API tools faq
paste
Guest User

Untitled

a guest
Dec 17th, 2011
121
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 71.61 KB | None | 0 0
raw download clone embed print report diff
  1. [code]
  2. OTS logfile created on: 17.12.2011 12:59:12 - Run 1
  3. OTS by OldTimer - Version 3.1.46.0 Folder = C:\Documents and Settings\Korisnik\Desktop
  4. Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
  5. Internet Explorer (Version = 8.0.6001.18702)
  6. Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
  7.  
  8. 1.015,00 Mb Total Physical Memory | 296,00 Mb Available Physical Memory | 29,00% Memory free
  9. 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
  10. Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
  11.  
  12. %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
  13. Drive C: | 111,79 Gb Total Space | 88,21 Gb Free Space | 78,91% Space Free | Partition Type: NTFS
  14. D: Drive not present or media not loaded
  15. E: Drive not present or media not loaded
  16. F: Drive not present or media not loaded
  17. G: Drive not present or media not loaded
  18. H: Drive not present or media not loaded
  19. I: Drive not present or media not loaded
  20. Drive Z: | 111,79 Gb Total Space | 88,21 Gb Free Space | 78,91% Space Free | Partition Type: *NT5CSC
  21.  
  22. Computer Name: LP-008
  23. Current User Name: Korisnik
  24. Logged in as Administrator.
  25.  
  26. Current Boot Mode: Normal
  27. Scan Mode: All users
  28. Company Name Whitelist: Off
  29. Skip Microsoft Files: Off
  30. File Age = 30 Days
  31.  
  32. [Processes - Safe List]
  33. ots.exe -> C:\Documents and Settings\Korisnik\Desktop\OTS.exe -> [2011.12.17 12:57:36 | 000,646,144 | ---- | M] (OldTimer Tools)
  34. roguekiller.exe -> C:\Documents and Settings\Korisnik\Desktop\RogueKiller.exe -> [2011.12.17 12:48:03 | 000,771,072 | ---- | M] ()
  35. tmlisten.exe -> C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -> [2008.03.31 13:32:22 | 000,808,304 | -H-- | M] (Trend Micro Inc.)
  36. tuxcredprov.exe -> C:\Program Files\2X\ApplicationServer Client\TUXCredProv.exe -> [2008.03.11 10:51:16 | 000,236,024 | -H-- | M] (2X Software Ltd.)
  37. ntrtscan.exe -> C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -> [2007.10.12 10:22:04 | 000,771,704 | -H-- | M] (Trend Micro Inc.)
  38. explorer.exe -> C:\WINDOWS\explorer.exe -> [2007.06.13 11:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation)
  39. dot1xcfg.exe -> C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe -> [2007.06.01 09:45:00 | 000,491,520 | -H-- | M] (Intel Corporation)
  40. mmreminderservice.exe -> C:\Program Files\Mindjet\MindManager 7\MmReminderService.exe -> [2007.05.17 23:05:34 | 000,037,392 | RH-- | M] (Mindjet)
  41. fwcagent.exe -> C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -> [2006.05.29 21:10:24 | 000,128,856 | -H-- | M] (Microsoft (R) Corporation)
  42. cmd.exe -> C:\WINDOWS\system32\cmd.exe -> [2006.02.28 13:00:00 | 000,388,608 | -H-- | M] (Microsoft Corporation)
  43.  
  44. [Modules - No Company Name]
  45. rarext.dll -> C:\Program Files\WinRAR\RarExt.dll -> [2008.09.16 19:18:06 | 000,132,608 | -H-- | M] ()
  46. tmdbg.dll -> C:\Program Files\Trend Micro\OfficeScan Client\tmdbg.dll -> [2007.10.12 10:22:04 | 000,136,720 | -H-- | M] ()
  47. iwmsprov.dll -> C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll -> [2007.06.01 09:44:36 | 000,118,784 | -H-- | M] ()
  48. zlib.dll -> C:\Program Files\Mindjet\MindManager 7\zlib.dll -> [2007.05.17 23:05:50 | 000,116,240 | RH-- | M] ()
  49. acauth.dll -> C:\Program Files\Intel\Wireless\Bin\acAuth.dll -> [2007.04.25 09:55:40 | 001,167,360 | -H-- | M] ()
  50. 7-zip.dll -> C:\Program Files\7-Zip\7-zip.dll -> [2006.05.14 09:23:42 | 000,138,752 | -H-- | M] ()
  51. pdfcmnnt.dll -> C:\WINDOWS\system32\pdfcmnnt.dll -> [2001.10.28 16:42:30 | 000,116,224 | -H-- | M] ()
  52. otrace80.dll -> C:\OW95\BIN\OTRACE80.DLL -> [1999.11.11 11:20:12 | 000,246,544 | -H-- | M] ()
  53. ndwsi80.dll -> C:\OW95\BIN\NDWSI80.DLL -> [1999.11.11 11:20:12 | 000,051,472 | -H-- | M] ()
  54.  
  55. [Win32 Services - Safe List]
  56. (HidServ) Human Interface Device Access [Disabled | Stopped] -> -> File not found
  57. (Autodesk Licensing Service) Autodesk Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -> [2009.11.03 14:42:07 | 000,085,096 | -H-- | M] (Autodesk)
  58. (tmlisten) OfficeScan NT Listener [Auto | Running] -> C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -> [2008.03.31 13:32:22 | 000,808,304 | -H-- | M] (Trend Micro Inc.)
  59. (2X SSO Service) 2X SSO Service [Auto | Running] -> C:\Program Files\2X\ApplicationServer Client\\TUXCredProv.exe -> [2008.03.11 10:51:16 | 000,236,024 | -H-- | M] ()
  60. (TmPfw) OfficeScan NT Firewall [On_Demand | Stopped] -> C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -> [2007.10.12 10:22:04 | 000,943,696 | -H-- | M] (Trend Micro Inc.)
  61. (ntrtscan) OfficeScanNT RealTime Scan [Auto | Running] -> C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -> [2007.10.12 10:22:04 | 000,771,704 | -H-- | M] (Trend Micro Inc.)
  62. (TmProxy) OfficeScan NT Proxy Service [On_Demand | Stopped] -> C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -> [2007.10.12 10:22:04 | 000,575,064 | -H-- | M] (Trend Micro Inc.)
  63. (FwcAgent) Firewall Client Agent [Auto | Running] -> C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -> [2006.05.29 21:10:24 | 000,128,856 | -H-- | M] (Microsoft (R) Corporation)
  64. (OracleClientCache80) OracleClientCache80 [On_Demand | Stopped] -> C:\OW95\BIN\ONRSD80.EXE -> [2002.10.18 18:04:10 | 000,101,136 | -H-- | M] ()
  65.  
  66. [Driver Services - Safe List]
  67. (SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Documents and Settings\Korisnik\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -> [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
  68. (SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Documents and Settings\Korisnik\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -> [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
  69. (NTGDT) NTGDT [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NTGDT.SYS -> [2011.02.23 15:19:34 | 000,018,112 | RH-- | M] ()
  70. (TmFilter) Trend Micro Filter [Kernel | Auto | Running] -> C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -> [2009.12.04 15:39:06 | 000,230,928 | -H-- | M] (Trend Micro Inc.)
  71. (TmPreFilter) Trend Micro PreFilter [Kernel | Auto | Running] -> C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -> [2009.12.04 15:38:18 | 000,036,368 | -H-- | M] (Trend Micro Inc.)
  72. (VSApiNt) Trend Micro VSAPI NT [Kernel | Auto | Running] -> C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -> [2009.12.04 15:05:06 | 001,322,680 | -H-- | M] (Trend Micro Inc.)
  73. (tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tmcomm.sys -> [2007.12.24 16:37:00 | 000,138,384 | -H-- | M] (Trend Micro Inc.)
  74. (tmcfw) Trend Micro Common Firewall Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\TM_CFW.sys -> [2007.10.12 10:22:04 | 000,307,984 | -H-- | M] (Trend Micro Inc.)
