Dobrý den,
mám nový notebook a pro jistotu prosím o kontrolu logu.
Logfile of random's system information tool 1.09 (written by random/random)
Run by admin at 2012-09-14 11:07:19
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 400 GB (93%) free of 432 GB
Total RAM: 3828 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:45, on 14.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Users\admin\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEPwdBankBHO - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1003203924-2295340803-2642279603-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1003203924-2295340803-2642279603-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Data Security Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11491 bytes
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yysg9bs7.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CBB761-DA41-4E31-B270-B13B4B0A61D0}]
IEPwdBankBHO Class - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll [2010-05-28 53616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2009-09-30 111640]
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2010-01-15 536576]
"VitaKeyTSR"=C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [2010-05-28 376176]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-12-03 35184]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]
"UCam_Menu"=C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"YouCam Mirror Tray icon"=C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [2010-03-03 171104]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-03-11 407920]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-03-11 201584]
"PLTSR"=C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [2010-09-11 364400]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\SysWOW64\nvinit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
EgisPwdFilter
EgisDSPwdFilter
EgisPLPwdFilter
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.clmp3enc"=C:\PROGRA~2\Lenovo\Power2Go\CLMP3Enc.ACM
"msacm.siren"=sirenacm.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-09-14 11:07:20 ----D---- C:\Program Files (x86)\trend micro
2012-09-14 11:07:19 ----D---- C:\rsit
2012-09-14 10:02:10 ----A---- C:\windows\SysWOW64\esent.dll
2012-09-14 10:02:09 ----A---- C:\windows\SysWOW64\fsutil.exe
2012-09-13 19:15:19 ----D---- C:\ProgramData\CyberLink
2012-09-13 19:15:18 ----D---- C:\Users\admin\AppData\Roaming\CyberLink
2012-09-13 15:41:46 ----D---- C:\windows\SysWOW64\Wat
2012-09-13 15:25:04 ----A---- C:\windows\SysWOW64\mshtmled.dll
2012-09-13 15:25:03 ----A---- C:\windows\SysWOW64\urlmon.dll
2012-09-13 15:25:03 ----A---- C:\windows\SysWOW64\url.dll
2012-09-13 15:25:03 ----A---- C:\windows\SysWOW64\iertutil.dll
2012-09-13 15:25:02 ----A---- C:\windows\SysWOW64\ieUnatt.exe
2012-09-13 15:25:02 ----A---- C:\windows\SysWOW64\ieui.dll
2012-09-13 15:25:00 ----A---- C:\windows\SysWOW64\wininet.dll
2012-09-13 15:24:59 ----A---- C:\windows\SysWOW64\jsproxy.dll
2012-09-13 15:24:59 ----A---- C:\windows\SysWOW64\jscript9.dll
2012-09-13 15:24:59 ----A---- C:\windows\SysWOW64\jscript.dll
2012-09-13 15:24:58 ----A---- C:\windows\SysWOW64\mshtml.dll
2012-09-13 15:24:55 ----A---- C:\windows\SysWOW64\ieframe.dll
2012-09-13 15:22:34 ----A---- C:\windows\SysWOW64\wmi.dll
2012-09-13 15:22:34 ----A---- C:\windows\SysWOW64\wintrust.dll
2012-09-13 15:22:34 ----A---- C:\windows\SysWOW64\imagehlp.dll
2012-09-13 10:20:35 ----A---- C:\windows\SysWOW64\DWrite.dll
2012-09-13 10:20:33 ----A---- C:\windows\SysWOW64\odbctrac.dll
2012-09-13 10:20:33 ----A---- C:\windows\SysWOW64\odbcjt32.dll
2012-09-13 10:20:33 ----A---- C:\windows\SysWOW64\odbccu32.dll
2012-09-13 10:20:33 ----A---- C:\windows\SysWOW64\odbccr32.dll
2012-09-13 10:20:33 ----A---- C:\windows\SysWOW64\odbccp32.dll
2012-09-13 10:20:32 ----A---- C:\windows\SysWOW64\xmllite.dll
2012-09-13 10:20:29 ----A---- C:\windows\SysWOW64\srclient.dll
2012-09-13 10:20:24 ----A---- C:\windows\SysWOW64\poqexec.exe
2012-09-13 10:20:23 ----A---- C:\windows\SysWOW64\explorer.exe
2012-09-13 10:20:23 ----A---- C:\windows\explorer.exe
2012-09-13 10:20:19 ----A---- C:\windows\SysWOW64\mssrch.dll
2012-09-13 10:20:18 ----A---- C:\windows\SysWOW64\tquery.dll
2012-09-13 10:20:18 ----A---- C:\windows\SysWOW64\SearchProtocolHost.exe
2012-09-13 10:20:18 ----A---- C:\windows\SysWOW64\SearchIndexer.exe
2012-09-13 10:20:18 ----A---- C:\windows\SysWOW64\mssph.dll
2012-09-13 10:20:17 ----A---- C:\windows\SysWOW64\SearchFilterHost.exe
2012-09-13 10:20:17 ----A---- C:\windows\SysWOW64\mssvp.dll
2012-09-13 10:20:17 ----A---- C:\windows\SysWOW64\mssphtb.dll
2012-09-13 10:20:17 ----A---- C:\windows\SysWOW64\msscntrs.dll
2012-09-13 10:20:12 ----A---- C:\windows\SysWOW64\ntshrui.dll
