Logfile of random's system information tool 1.09 (written by random/random)
Run by Kurty at 2011-12-08 17:22:06
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 398 GB (83%) free of 477 GB
Total RAM: 4094 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:22:11, on 8.12.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Kurty.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6819 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
winlogon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe"
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe"
"C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe"
"C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe"
"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ca5a4aff-6a99-4b20-a70a-337de2e35ed1 -SystemEventPortName:HostProcess-7275785e-ea8a-4a24-9e61-a89be961a883 -IoCancelEventPortName:HostProcess-4db2ca4d-5b03-4ad6-a43c-b09494187a30 -NonStateChangingEventPortName:HostProcess-cc91b821-2e0b-4586-8c81-bad166d75901 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9375223a-aecd-40eb-b0ae-498d063dd682
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:388 CREDAT:145409
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1060.77776c0.469854394 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.8.0 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 1060 "\\.\pipe\gecko-crash-server-pipe.1060" plugin
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey FEDF7268-3DA0-1BE5-2302-B1ECFC324364 -Reinvoke
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Users\Kurty\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4224538045-3860576283-1738080560-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4224538045-3860576283-1738080560-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Kurty\AppData\Roaming\Mozilla\Firefox\Profiles\dx7829nx.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "cfxHelper@Triton:1.2, foxdie_ext_ocelot@foxdie.us:3.6.4, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10, {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0, {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, bkmrksync@nokia.com:1.0.0.732, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15, cfxe@Triton:3.6.5, chromifox@altmusictv.com:3.6.5, Foxdie@tanjihay.com:3.6.4, FoxdieGraphite@tanjihay.com:3.6.4"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.3.6&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Kurty\AppData\Roaming\Mozilla\Firefox\Profiles\dx7829nx.default\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{c0c588b6-b11d-4898-af00-079fed05aa32}
C:\Users\Kurty\AppData\Roaming\Mozilla\Firefox\Profiles\dx7829nx.default\searchplugins\
icq-search.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-08 1712672]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"=C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2011-08-12 2433024]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"AdobeCS5.5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
C:\Users\Kurty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-12-08 17:21:29 ----D---- C:\rsit
2011-12-08 17:21:29 ----D---- C:\Program Files\trend micro
2011-12-05 17:19:12 ----D---- C:\Program Files (x86)\SRDownloader
2011-12-03 18:11:08 ----D---- C:\Windows\pss
2011-12-02 14:31:48 ----SHD---- C:\Config.Msi
2011-11-30 20:06:47 ----D---- C:\Program Files (x86)\Google
2011-11-29 14:45:44 ----A---- C:\Windows\system32\pavplal.dll
2011-11-29 14:45:44 ----A---- C:\Windows\system32\pavedius.dll
2011-11-29 14:44:37 ----A---- C:\Windows\SYSWOW64\cuvccodc.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\cvpcdvc.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\csthread.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\csellc.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\csehqa.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\csedv.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\csccdvcx.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\csccdvc.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\cmiccodc.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\cllccodc.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\cdvhcodc.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\cdvccodc.dll
2011-11-29 14:44:36 ----A---- C:\Windows\SYSWOW64\cdv5codc.dll
2011-11-29 14:44:29 ----D---- C:\Program Files (x86)\Canopus
2011-11-29 14:44:28 ----A---- C:\Windows\SYSWOW64\icmpeg2.dll
2011-11-29 14:44:28 ----A---- C:\Windows\SYSWOW64\cseuvec.dll
2011-11-29 14:44:28 ----A---- C:\Windows\SYSWOW64\csedvh.dll
2011-11-29 14:40:26 ----A---- C:\Windows\SYSWOW64\pavplal.dll
2011-11-29 14:40:26 ----A---- C:\Windows\SYSWOW64\pavedius.dll