  75. (tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\tmtdi.sys -> [2007.10.12 10:22:04 | 000,073,288 | -H-- | M] (Trend Micro Incorporated.)
  76. (HP24X) HP PC Card Smart Card Reader [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HP24X.sys -> [2007.07.17 00:24:00 | 000,035,072 | -H-- | M] (Hewlett Packard)
  77. (NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw4x32.sys -> [2007.06.28 14:11:36 | 002,208,512 | -H-- | M] (Intel Corporation)
  78. (s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2007.05.29 14:29:30 | 000,012,416 | -H-- | M] (Intel Corporation)
  79. (HpqKbFiltr) HpqKbFilter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -> [2007.04.23 16:31:36 | 000,016,768 | -H-- | M] (Hewlett-Packard Development Company, L.P.)
  80. (GTUQBUS) GT UQ BUS [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gtuqbus.sys -> [2007.03.28 08:59:12 | 000,036,992 | RH-- | M] (Option N.V.)
  81. (GTF32BUS) GT F32 BUS [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gtf32bus.sys -> [2007.03.28 08:59:10 | 000,035,200 | RH-- | M] (Option N.V.)
  82. (GTSCSER) GT SC SER [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gtscser.sys -> [2007.03.28 08:59:10 | 000,021,248 | RH-- | M] (Option N.V.)
  83. (GTPTSER) GT PT SER [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gtptser.sys -> [2007.03.28 08:59:10 | 000,008,064 | RH-- | M] (Option N.V.)
  84. (BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\btwusb.sys -> [2007.02.14 13:21:00 | 000,067,960 | -H-- | M] (Broadcom Corporation.)
  85. (btwmodem) Bluetooth Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\btwmodem.sys -> [2007.02.14 13:21:00 | 000,030,285 | -H-- | M] (Broadcom Corporation.)
  86. (BTKRNL) Bluetooth Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\btkrnl.sys -> [2007.02.14 13:20:58 | 000,868,298 | -H-- | M] (Broadcom Corporation.)
  87. (BTWDNDIS) Bluetooth LAN Access Server [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\btwdndis.sys -> [2007.02.14 13:20:58 | 000,149,123 | -H-- | M] (Broadcom Corporation.)
  88. (BTDriver) Bluetooth Virtual Communications Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\btport.sys -> [2007.02.14 13:20:58 | 000,030,459 | -H-- | M] (Broadcom Corporation.)
  89. (btaudio) Bluetooth Audio Device [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\btaudio.sys -> [2007.02.14 13:20:56 | 000,530,861 | -H-- | M] (Broadcom Corporation.)
  90. (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2007.01.02 14:01:40 | 001,160,320 | RH-- | M] (Agere Systems)
  91. (b57w2k) Broadcom 590x 10/100 Ethernet [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2006.12.15 13:44:42 | 000,160,256 | RH-- | M] (Broadcom Corporation)
  92. (HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\CPQBttn.sys -> [2006.06.28 09:54:00 | 000,009,472 | -H-- | M] (Hewlett-Packard Development Company, L.P.)
  93.  
  94. [Registry - Safe List]
  95. < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
  96. < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
  97. HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.google.com ->
  98. HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1 ->
  99. HKEY_USERS\.DEFAULT\: "ProxyOverride" -> <local> ->
  100. HKEY_USERS\.DEFAULT\: "ProxyServer" -> isa01:8080 ->
  101. HKEY_USERS\.DEFAULT\: "AutoConfigURL" -> http://isa01:8080/array.dll?Get.Routing.Script ->
  102. < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
  103. HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.google.com ->
  104. HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1 ->
  105. HKEY_USERS\S-1-5-18\: "ProxyOverride" -> <local> ->
  106. HKEY_USERS\S-1-5-18\: "ProxyServer" -> isa01:8080 ->
  107. HKEY_USERS\S-1-5-18\: "AutoConfigURL" -> http://isa01:8080/array.dll?Get.Routing.Script ->
  108. < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
  109. HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
  110. < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
  111. < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\] > -> ->
  112. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\: Main\\"Start Page" -> http://eu.ask.com/?l=dis&o=102842&gct=hp ->
  113. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\: URLSearchHooks\\"{00000000-6E41-4FD3-8538-502F5495E5FC}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [UrlSearchHook Class] -> [2011.11.17 19:29:20 | 001,515,688 | -H-- | M] (Ask)
  114. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\: "ProxyEnable" -> 0 ->
  115. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\: "ProxyOverride" -> <local> ->
  116. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\: "ProxyServer" -> isa01.Firma.local:8080 ->
  117. < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
  118. HKLM\software\mozilla\Firefox\Extensions -> ->
  119. < FireFox Extensions [User Folders] > ->
  120. < HOSTS File > ([2011.05.13 06:53:53 | 000,001,197 | -H-- | M] - 34 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
  121. First 25 entries...
  122. Reset Hosts
  123. 127.0.0.1 localhost
  124. 127.0.0.1 activate.adobe.com
  125. 127.0.0.1 adobeereg.com
  126. 127.0.0.1 practivate.adobe.com
  127. 127.0.0.1 3dns-3.adobe.com
  128. 127.0.0.1 2dns-2.adobe.com
  129. 127.0.0.1 activate.wip3.adobe.com
  130. 127.0.0.1 wip3.adobe.com
  131. 127.0.0.1 ereg.adobe.com
  132. 127.0.0.1 adobe-dns.adobe.com
  133. 127.0.0.1 adobe-dns2.adobe.com
  134. 127.0.0.1 adobe-dns3.adobe.com
  135. 127.0.0.1 ereg.wip3.adobe.com
  136. 127.0.0.1 activate-sea.adobe.com
  137. 127.0.0.1 wwis-dubc1-vip60.adobe.com
  138. 127.0.0.1 activate-sjc0.adobe.com
  139. < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
  140. {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Pomagalo za veze za Adobe PDF Reader] -> [2006.10.22 23:08:00 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
  141. {07A11D74-9D25-4fea-A833-8B0D76A5577A} [HKLM] -> C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll [CmjBrowserHelperObject Object] -> [2007.05.17 23:05:44 | 000,071,184 | RH-- | M] (Mindjet)
  142. {2EECD738-5844-4a99-B4B6-146BF802613B} [HKLM] -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [Babylon toolbar helper] -> [2011.08.14 13:24:26 | 000,270,960 | -H-- | M] (Babylon BHO)
  143. {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2009.05.08 11:11:02 | 002,550,848 | RH-- | M] (Google Inc.)
  144. {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [Google Toolbar Notifier BHO] -> [2009.05.08 11:11:03 | 000,324,536 | -H-- | M] (Google Inc.)
  145. {D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2011.11.17 19:29:20 | 001,515,688 | -H-- | M] (Ask)
  146. < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
  147. "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [&Google] -> [2009.05.08 11:11:02 | 002,550,848 | RH-- | M] (Google Inc.)
  148. "{98889811-442D-49dd-99D7-DC866BE87DBC}" [HKLM] -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [Babylon Toolbar] -> [2011.08.14 13:23:52 | 000,237,680 | -H-- | M] (Babylon Ltd.)
  149. "{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2011.11.17 19:29:20 | 001,515,688 | -H-- | M] (Ask)
  150. < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\] > -> HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Microsoft\Internet Explorer\Toolbar\ ->
  151. WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [&Google] -> [2009.05.08 11:11:02 | 002,550,848 | RH-- | M] (Google Inc.)