2012-09-13 10:20:10 ----A---- C:\windows\SysWOW64\quartz.dll
2012-09-13 10:20:10 ----A---- C:\windows\SysWOW64\qdvd.dll
2012-09-13 10:20:05 ----A---- C:\windows\SysWOW64\webio.dll
2012-09-13 10:20:02 ----A---- C:\windows\SysWOW64\msxml6.dll
2012-09-13 10:20:01 ----A---- C:\windows\SysWOW64\msxml3r.dll
2012-09-13 10:20:01 ----A---- C:\windows\SysWOW64\msxml3.dll
2012-09-13 10:19:57 ----A---- C:\windows\SysWOW64\win32spl.dll
2012-09-13 10:19:57 ----A---- C:\windows\splwow64.exe
2012-09-13 10:19:47 ----A---- C:\windows\SysWOW64\XpsPrint.dll
2012-09-13 10:19:42 ----A---- C:\windows\SysWOW64\shell32.dll
2012-09-13 10:19:39 ----A---- C:\windows\SysWOW64\d3d10level9.dll
2012-09-13 10:19:28 ----A---- C:\windows\SysWOW64\schannel.dll
2012-09-13 10:19:28 ----A---- C:\windows\SysWOW64\ncrypt.dll
2012-09-13 10:19:27 ----A---- C:\windows\SysWOW64\sspicli.dll
2012-09-13 10:19:27 ----A---- C:\windows\SysWOW64\secur32.dll
2012-09-13 10:19:15 ----A---- C:\windows\SysWOW64\ntoskrnl.exe
2012-09-13 10:19:14 ----A---- C:\windows\SysWOW64\ntkrnlpa.exe
2012-09-13 10:18:43 ----A---- C:\windows\SysWOW64\psisdecd.dll
2012-09-13 10:18:37 ----A---- C:\windows\SysWOW64\msi.dll
2012-09-13 10:18:30 ----A---- C:\windows\SysWOW64\cryptsvc.dll
2012-09-13 10:18:30 ----A---- C:\windows\SysWOW64\cryptnet.dll
2012-09-13 10:18:30 ----A---- C:\windows\SysWOW64\crypt32.dll
2012-09-13 10:18:22 ----A---- C:\windows\SysWOW64\netapi32.dll
2012-09-13 10:18:22 ----A---- C:\windows\SysWOW64\browcli.dll
2012-09-13 10:18:15 ----A---- C:\windows\SysWOW64\setup16.exe
2012-09-13 10:18:15 ----A---- C:\windows\SysWOW64\KernelBase.dll
2012-09-13 10:18:15 ----A---- C:\windows\SysWOW64\kernel32.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-09-13 10:18:14 ----A---- C:\windows\SysWOW64\wow32.dll
2012-09-13 10:18:14 ----A---- C:\windows\SysWOW64\ntvdm64.dll
2012-09-13 10:18:14 ----A---- C:\windows\SysWOW64\instnm.exe
2012-09-13 10:18:13 ----AH---- C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-09-13 10:18:09 ----A---- C:\windows\SysWOW64\user.exe
2012-09-13 10:18:07 ----A---- C:\windows\SysWOW64\drvinst.exe
2012-09-13 10:18:07 ----A---- C:\windows\SysWOW64\devrtl.dll
2012-09-13 10:18:07 ----A---- C:\windows\SysWOW64\devobj.dll
2012-09-13 10:18:07 ----A---- C:\windows\SysWOW64\cfgmgr32.dll
2012-09-13 10:18:06 ----A---- C:\windows\SysWOW64\prevhost.exe
2012-09-13 10:17:55 ----A---- C:\windows\SysWOW64\inetcomm.dll
2012-09-13 10:17:54 ----A---- C:\windows\SysWOW64\msvcrt.dll
2012-09-13 10:17:49 ----A---- C:\windows\SysWOW64\oleaut32.dll
2012-09-13 10:17:49 ----A---- C:\windows\SysWOW64\oleacc.dll
2012-09-13 10:17:43 ----A---- C:\windows\SysWOW64\EncDec.dll
2012-09-13 10:17:32 ----A---- C:\windows\SysWOW64\tzres.dll
2012-09-13 10:17:11 ----A---- C:\windows\SysWOW64\cdosys.dll
2012-09-13 10:17:03 ----A---- C:\windows\SysWOW64\ntdll.dll
2012-09-13 10:17:02 ----A---- C:\windows\SysWOW64\packager.dll
2012-09-13 10:07:31 ----A---- C:\windows\SysWOW64\rdpcore.dll
2012-09-12 19:38:14 ----D---- C:\windows\SysWOW64\Macromed
2012-09-12 19:38:14 ----A---- C:\windows\SysWOW64\FlashPlayerApp.exe
2012-09-12 19:27:11 ----D---- C:\Users\admin\AppData\Roaming\Mozilla
2012-09-12 19:27:03 ----D---- C:\ProgramData\Mozilla
2012-09-12 19:27:02 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-12 19:26:57 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-12 18:42:06 ----A---- C:\windows\SysWOW64\aswBoot.exe
2012-09-12 18:42:06 ----A---- C:\windows\avastSS.scr
2012-09-12 18:41:56 ----D---- C:\ProgramData\AVAST Software
======List of files/folders modified in the last 1 month======
2012-09-14 11:07:35 ----D---- C:\windows\Temp
2012-09-14 11:07:20 ----RD---- C:\Program Files (x86)
2012-09-14 11:03:21 ----D---- C:\windows\inf
2012-09-14 11:03:20 ----D---- C:\Windows
2012-09-14 11:00:34 ----D---- C:\ProgramData\Adobe
2012-09-14 10:55:51 ----D---- C:\windows\winsxs
2012-09-14 10:46:33 ----D---- C:\windows\System32
2012-09-14 10:42:01 ----A---- C:\windows\SysWOW64\log.txt
2012-09-14 10:41:33 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-09-14 10:40:52 ----D---- C:\windows\SysWOW64\cs-CZ
2012-09-14 10:40:52 ----D---- C:\windows\SysWOW64
2012-09-14 10:40:17 ----SHD---- C:\windows\Installer
2012-09-14 10:38:29 ----SHD---- C:\System Volume Information
2012-09-14 10:08:28 ----D---- C:\Users\admin\AppData\Roaming\Adobe
2012-09-13 19:15:19 ----HD---- C:\ProgramData
2012-09-13 19:14:44 ----D---- C:\windows\debug
2012-09-13 17:58:10 ----D---- C:\windows\Prefetch
2012-09-13 17:58:05 ----RSD---- C:\windows\assembly
2012-09-13 17:58:05 ----D---- C:\windows\Microsoft.NET
2012-09-13 15:41:53 ----D---- C:\windows\ehome
2012-09-13 15:41:53 ----D---- C:\Program Files (x86)\Common Files\System
2012-09-13 15:41:52 ----RSD---- C:\windows\Fonts
