textem:
Boot z CD/DVD pokračujte libovolnou klávesou- nějakou hned stiskni.
Pak se již nabootuje Kaspersky Rescue Disk. V tomto programu můžeš odstranit viry, spyware nebo jiný nebezpečný a škodlivý software.
Měl by si vybrat myslím tu druhou možnost od shora, pak vybrat :
All peripherialls ( to je všechny disky- oddíly), flešky, mechaniky, MBR atd.
Při pokračování trvá někdy dlouho černá obrazovka , vydrž , program stále pracuje.
http://www.softpedia.com/progScreenshot ... 00454.html
http://www.softpedia.com/get/Antivirus/ ... Disk.shtml
zatím si nic nezálohuj!! Hlavně žádné .exe soubory!!
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Mohu poprosit o kontrolu logu HiJackThis
Ahoj,
dík moc za stálou podporu. Budu pokračovat podle tvích pokynů asi po víkendu. K těm zálohám, zálohuje se mi celej komp každej den. Jinak můžu se zeptat co je v tom logu ta kritická část?.
Dík Tomáš
dík moc za stálou podporu. Budu pokračovat podle tvích pokynů asi po víkendu. K těm zálohám, zálohuje se mi celej komp každej den. Jinak můžu se zeptat co je v tom logu ta kritická část?.
Dík Tomáš
Re: Mohu poprosit o kontrolu logu HiJackThis
a pak mě napadá, proč si stím symantec neví vůbec rady?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Mohu poprosit o kontrolu logu HiJackThis
ani jeden antivir není a nemůže být 100%...
Pokud se Ti v AVP tool ukáže "Virut" pokračuj v AVP a pak mi log ukaž , budeme pokračovat dále.
Pokud se Ti v AVP tool ukáže "Virut" pokračuj v AVP a pak mi log ukaž , budeme pokračovat dále.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Mohu poprosit o kontrolu logu HiJackThis
cd Kasperského mám vypálené a funkční ten AVP snad zkusím večer. Jinak dík moc asi ti dávám zabrat:-).
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Mohu poprosit o kontrolu logu HiJackThis
No je to síla , to už jsem dlouho neviděl , mám vypracovaný i script do OTL , dlouhý asi kilometr... 
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Mohu poprosit o kontrolu logu HiJackThis
hmm.. to jsem právě kooukal jak se vyznáš v to logu?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Mohu poprosit o kontrolu logu HiJackThis
Zkušenosti , hlavně zahraniční antivirová fóra .
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Mohu poprosit o kontrolu logu HiJackThis
ahoj,
tak jsem ten počítač projel tím Kasperským, ten si vyžádal reset a ztratil jsem log.
Po druhé mi to spadlo při ukládání logu.
Teď jsem to spustil znovu a log uložil v průběhu scanu. Obecně jsou tam stále stejné napadené soubory:
Status: Deleted (events: 14)
4.6.2012 22:36:04 Deleted Trojan program Backdoor.Win32.Agent.citd C:\hexster.exe High
4.6.2012 22:36:04 Deleted Trojan program Backdoor.Win32.Agent.citd C:\hexster.exe//Molebox High
4.6.2012 22:36:02 Deleted Trojan program Trojan-Downloader.BAT.Small.f C:\xp1.exe High
4.6.2012 22:36:00 Deleted Trojan program Backdoor.Win32.Agent.bwcb C:\hex1234.exe High
4.6.2012 22:36:00 Deleted Trojan program Backdoor.Win32.Agent.bwcb C:\hex1234.exe//PE_Patch High
4.6.2012 22:36:00 Deleted Trojan program Backdoor.Win32.Agent.bwcb C:\hex1234.exe//PE_Patch//ASProtect High
4.6.2012 22:36:03 Deleted Trojan program Trojan-Downloader.BAT.Small.f C:\xp1234.exe High
4.6.2012 22:36:05 Deleted Trojan program Trojan-Downloader.BAT.Small.bo C:\xprt.exe High
4.6.2012 22:36:07 Deleted Trojan program Trojan-Downloader.BAT.Small.aq C:\xpster.exe High
4.6.2012 22:36:12 Deleted Trojan program Trojan-Downloader.BAT.Small.bo C:\xpWjabixiqw_NET.exe High
4.6.2012 22:36:13 Deleted Trojan program Trojan-Spy.Win32.Agent.cbot C:\Documents and Settings\hexserver.exe High
4.6.2012 22:36:14 Deleted Trojan program Trojan-Downloader.BAT.Small.f C:\Documents and Settings\onf024.dat High
4.6.2012 22:36:15 Deleted Trojan program Trojan-Downloader.BAT.Ftp.nt C:\Documents and Settings\onfhhdtdz.dat High
4.6.2012 22:36:21 Deleted Trojan program Trojan-Downloader.BAT.Ftp.nt C:\Documents and Settings\onfserver.dat High
zkusím sem dát úplnej log. Jinak jak jsem mu povoloval mazat soubory, nikde tam nebyl název virut.
tak jsem ten počítač projel tím Kasperským, ten si vyžádal reset a ztratil jsem log.
Po druhé mi to spadlo při ukládání logu.
Teď jsem to spustil znovu a log uložil v průběhu scanu. Obecně jsou tam stále stejné napadené soubory:
Status: Deleted (events: 14)
4.6.2012 22:36:04 Deleted Trojan program Backdoor.Win32.Agent.citd C:\hexster.exe High
4.6.2012 22:36:04 Deleted Trojan program Backdoor.Win32.Agent.citd C:\hexster.exe//Molebox High
4.6.2012 22:36:02 Deleted Trojan program Trojan-Downloader.BAT.Small.f C:\xp1.exe High
4.6.2012 22:36:00 Deleted Trojan program Backdoor.Win32.Agent.bwcb C:\hex1234.exe High
4.6.2012 22:36:00 Deleted Trojan program Backdoor.Win32.Agent.bwcb C:\hex1234.exe//PE_Patch High
4.6.2012 22:36:00 Deleted Trojan program Backdoor.Win32.Agent.bwcb C:\hex1234.exe//PE_Patch//ASProtect High
4.6.2012 22:36:03 Deleted Trojan program Trojan-Downloader.BAT.Small.f C:\xp1234.exe High
4.6.2012 22:36:05 Deleted Trojan program Trojan-Downloader.BAT.Small.bo C:\xprt.exe High
4.6.2012 22:36:07 Deleted Trojan program Trojan-Downloader.BAT.Small.aq C:\xpster.exe High
4.6.2012 22:36:12 Deleted Trojan program Trojan-Downloader.BAT.Small.bo C:\xpWjabixiqw_NET.exe High
4.6.2012 22:36:13 Deleted Trojan program Trojan-Spy.Win32.Agent.cbot C:\Documents and Settings\hexserver.exe High
4.6.2012 22:36:14 Deleted Trojan program Trojan-Downloader.BAT.Small.f C:\Documents and Settings\onf024.dat High
4.6.2012 22:36:15 Deleted Trojan program Trojan-Downloader.BAT.Ftp.nt C:\Documents and Settings\onfhhdtdz.dat High
4.6.2012 22:36:21 Deleted Trojan program Trojan-Downloader.BAT.Ftp.nt C:\Documents and Settings\onfserver.dat High
zkusím sem dát úplnej log. Jinak jak jsem mu povoloval mazat soubory, nikde tam nebyl název virut.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 99 hostů