  152. WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2011.11.17 19:29:20 | 001,515,688 | -H-- | M] (Ask)
  153. < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
  154. "" -> [] -> File not found
  155. "ApnUpdater" -> C:\Program Files\Ask.com\Updater\Updater.exe ["C:\Program Files\Ask.com\Updater\Updater.exe"] -> [2011.11.17 19:29:26 | 000,901,800 | -H-- | M] (Ask)
  156. "IntelWireless" -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> [2007.06.01 09:49:20 | 000,974,848 | -H-- | M] (Intel Corporation)
  157. "IntelZeroConfig" -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> [2007.06.01 09:51:34 | 000,823,296 | -H-- | M] (Intel Corporation)
  158. "MMReminderService" -> C:\Program Files\Mindjet\MindManager 7\MmReminderService.exe [C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe] -> [2007.05.17 23:05:34 | 000,037,392 | RH-- | M] (Mindjet)
  159. "NeroFilterCheck" -> C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2006.01.12 14:40:44 | 000,155,648 | -H-- | M] (Nero AG)
  160. "OfficeScanNT Monitor" -> C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe ["C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow] -> [2007.10.12 10:22:04 | 000,702,072 | -H-- | M] (Trend Micro Inc.)
  161. "pdfSaver3" -> [] -> File not found
  162. "RightFAX Print-to-Fax Driver" -> C:\Program Files\RightFax\Client\FAXCTRL.exe [C:\Program Files\RightFax\Client\FaxCtrl.exe] -> [2006.04.23 01:56:59 | 000,098,304 | -H-- | M] (Captaris, Inc.)
  163. "wKgaGVYnyvop.exe" -> [C:\Documents and Settings\All Users\Application Data\wKgaGVYnyvop.exe] -> File not found
  164. < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
  165. "pdfSaver3" -> C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe ["C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"] -> [2004.09.05 16:20:18 | 000,380,928 | -H-- | M] (Tracker Software Products Ltd.)
  166. < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
  167. "pdfSaver3" -> C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe ["C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"] -> [2004.09.05 16:20:18 | 000,380,928 | -H-- | M] (Tracker Software Products Ltd.)
  168. < Run [HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\] > -> HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
  169. "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"] -> [2006.03.01 18:43:20 | 000,090,112 | -H-- | M] (Nero AG)
  170. "MobileConnect.EXE" -> C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE] -> [2007.04.30 11:31:56 | 003,076,096 | -H-- | M] (Vodafone)
  171. < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
  172. < Administrator.FIRMA Startup Folder > -> C:\Documents and Settings\Administrator.FIRMA\Start Menu\Programs\Startup ->
  173. < bpasic Startup Folder > -> C:\Documents and Settings\bpasic\Start Menu\Programs\Startup ->
  174. < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
  175. < Korisnik Startup Folder > -> C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup ->
  176. C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk -> C:\Program Files\2X\ApplicationServer Client\APPServerClient.exe -> [2008.03.11 10:51:14 | 000,858,104 | -H-- | M] (2X Software Ltd.)
  177. < ptovernic Startup Folder > -> C:\Documents and Settings\ptovernic\Start Menu\Programs\Startup ->
  178. < vmurgic Startup Folder > -> C:\Documents and Settings\vmurgic\Start Menu\Programs\Startup ->
  179. < zFirma Startup Folder > -> C:\Documents and Settings\zFirma\Start Menu\Programs\Startup ->
  180. < Software Policy Settings [HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769] > -> HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\SOFTWARE\Policies\Microsoft\Internet Explorer ->
  181. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Policies\Microsoft\Internet Explorer\Control Panel
  182. \Control Panel\\"DisableDeleteBrowsingHistory" -> [1] -> File not found
  183. \Control Panel\\"Settings" -> [1] -> File not found
  184. \Control Panel\\"Connwiz Admin Lock" -> [1] -> File not found
  185. \Control Panel\\"FormSuggest" -> [1] -> File not found
  186. \Control Panel\\"FormSuggest Passwords" -> [1] -> File not found
  187. \Control Panel\\"History" -> [1] -> File not found
  188. \Control Panel\\"HomePage" -> [1] -> File not found
  189. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
  190. \Infodelivery\Restrictions\\"NoSearchCustomization" -> [1] -> File not found
  191. \Infodelivery\Restrictions\\"NoChangeDefaultSearchProvider" -> [1] -> File not found
  192. \Infodelivery\Restrictions\\"UsePolicySearchProvidersOnly" -> [1] -> File not found
  193. \Infodelivery\Restrictions\\"AddPolicySearchProviders" -> [1] -> File not found
  194. \Infodelivery\Restrictions\\"NoSearchBox" -> [1] -> File not found
  195. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Policies\Microsoft\Internet Explorer\Main
  196. \Main\\"DisableFirstRunCustomize" -> [1] -> File not found
  197. \Main\\"Use FormSuggest" -> [yes] -> File not found
  198. \Main\\"FormSuggest Passwords" -> [yes] -> File not found
  199. \Main\\"FormSuggest PW Ask" -> [no] -> File not found
  200. \Main\\"AllowWindowReuse" -> [0] -> File not found
  201. \Main\\"Start Page" -> [https://server.Firma.hr/default.aspx] -> File not found
  202. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings
  203. \Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings\\"LOCALMACHINE_CD_UNLOCK" -> [1] -> File not found
  204. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Policies\Microsoft\Internet Explorer\PhishingFilter
  205. \PhishingFilter\\"Enabled" -> [0] -> File not found
  206. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Policies\Microsoft\Internet Explorer\Recovery
  207. \Recovery\\"NoReopenLastSession" -> [1] -> File not found
  208. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Policies\Microsoft\Internet Explorer\Restrictions
  209. \Restrictions\\"NoPopupManagement" -> [1] -> File not found
  210. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Policies\Microsoft\Internet Explorer\SQM
  211. \SQM\\"DisableCustomerImprovementProgram" -> [0] -> File not found
  212. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing
  213. \TabbedBrowsing\\"OpenInForeground" -> [0] -> File not found
  214. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Policies\Microsoft\Internet Explorer\Toolbar\WebBrowser
  215. \Toolbar\WebBrowser\\"ITBar7Position" -> [0] -> File not found
  216. < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
  217. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
  218. \\"HonorAutoRunSetting" -> [1] -> File not found
  219. < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
  220. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
  221. < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
  222. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
  223. \\"NoDriveTypeAutoRun" -> [145] -> File not found
  224. < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
  225. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
  226. \\"NoDriveTypeAutoRun" -> [145] -> File not found
  227. < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
  228. HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
  229. \\"NoDriveTypeAutoRun" -> [145] -> File not found
  230. < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
  231. HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
  232. \\"NoDriveTypeAutoRun" -> [145] -> File not found
  233. < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769] > -> HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
  234. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
  235. \\"NoDriveTypeAutoRun" -> [145] -> File not found
  236. \\"RestrictRun" -> [0] -> File not found
  237. \\"HideRunAsVerb" -> [0] -> File not found
  238. \\"NoDrives" -> [4] -> File not found
  239. \\"NoDesktopCleanupWizard" -> [1] -> File not found
  240. \\"NoRecentDocsNetHood" -> [1] -> File not found
  241. \\"NoWindowsUpdate" -> [1] -> File not found
  242. \\"NoChangeStartMenu" -> [1] -> File not found
  243. \\"NoSetTaskbar" -> [1] -> File not found
  244. \\"Intellimenus" -> [1] -> File not found
  245. \\"NoSMConfigurePrograms" -> [1] -> File not found
  246. \\"NoCloseDragDropBands" -> [1] -> File not found
  247. \\"NoDesktop" -> [1] -> File not found
  248. < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769] > -> HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
  249. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
  250. \\"EnableProfileQuota" -> [1] -> File not found
  251. \\"MaxProfileSize" -> [307200] -> File not found
  252. \\"ProfileQuota Message" -> [Vaš korisnički profil je dosegao kvotu od 300 MB! Da bi ste se mogli izlogirati s računala morate obrisati ili premjestiti datoteke s vašeg Desktopa lokalno na disk ili na drugu mrežnu lokaciju.] -> File not found
  253. \\"WarnUser" -> [1] -> File not found
  254. \\"WarnUserTimeout" -> [60] -> File not found
  255. < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\] > -> HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\Software\Microsoft\Internet Explorer\MenuExt\ ->
  256. Add to Google Photos Screensa&ver -> [res://C:\WINDOWS\system32\GPhotos.scr/200] -> File not found
  257. Send to &Bluetooth Device... -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm] -> [2006.08.16 06:16:32 | 000,002,773 | -H-- | M] ()
  258. < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
  259. {941E1A34-C6AF-4baa-A973-224F9C3E04BF}:{07A11D74-9D25-4fea-A833-8B0D76A5577A} [HKLM] -> C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll [Button: Send to Mindjet MindManager] -> [2007.05.17 23:05:44 | 000,071,184 | RH-- | M] (Mindjet)
  260. < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
  261. < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
  262. "" -> http://
  263. < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
  264. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
  265. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
  266. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
  267. < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
  268. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
  269. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