2012-09-13 15:41:47 ----D---- C:\windows\AppPatch
2012-09-13 15:41:44 ----D---- C:\windows\SysWOW64\migration
2012-09-13 15:41:44 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-13 15:12:50 ----D---- C:\ProgramData\McAfee
2012-09-13 15:12:50 ----D---- C:\Program Files (x86)\McAfee
2012-09-13 15:12:50 ----D---- C:\Program Files (x86)\Common Files
2012-09-13 10:30:46 ----D---- C:\windows\Logs
2012-09-13 00:22:43 ----SD---- C:\ProgramData\Microsoft
2012-09-13 00:22:41 ----D---- C:\windows\SoftwareDistribution
2012-09-12 19:38:44 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft
2012-09-12 19:38:15 ----D---- C:\windows\Tasks
2012-09-12 19:33:25 ----D---- C:\windows\Panther
2012-09-12 19:32:57 ----RD---- C:\Program Files
2012-09-12 19:21:37 ----D---- C:\ProgramData\Partner
2012-09-12 19:21:37 ----D---- C:\Program Files (x86)\Google
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys []
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys []
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys []
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys []
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys []
R1 aswSnx;aswSnx; C:\windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\windows\SysWOW64\drivers\aswTdi.sys []
R1 EgisTecFF;EgisTecFF; C:\windows\system32\DRIVERS\EgisTecFF.sys []
R1 mwlPSDFilter;mwlPSDFilter; C:\windows\system32\DRIVERS\mwlPSDFilter.sys []
R1 mwlPSDNServ;mwlPSDNServ; C:\windows\system32\DRIVERS\mwlPSDNServ.sys []
R1 mwlPSDVDisk;mwlPSDVDisk; C:\windows\system32\DRIVERS\mwlPSDVDisk.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys []
R2 aswFsBlk;aswFsBlk; C:\windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys []
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys); C:\windows\System32\Drivers\FPSensor.sys []
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys []
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys []
R3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys []
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys []
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys []
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys []
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys []
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys []
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys []
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys []
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys []
R3 vm331avs;Digital Camera 1; C:\windows\System32\Drivers\vm331avs.sys []
R3 vmuvcflt;Vimicro USB Camera Filter; C:\windows\System32\Drivers\vmuvcflt.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys []
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys []
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys []
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys []
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-04-20 903456]
R2 EgisTec Data Security Service;EgisTec Data Security Service; C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-05-28 314736]
R2 EgisTec Service Help;EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-09-11 327024]
R2 EgisTec Service;EgisTec Service; C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-05-28 709488]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 268824]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe []
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-07-11 1620584]
R2 RtLedService;RtLedService Installer; C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-02-05 311296]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 250568]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu
Zdravim 
Dejte mi sem prosim log z tohoto RSIT http://images.malwareremoval.com/random/RSITx64.exe , jelikoz mate 64bit system
Dejte mi sem prosim log z tohoto RSIT http://images.malwareremoval.com/random/RSITx64.exe , jelikoz mate 64bit system
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu
Dobrý den
zde vkládám nový log
Logfile of random's system information tool 1.09 (written by random/random)
Run by admin at 2012-09-15 13:57:12
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 399 GB (92%) free of 432 GB
Total RAM: 3828 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:57:15, on 15.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files\trend micro\admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEPwdBankBHO - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1003203924-2295340803-2642279603-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1003203924-2295340803-2642279603-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Data Security Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11452 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe"
C:\windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe"