2011-11-29 14:25:20 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-11-29 14:25:20 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-11-29 14:25:20 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-11-29 14:25:20 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-11-29 14:25:19 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-11-29 14:25:19 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-11-29 14:25:18 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2011-11-29 14:25:18 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-11-29 14:25:18 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-11-29 14:25:18 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-11-29 14:25:16 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-11-29 14:25:16 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-11-29 14:25:14 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-11-29 14:25:14 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-11-29 14:25:13 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-11-29 14:25:13 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-11-29 14:25:12 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-11-29 14:25:12 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-11-29 14:25:11 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2011-11-29 14:25:11 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-11-29 14:25:10 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2011-11-29 14:25:10 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-11-29 14:25:09 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2011-11-29 14:25:09 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2011-11-29 14:25:09 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-11-29 14:25:09 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-11-29 14:25:08 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-11-29 14:25:08 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-11-29 14:25:07 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-11-29 14:25:07 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2011-11-29 14:25:07 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-11-29 14:25:07 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-11-29 14:25:06 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-11-29 14:25:06 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-11-29 14:25:06 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-11-29 14:25:06 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-11-29 14:25:04 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-11-29 14:25:04 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-11-29 14:25:04 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-11-29 14:25:04 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-11-29 14:25:02 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2011-11-29 14:25:02 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-11-29 14:25:01 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-11-29 14:25:01 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-11-29 14:25:01 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-11-29 14:25:01 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-11-29 14:25:00 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-11-29 14:25:00 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-11-29 14:25:00 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-11-29 14:25:00 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-11-29 14:24:58 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-11-29 14:24:58 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-11-29 14:24:58 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-11-29 14:24:58 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-11-29 14:24:57 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-11-29 14:24:57 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-11-29 14:24:56 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-11-29 14:24:56 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-11-29 14:24:56 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-11-29 14:24:56 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-11-29 14:24:55 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-11-29 14:24:55 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-11-29 14:24:54 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2011-11-29 14:24:54 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2011-11-29 14:24:54 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-11-29 14:24:54 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-11-29 14:24:53 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2011-11-29 14:24:53 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-11-29 14:24:52 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2011-11-29 14:24:52 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-11-29 14:24:51 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-11-29 14:24:51 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-11-29 14:24:51 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-11-29 14:24:51 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-11-29 14:24:50 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-11-29 14:24:50 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-11-29 14:24:49 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2011-11-29 14:24:49 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-11-29 14:24:48 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2011-11-29 14:24:48 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-11-29 14:24:47 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2011-11-29 14:24:47 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-11-29 14:24:45 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2011-11-29 14:24:45 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2011-11-29 14:24:45 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-11-29 14:24:45 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-11-29 14:24:44 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2011-11-29 14:24:44 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-11-29 14:24:43 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2011-11-29 14:24:43 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-11-29 14:24:39 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2011-11-29 14:24:39 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2011-11-29 14:24:39 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-11-29 14:24:39 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-11-29 14:24:38 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2011-11-29 14:24:38 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-11-29 14:24:34 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2011-11-29 14:24:34 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-11-29 14:21:51 ----D---- C:\Program Files (x86)\Grass Valley