  270. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
  271. < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
  272. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
  273. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
  274. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
  275. < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
  276. HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
  277. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
  278. HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
  279. < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
  280. HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
  281. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
  282. HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
  283. < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\] > -> HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
  284. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
  285. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\] > -> HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
  286. HKEY_USERS\S-1-5-21-2982746504-137602512-1263060881-1769\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
  287. < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
  288. {6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192198387343 [WUWebControl Class] ->
  289. {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] ->
  290. {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] ->
  291. {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] ->
  292. {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] ->
  293. {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
  294. < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
  295. DhcpNameServer -> 192.168.1.1 ->
  296. Domain -> Firma.local ->
  297. < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
  298. {2B230622-306E-421D-9EFC-7AA3BE9295E0}\\NameServer -> 66.90.65.89,4.2.2.1 (Broadcom 590x 10/100 Ethernet) ->
  299. {642656BE-2582-4101-A760-E7A3C1F65704}\\DhcpNameServer -> 192.168.1.1 (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
  300. < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
  301. *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
  302. Explorer.exe -> C:\WINDOWS\explorer.exe -> [2007.06.13 11:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation)
  303. *MultiFile Done* -> ->
  304. *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
  305. C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2006.02.28 13:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation)
  306. *MultiFile Done* -> ->
  307. *GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
  308. C:\Program Files\2X\ApplicationServer Client\\TUXCredProv.dll -> C:\Program Files\2X\ApplicationServer Client\\TUXCredProv.dll -> [2008.03.11 10:51:16 | 000,276,984 | -H-- | M] ()
  309. *MultiFile Done* -> ->
  310. < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
  311. < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
  312. < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
  313. < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
  314. "AutoRun" -> 1 ->
  315. "DisplayName" -> CD-ROM Driver ->
  316. "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
  317. < Drives with AutoRun files > -> ->
  318. C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007.10.12 12:26:44 | 000,000,000 | -H-- | M] ()
  319. < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
  320. \{2b55046b-630f-11df-8930-001b77342323}
  321. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b55046b-630f-11df-8930-001b77342323}\Shell\AutoRun\command
  322. \{2b55046b-630f-11df-8930-001b77342323}\Shell\AutoRun\command\\"" -> [E:\cd/setup.exe] -> File not found
  323. \{2b55046b-630f-11df-8930-001b77342323}
  324. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b55046b-630f-11df-8930-001b77342323}\Shell\explore\command
  325. \{2b55046b-630f-11df-8930-001b77342323}\Shell\explore\command\\"" -> [E:\cd/setup.exe] -> File not found
  326. \{2b55046b-630f-11df-8930-001b77342323}
  327. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b55046b-630f-11df-8930-001b77342323}\Shell\open\command
  328. \{2b55046b-630f-11df-8930-001b77342323}\Shell\open\command\\"" -> [E:\cd/setup.exe] -> File not found
  329. < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
  330. comfile [open] -> "%1" %* ->
  331. exefile [open] -> "%1" %* ->
  332. < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
  333. .com [@ = comfile] -> "%1" %* ->
  334. .exe [@ = exefile] -> "%1" %* ->
  335.  
  336. [Registry - Additional Scans - Safe List]
  337. < Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
  338. "msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2006.02.28 13:00:00 | 000,199,680 | -H-- | M] (Intel Corporation)
  339. "msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010.01.29 15:43:39 | 000,307,260 | -H-- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
  340. "msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2006.02.28 13:00:00 | 000,086,016 | -H-- | M] (Sipro Lab Telecom Inc.)
  341. "msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2006.02.28 13:00:00 | 000,008,192 | -H-- | M] (DSP GROUP, INC.)
  342. "vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2006.02.28 13:00:00 | 000,080,384 | -H-- | M] (Radius Inc.)
  343. "vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2006.02.28 13:00:00 | 000,199,168 | -H-- | M] ()
  344. "vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2006.02.28 13:00:00 | 000,199,168 | -H-- | M] ()
  345. "vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2006.02.28 13:00:00 | 000,848,384 | -H-- | M] ()
  346. "vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2006.02.28 13:00:00 | 000,755,200 | -H-- | M] ()
  347. < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
  348. *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
  349. 6to4 -> -> File not found
  350. HidServ -> -> File not found
  351. Ias -> -> File not found
  352. Iprip -> -> File not found
  353. Irmon -> -> File not found
  354. NWCWorkstation -> -> File not found
  355. Nwsapagent -> -> File not found
  356. WmdmPmSp -> -> File not found
  357. *MultiFile Done* -> ->
  358. < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
  359. {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
  360. {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
  361. {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
  362. {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
  363. {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
  364. {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
  365. {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
  366. {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
  367. {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
  368. {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
  369. {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
  370. {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
  371. {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
  372. Base -> Driver Group
  373. Boot Bus Extender -> Driver Group
  374. Boot file system -> Driver Group
  375. File system -> Driver Group
  376. Filter -> Driver Group
  377. PCI Configuration -> Driver Group
  378. PNP Filter -> Driver Group
  379. Primary disk -> Driver Group
  380. SCSI Class -> Driver Group
  381. sermouse.sys -> Driver
  382. System Bus Extender -> Driver Group
  383. vga.sys -> Driver
  384. < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
  385. batfile [open] -> "%1" %* ->
  386. cmdfile [open] -> "%1" %* ->
  387. comfile [open] -> "%1" %* ->
  388. cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* ->
  389. exefile [open] -> "%1" %* ->
  390. InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l ->
  391. piffile [open] -> "%1" %* ->
  392. scrfile [config] -> "%1" ->
  393. scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l ->
  394. scrfile [open] -> "%1" /S ->
  395. Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
  396. Directory [find] -> %SystemRoot%\Explorer.exe -> [2007.06.13 11:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation)
  397. Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2007.06.13 11:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation)
  398. Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2007.06.13 11:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation)
  399. Drive [find] -> %SystemRoot%\Explorer.exe -> [2007.06.13 11:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation)
  400. < EventViewer Logs - Last 10 Errors > -> Event Information -> Description
  401. Application [ Error ] 16.12.2011 2:19:01 Computer Name = LP-008 | Source = Userenv | ID = 1521 -> Description = Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The network location cannot be reached. For information about network troubleshooting, see Windows Help.
  402. Application [ Error ] 16.12.2011 2:19:03 Computer Name = LP-008 | Source = Userenv | ID = 1054 -> Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
  403. Application [ Error ] 16.12.2011 2:20:28 Computer Name = LP-008 | Source = AutoEnrollment | ID = 15 -> Description = Automatic certificate enrollment for FIRMA\Korisnik failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
  404. Application [ Error ] 16.12.2011 3:17:03 Computer Name = LP-008 | Source = CanonPrinterDriver3 | ID = 1 -> Description = Entry Function: DrvTextOut, Base Address: 060D0000, Exception Address: 060F7D39, Exception Code: ACCESS_VIOLATION
  405. Application [ Error ] 16.12.2011 3:17:03 Computer Name = LP-008 | Source = CanonPrinterDriver3 | ID = 1 -> Description = Entry Function: DrvTextOut, Base Address: 060D0000, Exception Address: 060F7D39, Exception Code: ACCESS_VIOLATION
  406. Application [ Error ] 17.12.2011 6:41:51 Computer Name = LP-008 | Source = Userenv | ID = 1054 -> Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
  407. Application [ Error ] 17.12.2011 6:42:24 Computer Name = LP-008 | Source = UserInit | ID = 1000 -> Description = Could not execute the following script run.bat. The system cannot find the file specified. .