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Realtek\RtLED\RtLEDService.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files\Realtek\RtLED\RtLED.exe"
WLIDSvcM.exe 2128
C:\windows\system32\svchost.exe -k bthsvcs
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\USB Camera\VM331_STI.EXE"
"C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"
"C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4120.a89ef20.1219101855 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 4120 "\\.\pipe\gecko-crash-server-pipe.4120" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe" --proxy-stub-channel=Flash4676.6B1FF168.41 --host-broker-channel=Flash4676.6B1FF168.18467 --host-pid=4676 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe" --channel=4712.0026F168.149387759 --proxy-stub-channel=Flash4676.6B1FF168.41 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll" --host-npapi-version=27 --type=renderer
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\windows\System32\svchost.exe -k secsvcs
"C:\windows\system32\wuauclt.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
C:\windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\admin\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yysg9bs7.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CBB761-DA41-4E31-B270-B13B4B0A61D0}]
IEPwdBankBHO Class - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll [2010-05-28 53616]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-08-09 161304]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-08-09 386584]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-08-09 415256]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-06-02 10821224]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-03-29 2598280]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [2010-04-12 4462496]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2010-03-18 7056800]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2009-09-30 111640]
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2010-01-15 536576]
"VitaKeyTSR"=C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [2010-05-28 376176]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-12-03 35184]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]
"UCam_Menu"=C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"YouCam Mirror Tray icon"=C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [2010-03-03 171104]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-03-11 407920]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-03-11 201584]
"PLTSR"=C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [2010-09-11 364400]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-07-28 271360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
EgisPwdFilter
EgisDSPwdFilter
EgisPLPwdFilter
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-09-15 13:57:12 ----D---- C:\rsit
2012-09-15 13:57:12 ----D---- C:\Program Files\trend micro
2012-09-14 13:44:01 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-09-14 11:07:20 ----D---- C:\Program Files (x86)\trend micro
2012-09-14 10:39:53 ----A---- C:\windows\system32\drivers\bthport.sys
2012-09-14 10:02:16 ----A---- C:\windows\system32\drivers\usbport.sys
2012-09-14 10:02:16 ----A---- C:\windows\system32\drivers\usbhub.sys
2012-09-14 10:02:16 ----A---- C:\windows\system32\drivers\usbehci.sys
2012-09-14 10:02:15 ----A---- C:\windows\system32\drivers\usbuhci.sys
2012-09-14 10:02:15 ----A---- C:\windows\system32\drivers\usbohci.sys
2012-09-14 10:02:15 ----A---- C:\windows\system32\drivers\usbd.sys
2012-09-14 10:02:15 ----A---- C:\windows\system32\drivers\usbccgp.sys
2012-09-14 10:02:15 ----A---- C:\windows\system32\drivers\BTHUSB.SYS
2012-09-14 10:02:10 ----A---- C:\windows\SYSWOW64\esent.dll
2012-09-14 10:02:10 ----A---- C:\windows\system32\fsutil.exe
2012-09-14 10:02:10 ----A---- C:\windows\system32\esent.dll
2012-09-14 10:02:10 ----A---- C:\windows\system32\drivers\ntfs.sys
2012-09-14 10:02:10 ----A---- C:\windows\system32\drivers\amdxata.sys
2012-09-14 10:02:09 ----A---- C:\windows\SYSWOW64\fsutil.exe
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\USBSTOR.SYS
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\storport.sys
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\nvstor.sys
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\nvraid.sys
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\iaStorV.sys
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\amdsata.sys
2012-09-13 19:15:19 ----D---- C:\ProgramData\CyberLink
2012-09-13 19:15:18 ----D---- C:\Users\admin\AppData\Roaming\CyberLink
2012-09-13 15:41:46 ----D---- C:\windows\SYSWOW64\Wat
2012-09-13 15:41:46 ----D---- C:\windows\system32\Wat