2011-11-29 13:40:18 ----A---- C:\Windows\canopus.ini
2011-11-29 13:28:16 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2011-11-29 13:28:16 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-11-29 13:28:15 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-11-29 13:28:15 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-11-29 13:28:15 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-11-29 13:28:15 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-11-29 13:28:14 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2011-11-29 13:28:14 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-11-29 13:28:12 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2011-11-29 13:28:12 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-11-29 13:28:11 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2011-11-29 13:28:11 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2011-11-29 13:28:11 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-11-29 13:28:11 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-11-29 13:28:10 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2011-11-29 13:28:10 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-11-29 13:28:09 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2011-11-29 13:28:09 ----A---- C:\Windows\system32\xinput1_3.dll
2011-11-29 13:28:07 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2011-11-29 13:28:07 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-11-29 13:28:04 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2011-11-29 13:28:04 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2011-11-29 13:28:04 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-11-29 13:28:04 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-11-29 13:28:03 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2011-11-29 13:28:03 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-11-29 13:28:02 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2011-11-29 13:28:02 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2011-11-29 13:28:02 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-11-29 13:28:02 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-11-29 13:28:01 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2011-11-29 13:28:01 ----A---- C:\Windows\system32\d3dx10.dll
2011-11-29 13:27:59 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2011-11-29 13:27:59 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-11-29 13:27:58 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2011-11-29 13:27:58 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2011-11-29 13:27:58 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-11-29 13:27:58 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-11-29 13:27:56 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2011-11-29 13:27:56 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-11-29 13:27:55 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2011-11-29 13:27:55 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-11-29 13:27:54 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2011-11-29 13:27:54 ----A---- C:\Windows\system32\xinput1_2.dll
2011-11-29 13:27:52 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-11-29 13:27:52 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-11-29 13:27:52 ----A---- C:\Windows\system32\xinput1_1.dll
2011-11-29 13:27:52 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-11-29 13:27:51 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-11-29 13:27:51 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-11-29 13:27:45 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-11-29 13:27:45 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-11-29 13:27:43 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-11-29 13:27:43 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-11-29 13:27:43 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-11-29 13:27:43 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-11-29 13:27:43 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-11-29 13:27:43 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-11-29 13:27:42 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-11-29 13:27:42 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-11-29 13:27:41 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-11-29 13:27:41 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-11-29 13:27:40 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-11-29 13:27:40 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-11-29 13:27:38 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-11-29 13:27:38 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-11-29 13:27:36 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-11-29 13:27:36 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-11-29 13:25:22 ----A---- C:\Windows\pavplal.dll
2011-11-29 13:25:22 ----A---- C:\Windows\pavedius.dll