  408. Application [ Error ] 17.12.2011 6:42:25 Computer Name = LP-008 | Source = Userenv | ID = 1521 -> Description = Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The network location cannot be reached. For information about network troubleshooting, see Windows Help.
  409. Application [ Error ] 17.12.2011 6:42:27 Computer Name = LP-008 | Source = Userenv | ID = 1054 -> Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
  410. Application [ Error ] 17.12.2011 6:42:53 Computer Name = LP-008 | Source = AutoEnrollment | ID = 15 -> Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.
  411. OSession [ Error ] 17.10.2009 8:43:11 Computer Name = LP-008 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 93670 seconds with 2640 seconds of active time. This session ended with a crash.
  412. OSession [ Error ] 16.12.2009 6:47:32 Computer Name = LP-008 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3314 seconds with 180 seconds of active time. This session ended with a crash.
  413. OSession [ Error ] 22.12.2009 9:57:37 Computer Name = LP-008 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 161 seconds with 120 seconds of active time. This session ended with a crash.
  414. OSession [ Error ] 1.4.2010 2:22:00 Computer Name = LP-008 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 967 seconds with 120 seconds of active time. This session ended with a crash.
  415. OSession [ Error ] 24.7.2010 12:09:48 Computer Name = LP-008 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash.
  416. OSession [ Error ] 16.11.2010 5:03:59 Computer Name = LP-008 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
  417. OSession [ Error ] 16.11.2010 7:53:45 Computer Name = LP-008 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 101 seconds with 60 seconds of active time. This session ended with a crash.
  418. OSession [ Error ] 1.12.2011 9:37:22 Computer Name = LP-008 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22373 seconds with 420 seconds of active time. This session ended with a crash.
  419. System [ Error ] 1.12.2011 6:30:04 Computer Name = LP-008 | Source = NETLOGON | ID = 5719 -> Description = No Domain Controller is available for domain FIRMA due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
  420. System [ Error ] 1.12.2011 7:29:54 Computer Name = LP-008 | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.
  421. System [ Error ] 1.12.2011 9:38:17 Computer Name = LP-008 | Source = NETLOGON | ID = 5719 -> Description = No Domain Controller is available for domain FIRMA due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
  422. System [ Error ] 1.12.2011 9:40:05 Computer Name = LP-008 | Source = Service Control Manager | ID = 7000 -> Description = The Symantec V2i Mount Driver service failed to start due to the following error: %%2
  423. System [ Error ] 1.12.2011 9:41:47 Computer Name = LP-008 | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.
  424. System [ Error ] 1.12.2011 9:56:47 Computer Name = LP-008 | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time.
  425. System [ Error ] 1.12.2011 10:26:48 Computer Name = LP-008 | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time.
  426. System [ Error ] 1.12.2011 10:31:47 Computer Name = LP-008 | Source = NETLOGON | ID = 5719 -> Description = No Domain Controller is available for domain FIRMA due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
  427. System [ Error ] 1.12.2011 13:50:34 Computer Name = LP-008 | Source = NETLOGON | ID = 5719 -> Description = No Domain Controller is available for domain FIRMA due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
  428. System [ Error ] 1.12.2011 13:52:26 Computer Name = LP-008 | Source = Service Control Manager | ID = 7000 -> Description = The Symantec V2i Mount Driver service failed to start due to the following error: %%2
  429.  
  430. [Files/Folders - Created Within 30 Days]
  431. OTS.exe -> C:\Documents and Settings\Korisnik\Desktop\OTS.exe -> [2011.12.17 12:57:34 | 000,646,144 | ---- | C] (OldTimer Tools)
  432. RK_Quarantine -> C:\Documents and Settings\Korisnik\Desktop\RK_Quarantine -> [2011.12.17 12:48:04 | 000,000,000 | ---D | C]
  433. Ilivid Player -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Ilivid Player -> [2011.12.15 09:19:17 | 000,000,000 | ---D | C]
  434. Recent -> C:\Documents and Settings\Korisnik\Recent -> [2011.12.15 09:17:19 | 000,000,000 | RH-D | C]
  435. SUPERAntiSpyware.com -> C:\Documents and Settings\Korisnik\Application Data\SUPERAntiSpyware.com -> [2011.12.15 09:17:14 | 000,000,000 | ---D | C]
  436. SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2011.12.15 09:17:14 | 000,000,000 | ---D | C]
  437. {B49A644A-1076-4A3D-B124-DAA7862F2318} -> C:\Documents and Settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318} -> [2011.12.15 09:16:52 | 000,000,000 | -H-D | C]
  438. iLivid -> C:\Documents and Settings\All Users\Start Menu\Programs\iLivid -> [2011.12.15 09:16:50 | 000,000,000 | ---D | C]
  439. iLivid -> C:\Program Files\iLivid -> [2011.12.15 09:16:34 | 000,000,000 | ---D | C]
  440. PackageAware -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\PackageAware -> [2011.12.15 09:15:14 | 000,000,000 | ---D | C]
  441. System Fix -> C:\Documents and Settings\Korisnik\Start Menu\Programs\System Fix -> [2011.12.14 12:30:45 | 000,000,000 | -H-D | C]
  442. BabylonToolbar -> C:\Documents and Settings\Korisnik\Application Data\BabylonToolbar -> [2011.12.01 20:35:04 | 000,000,000 | -H-D | C]
  443. Firefox -> C:\Firefox -> [2011.12.01 20:18:28 | 000,000,000 | -H-D | C]
  444. Ask.com -> C:\Program Files\Ask.com -> [2011.12.01 20:18:27 | 000,000,000 | -H-D | C]
  445. AskToolbar -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\AskToolbar -> [2011.12.01 20:18:24 | 000,000,000 | -H-D | C]
  446. FLV Player -> C:\Documents and Settings\Korisnik\Start Menu\Programs\FLV Player -> [2011.12.01 20:17:21 | 000,000,000 | -H-D | C]
  447. BabylonToolbar -> C:\Program Files\BabylonToolbar -> [2011.12.01 20:16:04 | 000,000,000 | -H-D | C]
  448. Babylon -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Babylon -> [2011.12.01 20:15:32 | 000,000,000 | -H-D | C]
  449. Babylon -> C:\Documents and Settings\Korisnik\Application Data\Babylon -> [2011.12.01 20:15:32 | 000,000,000 | -H-D | C]
  450. Babylon -> C:\Documents and Settings\All Users\Application Data\Babylon -> [2011.12.01 20:15:32 | 000,000,000 | -H-D | C]
  451. 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
  452. 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
  453.  