2012-09-13 15:29:06 ----A---- C:\windows\system32\browserchoice.exe
2012-09-13 15:25:04 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2012-09-13 15:25:04 ----A---- C:\windows\system32\mshtmled.dll
2012-09-13 15:25:03 ----A---- C:\windows\SYSWOW64\urlmon.dll
2012-09-13 15:25:03 ----A---- C:\windows\SYSWOW64\url.dll
2012-09-13 15:25:03 ----A---- C:\windows\SYSWOW64\iertutil.dll
2012-09-13 15:25:03 ----A---- C:\windows\system32\urlmon.dll
2012-09-13 15:25:03 ----A---- C:\windows\system32\url.dll
2012-09-13 15:25:03 ----A---- C:\windows\system32\iertutil.dll
2012-09-13 15:25:02 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2012-09-13 15:25:02 ----A---- C:\windows\SYSWOW64\ieui.dll
2012-09-13 15:25:02 ----A---- C:\windows\system32\ieUnatt.exe
2012-09-13 15:25:02 ----A---- C:\windows\system32\ieui.dll
2012-09-13 15:25:01 ----A---- C:\windows\system32\jscript9.dll
2012-09-13 15:25:00 ----A---- C:\windows\SYSWOW64\wininet.dll
2012-09-13 15:25:00 ----A---- C:\windows\system32\wininet.dll
2012-09-13 15:25:00 ----A---- C:\windows\system32\jsproxy.dll
2012-09-13 15:24:59 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2012-09-13 15:24:59 ----A---- C:\windows\SYSWOW64\jscript9.dll
2012-09-13 15:24:59 ----A---- C:\windows\SYSWOW64\jscript.dll
2012-09-13 15:24:59 ----A---- C:\windows\system32\jscript.dll
2012-09-13 15:24:58 ----A---- C:\windows\SYSWOW64\mshtml.dll
2012-09-13 15:24:57 ----A---- C:\windows\system32\mshtml.dll
2012-09-13 15:24:55 ----A---- C:\windows\SYSWOW64\ieframe.dll
2012-09-13 15:24:55 ----A---- C:\windows\system32\ieframe.dll
2012-09-13 15:23:25 ----A---- C:\windows\system32\MRT.exe
2012-09-13 15:22:34 ----A---- C:\windows\SYSWOW64\wmi.dll
2012-09-13 15:22:34 ----A---- C:\windows\SYSWOW64\wintrust.dll
2012-09-13 15:22:34 ----A---- C:\windows\SYSWOW64\imagehlp.dll
2012-09-13 15:22:34 ----A---- C:\windows\system32\wmi.dll
2012-09-13 15:22:34 ----A---- C:\windows\system32\wintrust.dll
2012-09-13 15:22:34 ----A---- C:\windows\system32\imagehlp.dll
2012-09-13 15:22:34 ----A---- C:\windows\system32\drivers\fs_rec.sys
2012-09-13 10:20:35 ----A---- C:\windows\SYSWOW64\DWrite.dll
2012-09-13 10:20:35 ----A---- C:\windows\system32\DWrite.dll
2012-09-13 10:20:34 ----A---- C:\windows\system32\odbccu32.dll
2012-09-13 10:20:34 ----A---- C:\windows\system32\odbccr32.dll
2012-09-13 10:20:34 ----A---- C:\windows\system32\odbccp32.dll
2012-09-13 10:20:33 ----A---- C:\windows\SYSWOW64\odbctrac.dll
2012-09-13 10:20:33 ----A---- C:\windows\SYSWOW64\odbcjt32.dll
2012-09-13 10:20:33 ----A---- C:\windows\SYSWOW64\odbccu32.dll
2012-09-13 10:20:33 ----A---- C:\windows\SYSWOW64\odbccr32.dll
2012-09-13 10:20:33 ----A---- C:\windows\SYSWOW64\odbccp32.dll
2012-09-13 10:20:33 ----A---- C:\windows\system32\odbctrac.dll
2012-09-13 10:20:32 ----A---- C:\windows\SYSWOW64\xmllite.dll
2012-09-13 10:20:32 ----A---- C:\windows\system32\xmllite.dll
2012-09-13 10:20:29 ----A---- C:\windows\SYSWOW64\srclient.dll
2012-09-13 10:20:29 ----A---- C:\windows\system32\srcore.dll
2012-09-13 10:20:24 ----A---- C:\windows\SYSWOW64\poqexec.exe
2012-09-13 10:20:24 ----A---- C:\windows\system32\poqexec.exe
2012-09-13 10:20:23 ----A---- C:\windows\SYSWOW64\explorer.exe
2012-09-13 10:20:23 ----A---- C:\windows\explorer.exe
2012-09-13 10:20:21 ----A---- C:\windows\system32\tquery.dll
2012-09-13 10:20:20 ----A---- C:\windows\system32\SearchIndexer.exe
2012-09-13 10:20:20 ----A---- C:\windows\system32\mssrch.dll
2012-09-13 10:20:19 ----A---- C:\windows\SYSWOW64\mssrch.dll
2012-09-13 10:20:19 ----A---- C:\windows\system32\SearchProtocolHost.exe
2012-09-13 10:20:18 ----A---- C:\windows\SYSWOW64\tquery.dll
2012-09-13 10:20:18 ----A---- C:\windows\SYSWOW64\SearchProtocolHost.exe
2012-09-13 10:20:18 ----A---- C:\windows\SYSWOW64\SearchIndexer.exe
2012-09-13 10:20:18 ----A---- C:\windows\SYSWOW64\mssph.dll
2012-09-13 10:20:18 ----A---- C:\windows\system32\SearchFilterHost.exe
2012-09-13 10:20:18 ----A---- C:\windows\system32\mssph.dll
2012-09-13 10:20:17 ----A---- C:\windows\SYSWOW64\SearchFilterHost.exe
2012-09-13 10:20:17 ----A---- C:\windows\SYSWOW64\mssvp.dll
2012-09-13 10:20:17 ----A---- C:\windows\SYSWOW64\mssphtb.dll
2012-09-13 10:20:17 ----A---- C:\windows\SYSWOW64\msscntrs.dll
2012-09-13 10:20:17 ----A---- C:\windows\system32\mssvp.dll
2012-09-13 10:20:17 ----A---- C:\windows\system32\mssphtb.dll
2012-09-13 10:20:17 ----A---- C:\windows\system32\msscntrs.dll
2012-09-13 10:20:12 ----A---- C:\windows\SYSWOW64\ntshrui.dll
2012-09-13 10:20:12 ----A---- C:\windows\system32\ntshrui.dll
2012-09-13 10:20:11 ----A---- C:\windows\system32\quartz.dll
2012-09-13 10:20:10 ----A---- C:\windows\SYSWOW64\quartz.dll
2012-09-13 10:20:10 ----A---- C:\windows\SYSWOW64\qdvd.dll
2012-09-13 10:20:10 ----A---- C:\windows\system32\qdvd.dll