2011-11-29 13:24:22 ----N---- C:\Windows\SYSWOW64\paveno.dll
2011-11-29 13:24:22 ----N---- C:\Windows\SYSWOW64\pavapi.dll
2011-11-29 13:24:22 ----A---- C:\Windows\SYSWOW64\pavedius5db.dll
2011-11-29 13:00:59 ----D---- C:\Program Files (x86)\Corel
2011-11-29 12:52:59 ----RSH---- C:\ProgramData\B5BADA18E9.sys
2011-11-29 12:52:06 ----ASH---- C:\ProgramData\KGyGaAvL.sys
2011-11-21 13:16:53 ----D---- C:\Program Files\NewBlue
2011-11-21 12:25:52 ----D---- C:\ProgramData\eSellerate
2011-11-21 12:21:54 ----D---- C:\Program Files (x86)\NewBlue
2011-11-09 14:33:50 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-11-09 14:33:49 ----A---- C:\Windows\system32\win32k.sys
======List of files/folders modified in the last 1 month======
2011-12-08 17:21:37 ----D---- C:\Windows\Prefetch
2011-12-08 17:21:29 ----RD---- C:\Program Files
2011-12-08 17:21:10 ----D---- C:\Windows\Temp
2011-12-08 16:35:42 ----D---- C:\Windows\system32\config
2011-12-08 15:50:42 ----D---- C:\Windows\System32
2011-12-08 15:50:42 ----D---- C:\Windows\inf
2011-12-08 15:50:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-08 15:50:21 ----D---- C:\Windows
2011-12-07 22:03:31 ----D---- C:\Program Files (x86)\The KMPlayer
2011-12-07 17:59:13 ----D---- C:\Users\Kurty\AppData\Roaming\Winamp
2011-12-07 17:12:15 ----D---- C:\Program Files (x86)\TagScanner
2011-12-06 18:34:36 ----SHD---- C:\System Volume Information
2011-12-05 18:48:21 ----SD---- C:\Users\Kurty\AppData\Roaming\Microsoft
2011-12-05 17:19:20 ----RD---- C:\Program Files (x86)
2011-12-02 16:18:39 ----A---- C:\Windows\win.ini
2011-12-02 15:01:44 ----D---- C:\Users\Kurty\AppData\Roaming\XnView
2011-12-02 14:41:25 ----D---- C:\ProgramData\CorelDRAW Graphics Suite X5
2011-12-02 14:38:28 ----SHD---- C:\Windows\Installer
2011-12-02 14:37:34 ----RSD---- C:\Windows\assembly
2011-12-02 14:31:50 ----D---- C:\Program Files (x86)\Common Files
2011-12-01 15:54:48 ----D---- C:\Users\Kurty\AppData\Roaming\dvdcss
2011-12-01 08:54:20 ----D---- C:\Windows\system32\catroot2
2011-11-30 20:06:54 ----D---- C:\Windows\Tasks
2011-11-30 20:06:54 ----D---- C:\Windows\system32\Tasks
2011-11-29 19:10:09 ----D---- C:\Windows\Logs
2011-11-29 18:42:22 ----D---- C:\Windows\Microsoft.NET
2011-11-29 14:45:11 ----D---- C:\Windows\SysWOW64
2011-11-29 14:41:13 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-11-29 14:37:52 ----D---- C:\Program Files\Common Files\Canopus Shared
2011-11-29 14:37:52 ----D---- C:\Program Files (x86)\CodecOption
2011-11-29 14:22:14 ----D---- C:\Windows\winsxs
2011-11-29 13:40:18 ----D---- C:\ProgramData\Canopus
2011-11-29 13:28:29 ----D---- C:\Windows\system32\drivers
2011-11-29 13:11:04 ----D---- C:\ProgramData\Microsoft Help
2011-11-29 13:03:49 ----RSD---- C:\Windows\Fonts
2011-11-29 13:03:42 ----D---- C:\ProgramData\Corel
2011-11-29 12:58:04 ----D---- C:\Users\Kurty\AppData\Roaming\Corel
2011-11-29 12:54:18 ----D---- C:\Program Files (x86)\URUSoft
2011-11-29 12:52:59 ----HD---- C:\ProgramData
2011-11-22 20:53:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-11-18 19:29:48 ----D---- C:\Windows\system32\NDF
2011-11-12 10:28:17 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2011-11-11 17:08:11 ----D---- C:\Windows\system32\catroot
2011-11-10 16:22:48 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-11-10 16:18:08 ----D---- C:\Program Files (x86)\Adobe
2011-11-10 16:17:56 ----D---- C:\Program Files\Common Files\Adobe
2011-11-10 16:17:35 ----D---- C:\ProgramData\Adobe
2011-11-10 16:17:04 ----D---- C:\Users\Kurty\AppData\Roaming\Adobe
2011-11-10 14:44:00 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-11-09 22:40:57 ----D---- C:\Windows\debug
2011-11-09 18:36:36 ----D---- C:\Program Files\Common Files\System
2011-11-09 18:20:25 ----D---- C:\Windows\system32\wdi
2011-11-09 18:17:44 ----A---- C:\Windows\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 cdrblock;cdrblock; C:\Windows\system32\DRIVERS\cdrblock.sys [2008-05-30 34360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-24 270912]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-16 40816]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBS64.sys [2008-07-26 50072]
R3 LVUVC64;Logitech QuickCam E3500(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-05-14 4901888]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-14 383008]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu. Blbne průzkumník Windows. Děkuji
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119510
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu. Blbne průzkumník Windows. Děkuji
Poprosím o kompletní sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu. Blbne průzkumník Windows. Děkuji
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Verze databáze: 8336
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
8.12.2011 20:28:57
mbam-log-2011-12-08 (20-28-57).txt
Typ: Rychlá kontrola
Kontrolované objekty: 172664
Uplynulý čas: 2 minut, 4 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
www.malwarebytes.org
Verze databáze: 8336
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
8.12.2011 20:28:57
mbam-log-2011-12-08 (20-28-57).txt
Typ: Rychlá kontrola
Kontrolované objekty: 172664
Uplynulý čas: 2 minut, 4 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
-
Rudy
- Site Admin
- Příspěvky: 119510
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu. Blbne průzkumník Windows. Děkuji
Čisto. Zkuste obnovu systému k datu, kdy korektně fungoval.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?