  454. [Files/Folders - Modified Within 30 Days]
  455. User_Feed_Synchronization-{16A62E50-54F3-4B9E-A6A6-B32B7573EB89}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{16A62E50-54F3-4B9E-A6A6-B32B7573EB89}.job -> [2011.12.17 13:05:32 | 000,000,424 | -H-- | M] ()
  456. OTS.exe -> C:\Documents and Settings\Korisnik\Desktop\OTS.exe -> [2011.12.17 12:57:36 | 000,646,144 | ---- | M] (OldTimer Tools)
  457. TrueSight.sys -> C:\WINDOWS\System32\drivers\TrueSight.sys -> [2011.12.17 12:48:05 | 000,111,872 | ---- | M] ()
  458. RogueKiller.exe -> C:\Documents and Settings\Korisnik\Desktop\RogueKiller.exe -> [2011.12.17 12:48:03 | 000,771,072 | ---- | M] ()
  459. bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011.12.17 11:41:49 | 000,002,048 | --S- | M] ()
  460. Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2011.12.16 11:19:01 | 000,000,236 | -H-- | M] ()
  461. default.pls -> C:\Documents and Settings\Korisnik\default.pls -> [2011.12.15 12:42:54 | 000,000,104 | ---- | M] ()
  462. NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2011.12.15 12:42:36 | 000,000,116 | -H-- | M] ()
  463. Upgrade Facebook Chat Experience.url -> C:\Documents and Settings\All Users\Desktop\Upgrade Facebook Chat Experience.url -> [2011.12.15 09:18:24 | 000,000,113 | ---- | M] ()
  464. iLivid Download Manager.lnk -> C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk -> [2011.12.15 09:16:51 | 000,000,708 | ---- | M] ()
  465. ~ZLu1tMSw2ePtIp -> C:\Documents and Settings\All Users\Application Data\~ZLu1tMSw2ePtIp -> [2011.12.15 09:16:16 | 000,000,296 | ---- | M] ()
  466. ~ZLu1tMSw2ePtIpr -> C:\Documents and Settings\All Users\Application Data\~ZLu1tMSw2ePtIpr -> [2011.12.15 09:16:16 | 000,000,200 | ---- | M] ()
  467. ZLu1tMSw2ePtIp -> C:\Documents and Settings\All Users\Application Data\ZLu1tMSw2ePtIp -> [2011.12.14 21:05:15 | 000,000,344 | -H-- | M] ()
  468. ZLu1tMSw2ePtIp.exe -> C:\Documents and Settings\All Users\Application Data\ZLu1tMSw2ePtIp.exe -> [2011.12.14 21:05:03 | 000,351,368 | -H-- | M] ()
  469. System Fix.lnk -> C:\Documents and Settings\Korisnik\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk -> [2011.12.14 13:30:42 | 000,000,855 | -H-- | M] ()
  470. p9Kf5CEVdKxqc7 -> C:\Documents and Settings\All Users\Application Data\p9Kf5CEVdKxqc7 -> [2011.12.14 13:30:34 | 000,000,336 | -H-- | M] ()
  471. p9Kf5CEVdKxqc7.exe -> C:\Documents and Settings\All Users\Application Data\p9Kf5CEVdKxqc7.exe -> [2011.12.14 13:30:25 | 000,351,368 | -H-- | M] ()
  472. System Fix.lnk -> C:\Documents and Settings\Korisnik\Desktop\System Fix.lnk -> [2011.12.14 12:30:45 | 000,000,837 | -H-- | M] ()
  473. W9gEqf3lwFMAg1 -> C:\Documents and Settings\All Users\Application Data\W9gEqf3lwFMAg1 -> [2011.12.14 12:30:37 | 000,000,336 | -H-- | M] ()
  474. W9gEqf3lwFMAg1.exe -> C:\Documents and Settings\All Users\Application Data\W9gEqf3lwFMAg1.exe -> [2011.12.14 12:30:28 | 000,351,368 | -H-- | M] ()
  475. 2X ApplicationServer Client.lnk -> C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup\2X ApplicationServer Client.lnk -> [2011.12.13 16:55:03 | 000,001,834 | -H-- | M] ()
  476. wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011.12.12 17:55:37 | 000,001,158 | -H-- | M] ()
  477. DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011.12.07 17:45:42 | 000,084,480 | -H-- | M] ()
  478. hrgran.jpg -> C:\Documents and Settings\Korisnik\Desktop\hrgran.jpg -> [2011.12.04 15:29:18 | 000,122,036 | -H-- | M] ()
  479. untitled.JPG -> C:\Documents and Settings\Korisnik\Desktop\untitled.JPG -> [2011.12.04 15:11:41 | 000,012,791 | -H-- | M] ()
  480. FLV Player.lnk -> C:\Documents and Settings\Korisnik\Desktop\FLV Player.lnk -> [2011.12.01 20:17:21 | 000,001,579 | -H-- | M] ()
  481. FLVPlayerSetup.exe -> Z:\FLVPlayerSetup.exe -> [2011.12.01 20:16:32 | 006,683,931 | ---- | M] (Martijn de Visser)
  482. user.js -> C:\user.js -> [2011.12.01 20:16:04 | 000,001,491 | -H-- | M] ()
  483. Shortcut to Tlocrt saza.lnk -> C:\Documents and Settings\Korisnik\Desktop\Shortcut to Tlocrt saza.lnk -> [2011.11.30 08:58:17 | 000,000,458 | -H-- | M] ()
  484. Shortcut to Tlocrt staza Sv. Helena.lnk -> C:\Documents and Settings\Korisnik\Desktop\Shortcut to Tlocrt staza Sv. Helena.lnk -> [2011.11.30 08:25:11 | 000,000,498 | -H-- | M] ()
  485. NP Sveta Helena - Zone oštećenja.dwg -> C:\Documents and Settings\Korisnik\Desktop\NP Sveta Helena - Zone oštećenja.dwg -> [2011.11.30 07:55:26 | 000,312,352 | -H-- | M] ()
  486. 2.JPG -> C:\Documents and Settings\Korisnik\Desktop\2.JPG -> [2011.11.25 20:37:51 | 000,457,143 | -H-- | M] ()
  487. 1.JPG -> C:\Documents and Settings\Korisnik\Desktop\1.JPG -> [2011.11.25 20:36:50 | 001,236,341 | -H-- | M] ()
  488. 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
  489. 26 C:\Documents and Settings\Korisnik\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Korisnik\Local Settings\Temp\*.tmp ->
  490. 26 C:\Documents and Settings\Korisnik\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Korisnik\Local Settings\Temp\*.tmp ->
  491. 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
  492. 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
  493. 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
  494.  