2012-09-13 10:20:07 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2012-09-13 10:20:07 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2012-09-13 10:20:07 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2012-09-13 10:20:05 ----A---- C:\windows\SYSWOW64\webio.dll
2012-09-13 10:20:05 ----A---- C:\windows\system32\webio.dll
2012-09-13 10:20:03 ----A---- C:\windows\system32\msxml6.dll
2012-09-13 10:20:02 ----A---- C:\windows\SYSWOW64\msxml6.dll
2012-09-13 10:20:02 ----A---- C:\windows\system32\msxml3.dll
2012-09-13 10:20:01 ----A---- C:\windows\SYSWOW64\msxml3r.dll
2012-09-13 10:20:01 ----A---- C:\windows\SYSWOW64\msxml3.dll
2012-09-13 10:20:01 ----A---- C:\windows\system32\msxml3r.dll
2012-09-13 10:20:00 ----A---- C:\windows\system32\csrsrv.dll
2012-09-13 10:19:58 ----A---- C:\windows\system32\win32spl.dll
2012-09-13 10:19:57 ----A---- C:\windows\SYSWOW64\win32spl.dll
2012-09-13 10:19:57 ----A---- C:\windows\system32\spoolsv.exe
2012-09-13 10:19:57 ----A---- C:\windows\splwow64.exe
2012-09-13 10:19:47 ----A---- C:\windows\SYSWOW64\XpsPrint.dll
2012-09-13 10:19:47 ----A---- C:\windows\system32\XpsPrint.dll
2012-09-13 10:19:45 ----A---- C:\windows\system32\shell32.dll
2012-09-13 10:19:42 ----A---- C:\windows\SYSWOW64\shell32.dll
2012-09-13 10:19:41 ----A---- C:\windows\system32\drivers\ndis.sys
2012-09-13 10:19:40 ----A---- C:\windows\system32\drivers\RNDISMP.sys
2012-09-13 10:19:39 ----A---- C:\windows\SYSWOW64\d3d10level9.dll
2012-09-13 10:19:39 ----A---- C:\windows\system32\d3d10level9.dll
2012-09-13 10:19:38 ----A---- C:\windows\system32\rdrmemptylst.exe
2012-09-13 10:19:38 ----A---- C:\windows\system32\rdpcorekmts.dll
2012-09-13 10:19:37 ----A---- C:\windows\system32\rdpwsx.dll
2012-09-13 10:19:29 ----A---- C:\windows\system32\schannel.dll
2012-09-13 10:19:29 ----A---- C:\windows\system32\drivers\cng.sys
2012-09-13 10:19:28 ----A---- C:\windows\SYSWOW64\schannel.dll
2012-09-13 10:19:28 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2012-09-13 10:19:28 ----A---- C:\windows\system32\ncrypt.dll
2012-09-13 10:19:28 ----A---- C:\windows\system32\lsass.exe
2012-09-13 10:19:28 ----A---- C:\windows\system32\lsasrv.dll
2012-09-13 10:19:28 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2012-09-13 10:19:28 ----A---- C:\windows\system32\drivers\ksecdd.sys
2012-09-13 10:19:27 ----A---- C:\windows\SYSWOW64\sspicli.dll
2012-09-13 10:19:27 ----A---- C:\windows\SYSWOW64\secur32.dll
2012-09-13 10:19:27 ----A---- C:\windows\system32\sspisrv.dll
2012-09-13 10:19:27 ----A---- C:\windows\system32\sspicli.dll
2012-09-13 10:19:27 ----A---- C:\windows\system32\secur32.dll
2012-09-13 10:19:25 ----A---- C:\windows\system32\drivers\tcpip.sys
2012-09-13 10:19:25 ----A---- C:\windows\system32\drivers\netio.sys
2012-09-13 10:19:24 ----A---- C:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 10:19:19 ----A---- C:\windows\system32\drivers\Diskdump.sys
2012-09-13 10:19:18 ----A---- C:\windows\system32\profsvc.dll
2012-09-13 10:19:16 ----A---- C:\windows\system32\ntoskrnl.exe
2012-09-13 10:19:15 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2012-09-13 10:19:14 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2012-09-13 10:18:46 ----A---- C:\windows\system32\drivers\srvnet.sys
2012-09-13 10:18:46 ----A---- C:\windows\system32\drivers\srv2.sys
2012-09-13 10:18:46 ----A---- C:\windows\system32\drivers\srv.sys
2012-09-13 10:18:46 ----A---- C:\windows\system32\drivers\afd.sys
2012-09-13 10:18:45 ----A---- C:\windows\system32\drivers\partmgr.sys
2012-09-13 10:18:44 ----A---- C:\windows\system32\psisdecd.dll
2012-09-13 10:18:43 ----A---- C:\windows\SYSWOW64\psisdecd.dll
2012-09-13 10:18:40 ----A---- C:\windows\system32\drivers\rdpwd.sys
2012-09-13 10:18:38 ----A---- C:\windows\system32\msi.dll
2012-09-13 10:18:37 ----A---- C:\windows\SYSWOW64\msi.dll
2012-09-13 10:18:31 ----A---- C:\windows\system32\crypt32.dll
2012-09-13 10:18:30 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2012-09-13 10:18:30 ----A---- C:\windows\SYSWOW64\cryptnet.dll
2012-09-13 10:18:30 ----A---- C:\windows\SYSWOW64\crypt32.dll
2012-09-13 10:18:30 ----A---- C:\windows\system32\cryptsvc.dll
2012-09-13 10:18:30 ----A---- C:\windows\system32\cryptnet.dll
2012-09-13 10:18:22 ----A---- C:\windows\SYSWOW64\netapi32.dll
2012-09-13 10:18:22 ----A---- C:\windows\SYSWOW64\browcli.dll
2012-09-13 10:18:22 ----A---- C:\windows\system32\netapi32.dll
2012-09-13 10:18:22 ----A---- C:\windows\system32\browser.dll
2012-09-13 10:18:22 ----A---- C:\windows\system32\browcli.dll
2012-09-13 10:18:16 ----A---- C:\windows\system32\KernelBase.dll
2012-09-13 10:18:16 ----A---- C:\windows\system32\kernel32.dll
2012-09-13 10:18:15 ----A---- C:\windows\SYSWOW64\setup16.exe