  495. [Files - No Company Name]
  496. TrueSight.sys -> C:\WINDOWS\System32\drivers\TrueSight.sys -> [2011.12.17 12:48:05 | 000,111,872 | ---- | C] ()
  497. RogueKiller.exe -> C:\Documents and Settings\Korisnik\Desktop\RogueKiller.exe -> [2011.12.17 12:48:01 | 000,771,072 | ---- | C] ()
  498. Upgrade Facebook Chat Experience.url -> C:\Documents and Settings\All Users\Desktop\Upgrade Facebook Chat Experience.url -> [2011.12.15 09:18:24 | 000,000,113 | ---- | C] ()
  499. iLivid Download Manager.lnk -> C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk -> [2011.12.15 09:16:51 | 000,000,708 | ---- | C] ()
  500. ~ZLu1tMSw2ePtIpr -> C:\Documents and Settings\All Users\Application Data\~ZLu1tMSw2ePtIpr -> [2011.12.15 09:16:16 | 000,000,200 | ---- | C] ()
  501. ~ZLu1tMSw2ePtIp -> C:\Documents and Settings\All Users\Application Data\~ZLu1tMSw2ePtIp -> [2011.12.15 09:16:15 | 000,000,296 | ---- | C] ()
  502. ZLu1tMSw2ePtIp -> C:\Documents and Settings\All Users\Application Data\ZLu1tMSw2ePtIp -> [2011.12.14 21:05:15 | 000,000,344 | -H-- | C] ()
  503. ZLu1tMSw2ePtIp.exe -> C:\Documents and Settings\All Users\Application Data\ZLu1tMSw2ePtIp.exe -> [2011.12.14 21:05:02 | 000,351,368 | -H-- | C] ()
  504. System Fix.lnk -> C:\Documents and Settings\Korisnik\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk -> [2011.12.14 13:30:42 | 000,000,855 | -H-- | C] ()
  505. p9Kf5CEVdKxqc7 -> C:\Documents and Settings\All Users\Application Data\p9Kf5CEVdKxqc7 -> [2011.12.14 13:30:34 | 000,000,336 | -H-- | C] ()
  506. p9Kf5CEVdKxqc7.exe -> C:\Documents and Settings\All Users\Application Data\p9Kf5CEVdKxqc7.exe -> [2011.12.14 13:30:25 | 000,351,368 | -H-- | C] ()
  507. System Fix.lnk -> C:\Documents and Settings\Korisnik\Desktop\System Fix.lnk -> [2011.12.14 12:30:45 | 000,000,837 | -H-- | C] ()
  508. W9gEqf3lwFMAg1 -> C:\Documents and Settings\All Users\Application Data\W9gEqf3lwFMAg1 -> [2011.12.14 12:30:37 | 000,000,336 | -H-- | C] ()
  509. W9gEqf3lwFMAg1.exe -> C:\Documents and Settings\All Users\Application Data\W9gEqf3lwFMAg1.exe -> [2011.12.14 12:30:28 | 000,351,368 | -H-- | C] ()
  510. hrgran.jpg -> C:\Documents and Settings\Korisnik\Desktop\hrgran.jpg -> [2011.12.04 15:29:29 | 000,122,036 | -H-- | C] ()
  511. untitled.JPG -> C:\Documents and Settings\Korisnik\Desktop\untitled.JPG -> [2011.12.04 15:11:41 | 000,012,791 | -H-- | C] ()
  512. Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2011.12.01 20:19:14 | 000,000,236 | -H-- | C] ()
  513. FLV Player.lnk -> C:\Documents and Settings\Korisnik\Desktop\FLV Player.lnk -> [2011.12.01 20:17:21 | 000,001,579 | -H-- | C] ()
  514. user.js -> C:\user.js -> [2011.12.01 20:16:02 | 000,001,491 | -H-- | C] ()
  515. Shortcut to Tlocrt saza.lnk -> C:\Documents and Settings\Korisnik\Desktop\Shortcut to Tlocrt saza.lnk -> [2011.11.30 08:58:17 | 000,000,458 | -H-- | C] ()
  516. Shortcut to Tlocrt staza Sv. Helena.lnk -> C:\Documents and Settings\Korisnik\Desktop\Shortcut to Tlocrt staza Sv. Helena.lnk -> [2011.11.30 08:25:11 | 000,000,498 | -H-- | C] ()
  517. NP Sveta Helena - Zone oštećenja.dwg -> C:\Documents and Settings\Korisnik\Desktop\NP Sveta Helena - Zone oštećenja.dwg -> [2011.11.30 07:45:08 | 000,312,352 | -H-- | C] ()
  518. User_Feed_Synchronization-{16A62E50-54F3-4B9E-A6A6-B32B7573EB89}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{16A62E50-54F3-4B9E-A6A6-B32B7573EB89}.job -> [2011.11.26 18:46:27 | 000,000,424 | -H-- | C] ()
  519. 2.JPG -> C:\Documents and Settings\Korisnik\Desktop\2.JPG -> [2011.11.25 20:37:50 | 000,457,143 | -H-- | C] ()
  520. 1.JPG -> C:\Documents and Settings\Korisnik\Desktop\1.JPG -> [2011.11.25 20:36:49 | 001,236,341 | -H-- | C] ()
  521. FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011.09.26 12:08:00 | 000,409,488 | -H-- | C] ()
  522. NTGDT.SYS -> C:\WINDOWS\System32\drivers\NTGDT.SYS -> [2011.02.23 15:19:34 | 000,018,112 | RH-- | C] ()
  523. hpmssnpjt.ini -> C:\WINDOWS\hpmssnpjt.ini -> [2011.02.14 09:22:30 | 000,000,014 | -H-- | C] ()
  524. ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2011.02.14 08:10:29 | 000,000,162 | -H-- | C] ()
  525. NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010.11.16 12:48:54 | 000,000,116 | -H-- | C] ()
  526. FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2010.11.02 16:08:08 | 000,726,480 | -H-- | C] ()
  527. CNCMFP30.INI -> C:\WINDOWS\System32\CNCMFP30.INI -> [2010.04.22 14:03:40 | 000,000,332 | -H-- | C] ()
  528. $_hpcst$.hpc -> C:\Documents and Settings\Korisnik\Application Data\$_hpcst$.hpc -> [2009.12.07 08:28:58 | 000,002,528 | -H-- | C] ()
  529. d3d9caps.dat -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\d3d9caps.dat -> [2009.11.05 09:55:29 | 000,000,664 | -H-- | C] ()
  530. DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009.07.14 18:51:36 | 000,084,480 | -H-- | C] ()
  531. patchw32.dll -> C:\WINDOWS\patchw32.dll -> [2009.05.12 08:43:02 | 000,215,144 | RH-- | C] ()
  532. pw32a.dll -> C:\WINDOWS\pw32a.dll -> [2009.05.12 08:40:51 | 000,215,144 | RH-- | C] ()
  533. cfgall.ini -> C:\WINDOWS\cfgall.ini -> [2009.05.08 11:13:25 | 000,013,009 | -H-- | C] ()
  534. smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2007.10.15 10:32:30 | 000,000,061 | -H-- | C] ()
  535. iwlanver.dll -> C:\WINDOWS\iwlanver.dll -> [2007.10.12 15:03:47 | 000,007,168 | -H-- | C] ()
  536. AegisI5Installer.exe -> C:\WINDOWS\System32\AegisI5Installer.exe -> [2007.10.12 15:03:21 | 000,356,352 | -H-- | C] ()
  537. ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2007.10.12 14:19:29 | 000,004,161 | -H-- | C] ()
  538. igmedkrn.dll -> C:\WINDOWS\System32\igmedkrn.dll -> [2007.10.12 13:29:08 | 000,910,304 | -H-- | C] ()
  539. igfxCoIn_v4831.dll -> C:\WINDOWS\System32\igfxCoIn_v4831.dll -> [2007.10.12 13:29:08 | 000,204,800 | -H-- | C] ()
  540. bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2007.10.12 12:46:50 | 000,002,048 | --S- | C] ()
  541. emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2007.10.12 12:24:01 | 000,021,640 | -H-- | C] ()
  542. DeviceManager.xml.rc4 -> C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 -> [2007.04.27 16:43:36 | 000,055,620 | RH-- | C] ()
  543. DeviceInstaller.xml -> C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml -> [2007.03.28 09:00:16 | 000,020,270 | -H-- | C] ()
  544. btwicons.dll -> C:\WINDOWS\System32\btwicons.dll -> [2007.02.06 14:20:00 | 002,842,624 | -H-- | C] ()
  545. btprn2k.dll -> C:\WINDOWS\System32\btprn2k.dll -> [2007.02.06 13:55:52 | 000,090,112 | -H-- | C] ()
  546. ir50_32.dll -> C:\WINDOWS\System32\ir50_32.dll -> [2006.02.28 13:00:00 | 000,755,200 | -H-- | C] ()
  547. mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2006.02.28 13:00:00 | 000,673,088 | -H-- | C] ()
  548. perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2006.02.28 13:00:00 | 000,444,362 | -H-- | C] ()
  549. ir41_qcx.dll -> C:\WINDOWS\System32\ir41_qcx.dll -> [2006.02.28 13:00:00 | 000,338,432 | -H-- | C] ()
  550. perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2006.02.28 13:00:00 | 000,272,128 | -H-- | C] ()
  551. dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2006.02.28 13:00:00 | 000,218,003 | -H-- | C] ()
  552. ir50_qc.dll -> C:\WINDOWS\System32\ir50_qc.dll -> [2006.02.28 13:00:00 | 000,200,192 | -H-- | C] ()
  553. ir50_qcx.dll -> C:\WINDOWS\System32\ir50_qcx.dll -> [2006.02.28 13:00:00 | 000,183,808 | -H-- | C] ()
  554. ir41_qc.dll -> C:\WINDOWS\System32\ir41_qc.dll -> [2006.02.28 13:00:00 | 000,120,320 | -H-- | C] ()
  555. perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2006.02.28 13:00:00 | 000,072,238 | -H-- | C] ()
  556. mib.bin -> C:\WINDOWS\System32\mib.bin -> [2006.02.28 13:00:00 | 000,046,258 | -H-- | C] ()
  557. perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2006.02.28 13:00:00 | 000,028,626 | -H-- | C] ()
  558. secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2006.02.28 13:00:00 | 000,004,569 | -H-- | C] ()
  559. Dcache.bin -> C:\WINDOWS\System32\Dcache.bin -> [2006.02.28 13:00:00 | 000,001,788 | -H-- | C] ()
  560. noise.dat -> C:\WINDOWS\System32\noise.dat -> [2006.02.28 13:00:00 | 000,000,741 | -H-- | C] ()
  561. oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2002.05.28 19:55:42 | 013,107,200 | -H-- | C] ()
  562. oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2002.05.28 19:54:40 | 000,004,605 | -H-- | C] ()
  563. lcppn21.dll -> C:\WINDOWS\System32\lcppn21.dll -> [2001.11.14 11:56:00 | 001,802,240 | -H-- | C] ()
  564. pdfcmnnt.dll -> C:\WINDOWS\System32\pdfcmnnt.dll -> [2001.10.28 16:42:30 | 000,116,224 | -H-- | C] ()
  565. MSVCRT2X.DLL -> C:\WINDOWS\System32\MSVCRT2X.DLL -> [1996.01.30 14:43:20 | 000,254,464 | -H-- | C] ()
  566.  
  567. [File - Lop Check]
  568. Autodesk -> C:\Documents and Settings\Administrator.FIRMA\Application Data\Autodesk -> [2009.11.03 14:35:42 | 000,000,000 | -H-D | M]
  569. Vodafone -> C:\Documents and Settings\Administrator.FIRMA\Application Data\Vodafone -> [2007.10.18 08:35:05 | 000,000,000 | -H-D | M]
  570. Autodesk -> C:\Documents and Settings\All Users\Application Data\Autodesk -> [2009.11.06 09:31:49 | 000,000,000 | -H-D | M]
  571. Babylon -> C:\Documents and Settings\All Users\Application Data\Babylon -> [2011.12.01 20:15:32 | 000,000,000 | -H-D | M]
  572. DesktopStandard -> C:\Documents and Settings\All Users\Application Data\DesktopStandard -> [2009.05.22 10:34:36 | 000,000,000 | -H-D | M]
  573. LightScribe -> C:\Documents and Settings\All Users\Application Data\LightScribe -> [2009.05.22 11:00:31 | 000,000,000 | -H-D | M]
  574. Mindjet -> C:\Documents and Settings\All Users\Application Data\Mindjet -> [2010.06.17 07:49:29 | 000,000,000 | -H-D | M]
  575. ViceVersa PRO 2 -> C:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2 -> [2007.10.18 08:28:06 | 000,000,000 | -H-D | M]
  576. {B49A644A-1076-4A3D-B124-DAA7862F2318} -> C:\Documents and Settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318} -> [2011.12.15 09:16:53 | 000,000,000 | -H-D | M]
  577. Autodesk -> C:\Documents and Settings\Korisnik\Application Data\Autodesk -> [2011.02.22 13:17:03 | 000,000,000 | -H-D | M]
  578. Babylon -> C:\Documents and Settings\Korisnik\Application Data\Babylon -> [2011.12.01 20:15:32 | 000,000,000 | -H-D | M]
  579. BabylonToolbar -> C:\Documents and Settings\Korisnik\Application Data\BabylonToolbar -> [2011.12.01 20:35:04 | 000,000,000 | -H-D | M]
  580. Canon -> C:\Documents and Settings\Korisnik\Application Data\Canon -> [2010.11.09 10:43:27 | 000,000,000 | -H-D | M]
  581. Monotype Imaging -> C:\Documents and Settings\Korisnik\Application Data\Monotype Imaging -> [2009.12.07 08:29:41 | 000,000,000 | -H-D | M]
  582. Thinstall -> C:\Documents and Settings\Korisnik\Application Data\Thinstall -> [2011.11.01 16:30:02 | 000,000,000 | -H-D | M]
  583. Vodafone -> C:\Documents and Settings\Korisnik\Application Data\Vodafone -> [2009.12.07 08:29:18 | 000,000,000 | -H-D | M]
  584. Autodesk -> C:\Documents and Settings\LocalService\Application Data\Autodesk -> [2009.05.08 11:09:57 | 000,000,000 | -H-D | M]
  585. Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job -> [2011.12.16 11:19:01 | 000,000,236 | -H-- | M] ()
  586. User_Feed_Synchronization-{16A62E50-54F3-4B9E-A6A6-B32B7573EB89}.job -> C:\WINDOWS\Tasks\User_Feed_Synchronization-{16A62E50-54F3-4B9E-A6A6-B32B7573EB89}.job -> [2011.12.17 13:05:32 | 000,000,424 | -H-- | M] ()
  587. [Custom Scans]
  588. < netsvcs >
  589. < %SYSTEMDRIVE%\*.exe >
  590. < MD5 Scans Start>
  591. < %systemdrive%\EXPLORER.EXE /md5 /s >
  592. explorer.exe : MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -> C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe -> [2007.06.13 12:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation)
  593. explorer.exe : MD5=97BD6515465659FF8F3B7BE375B2EA87 -> C:\WINDOWS\explorer.exe -> [2007.06.13 11:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation)
  594. explorer.exe : MD5=97BD6515465659FF8F3B7BE375B2EA87 -> C:\WINDOWS\system32\dllcache\explorer.exe -> [2007.06.13 11:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation)
  595. < %systemdrive%\SVCHOST.EXE /md5 /s >
  596. svchost.exe : MD5=8F078AE4ED187AAABC0A305146DE6716 -> C:\WINDOWS\system32\dllcache\svchost.exe -> [2006.02.28 13:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation)
  597. svchost.exe : MD5=8F078AE4ED187AAABC0A305146DE6716 -> C:\WINDOWS\system32\svchost.exe -> [2006.02.28 13:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation)
  598. < %systemdrive%\USERINIT.EXE /md5 /s >
  599. userinit.exe : MD5=39B1FFB03C2296323832ACBAE50D2AFF -> C:\WINDOWS\system32\dllcache\userinit.exe -> [2006.02.28 13:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation)
  600. userinit.exe : MD5=39B1FFB03C2296323832ACBAE50D2AFF -> C:\WINDOWS\system32\userinit.exe -> [2006.02.28 13:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation)
  601. < %systemdrive%\WINLOGON.EXE /md5 /s >
  602. winlogon.exe : MD5=01C3346C241652F43AED8E2149881BFE -> C:\WINDOWS\system32\dllcache\winlogon.exe -> [2006.02.28 13:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation)
  603. winlogon.exe : MD5=01C3346C241652F43AED8E2149881BFE -> C:\WINDOWS\system32\winlogon.exe -> [2006.02.28 13:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation)
  604. < MD5 Scans End>
  605. < %systemroot%\*. /mp /s >
  606. < hklm\software\clients\startmenuinternet|command /rs >
  607. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> ->
  608. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2009.03.08 04:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
  609. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2009.03.08 04:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
  610. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2009.03.08 04:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
  611. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> ->
  612. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2009.03.08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
  613. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> ->
  614. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\Program Files\Internet Explorer\iexplore.exe [C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE] -> [2009.03.08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
  615. < hklm\software\clients\startmenuinternet|command /64 /rs >
  616. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> ->
  617. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2009.03.08 04:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
  618. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2009.03.08 04:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
  619. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\WINDOWS\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2009.03.08 04:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
  620. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> ->
  621. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2009.03.08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
  622. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> ->
  623. HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\Program Files\Internet Explorer\iexplore.exe [C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE] -> [2009.03.08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
  624. Unable to start service SrService!
  625. < End of report >
  626. [/code]
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!