2012-09-13 10:18:15 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2012-09-13 10:18:15 ----A---- C:\windows\SYSWOW64\kernel32.dll
2012-09-13 10:18:15 ----A---- C:\windows\system32\wow64win.dll
2012-09-13 10:18:15 ----A---- C:\windows\system32\wow64.dll
2012-09-13 10:18:15 ----A---- C:\windows\system32\winsrv.dll
2012-09-13 10:18:15 ----A---- C:\windows\system32\conhost.exe
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-09-13 10:18:14 ----A---- C:\windows\SYSWOW64\wow32.dll
2012-09-13 10:18:14 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2012-09-13 10:18:14 ----A---- C:\windows\SYSWOW64\instnm.exe
2012-09-13 10:18:14 ----A---- C:\windows\system32\wow64cpu.dll
2012-09-13 10:18:14 ----A---- C:\windows\system32\ntvdm64.dll
2012-09-13 10:18:13 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-09-13 10:18:09 ----A---- C:\windows\SYSWOW64\user.exe
2012-09-13 10:18:08 ----A---- C:\windows\system32\umpnpmgr.dll
2012-09-13 10:18:07 ----A---- C:\windows\SYSWOW64\drvinst.exe
2012-09-13 10:18:07 ----A---- C:\windows\SYSWOW64\devrtl.dll
2012-09-13 10:18:07 ----A---- C:\windows\SYSWOW64\devobj.dll
2012-09-13 10:18:07 ----A---- C:\windows\SYSWOW64\cfgmgr32.dll
2012-09-13 10:18:06 ----A---- C:\windows\SYSWOW64\prevhost.exe
2012-09-13 10:18:06 ----A---- C:\windows\system32\prevhost.exe
2012-09-13 10:17:55 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2012-09-13 10:17:55 ----A---- C:\windows\system32\inetcomm.dll
2012-09-13 10:17:54 ----A---- C:\windows\SYSWOW64\msvcrt.dll
2012-09-13 10:17:54 ----A---- C:\windows\system32\msvcrt.dll
2012-09-13 10:17:49 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2012-09-13 10:17:49 ----A---- C:\windows\SYSWOW64\oleacc.dll
2012-09-13 10:17:49 ----A---- C:\windows\system32\oleaut32.dll
2012-09-13 10:17:49 ----A---- C:\windows\system32\oleacc.dll
2012-09-13 10:17:46 ----A---- C:\windows\system32\localspl.dll
2012-09-13 10:17:44 ----A---- C:\windows\system32\win32k.sys
2012-09-13 10:17:43 ----A---- C:\windows\SYSWOW64\EncDec.dll
2012-09-13 10:17:43 ----A---- C:\windows\system32\EncDec.dll
2012-09-13 10:17:32 ----A---- C:\windows\SYSWOW64\tzres.dll
2012-09-13 10:17:32 ----A---- C:\windows\system32\tzres.dll
2012-09-13 10:17:11 ----A---- C:\windows\SYSWOW64\cdosys.dll
2012-09-13 10:17:09 ----A---- C:\windows\system32\cdosys.dll
2012-09-13 10:17:03 ----A---- C:\windows\SYSWOW64\ntdll.dll
2012-09-13 10:17:03 ----A---- C:\windows\system32\ntdll.dll
2012-09-13 10:17:02 ----A---- C:\windows\SYSWOW64\packager.dll
2012-09-13 10:17:02 ----A---- C:\windows\system32\packager.dll
2012-09-13 10:07:32 ----A---- C:\windows\system32\rdpcore.dll
2012-09-13 10:07:31 ----A---- C:\windows\SYSWOW64\rdpcore.dll
2012-09-13 10:07:31 ----A---- C:\windows\system32\drivers\tdtcp.sys
2012-09-13 00:23:37 ----A---- C:\windows\system32\wuwebv.dll
2012-09-13 00:23:37 ----A---- C:\windows\system32\wuapp.exe
2012-09-12 19:38:14 ----D---- C:\windows\SYSWOW64\Macromed
2012-09-12 19:38:14 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2012-09-12 19:38:08 ----D---- C:\windows\system32\Macromed
2012-09-12 19:32:57 ----D---- C:\Program Files\CCleaner
2012-09-12 19:27:11 ----D---- C:\Users\admin\AppData\Roaming\Mozilla
2012-09-12 19:27:03 ----D---- C:\ProgramData\Mozilla
2012-09-12 19:27:02 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-12 19:26:57 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-12 18:42:32 ----A---- C:\windows\system32\drivers\aswSP.sys
2012-09-12 18:42:32 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2012-09-12 18:42:30 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2012-09-12 18:42:28 ----A---- C:\windows\system32\drivers\aswTdi.sys
2012-09-12 18:42:28 ----A---- C:\windows\system32\drivers\aswSnx.sys
2012-09-12 18:42:28 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2012-09-12 18:42:27 ----A---- C:\windows\system32\aswBoot.exe
2012-09-12 18:42:06 ----A---- C:\windows\SYSWOW64\aswBoot.exe
2012-09-12 18:42:06 ----A---- C:\windows\avastSS.scr
2012-09-12 18:41:56 ----D---- C:\ProgramData\AVAST Software
2012-09-12 18:41:56 ----D---- C:\Program Files\AVAST Software
2012-09-12 18:26:50 ----A---- C:\windows\system32\wups2.dll
2012-09-12 18:26:50 ----A---- C:\windows\system32\wucltux.dll
2012-09-12 18:26:50 ----A---- C:\windows\system32\wuauclt.exe
2012-09-12 18:26:49 ----A---- C:\windows\system32\wuaueng.dll
2012-09-12 18:26:36 ----A---- C:\windows\system32\wups.dll
2012-09-12 18:26:36 ----A---- C:\windows\system32\wudriver.dll
2012-09-12 18:26:35 ----A---- C:\windows\system32\wuapi.dll
======List of files/folders modified in the last 1 month======
2012-09-15 13:57:15 ----D---- C:\windows\Temp
2012-09-15 13:57:12 ----RD---- C:\Program Files
2012-09-15 13:40:18 ----D---- C:\windows\system32\config
2012-09-15 13:32:44 ----D---- C:\windows\System32
2012-09-15 13:32:44 ----D---- C:\windows\inf
2012-09-15 13:32:44 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-09-15 13:26:20 ----A---- C:\windows\SYSWOW64\log.txt
2012-09-15 13:26:07 ----D---- C:\Windows
2012-09-14 19:03:06 ----D---- C:\windows\Microsoft.NET
2012-09-14 19:02:45 ----RSD---- C:\windows\assembly
2012-09-14 13:48:58 ----SHD---- C:\windows\Installer
2012-09-14 13:48:29 ----D---- C:\windows\SYSWOW64\cs-CZ
2012-09-14 13:48:29 ----D---- C:\windows\system32\cs-CZ
2012-09-14 13:44:11 ----D---- C:\windows\SysWOW64
2012-09-14 13:44:06 ----D---- C:\windows\SYSWOW64\en-US
2012-09-14 13:44:06 ----D---- C:\windows\system32\en-US
2012-09-14 13:44:01 ----RD---- C:\Program Files (x86)
2012-09-14 13:42:45 ----SHD---- C:\System Volume Information
2012-09-14 11:39:55 ----D---- C:\windows\winsxs
2012-09-14 11:00:34 ----D---- C:\ProgramData\Adobe
2012-09-14 10:41:33 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-09-14 10:40:52 ----D---- C:\windows\system32\drivers
2012-09-14 10:40:51 ----D---- C:\windows\system32\DriverStore
2012-09-14 10:39:55 ----D---- C:\windows\system32\catroot
2012-09-14 10:08:28 ----D---- C:\Users\admin\AppData\Roaming\Adobe
2012-09-14 10:01:59 ----D---- C:\windows\system32\catroot2
2012-09-13 19:15:19 ----HD---- C:\ProgramData
2012-09-13 19:14:44 ----D---- C:\windows\debug
2012-09-13 17:58:10 ----D---- C:\windows\Prefetch
2012-09-13 17:58:05 ----D---- C:\windows\system32\wdi
2012-09-13 15:41:53 ----D---- C:\windows\ehome
2012-09-13 15:41:53 ----D---- C:\Program Files\Common Files\System
2012-09-13 15:41:52 ----RSD---- C:\windows\Fonts
2012-09-13 15:41:47 ----D---- C:\windows\AppPatch
2012-09-13 15:41:44 ----D---- C:\windows\SYSWOW64\migration
2012-09-13 15:41:44 ----D---- C:\windows\system32\migration
2012-09-13 15:41:44 ----D---- C:\Program Files\Internet Explorer
2012-09-13 15:41:44 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-13 15:41:39 ----D---- C:\Program Files\Windows Journal
2012-09-13 15:12:50 ----D---- C:\ProgramData\McAfee
2012-09-13 15:12:50 ----D---- C:\Program Files (x86)\McAfee
2012-09-13 15:12:50 ----D---- C:\Program Files (x86)\Common Files
2012-09-13 10:30:46 ----D---- C:\windows\Logs
2012-09-13 00:22:43 ----SD---- C:\ProgramData\Microsoft
2012-09-13 00:22:41 ----D---- C:\windows\SoftwareDistribution
2012-09-12 19:38:44 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft
2012-09-12 19:38:15 ----D---- C:\windows\Tasks
2012-09-12 19:38:15 ----D---- C:\windows\system32\Tasks
2012-09-12 19:33:25 ----D---- C:\windows\Panther
2012-09-12 19:21:37 ----D---- C:\ProgramData\Partner
2012-09-12 19:21:37 ----D---- C:\Program Files\Google
2012-09-12 19:21:37 ----D---- C:\Program Files (x86)\Google
2012-09-12 18:38:08 ----D---- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-03-03 540696]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-11 24680]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-08-21 54072]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-08-21 969200]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-08-21 359464]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-08-21 59728]
R1 EgisTecFF;EgisTecFF; C:\windows\system32\DRIVERS\EgisTecFF.sys [2011-11-25 55880]
R1 mwlPSDFilter;mwlPSDFilter; C:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-11-25 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-11-25 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-11-25 60464]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-08-21 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys); C:\windows\System32\Drivers\FPSensor.sys [2011-11-25 35888]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-03-02 1594368]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2010-04-08 54824]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-01-15 98344]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2010-01-15 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-01-15 21288]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-03-26 162304]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-07-28 10610400]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-06-02 2392296]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 vm331avs;Digital Camera 1; C:\windows\System32\Drivers\vm331avs.sys [2010-12-13 228736]
R3 vmuvcflt;Vimicro USB Camera Filter; C:\windows\System32\Drivers\vmuvcflt.sys [2010-08-16 8320]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-03-24 243744]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-04-20 903456]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EgisTec Data Security Service;EgisTec Data Security Service; C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-05-28 314736]
R2 EgisTec Service Help;EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-09-11 327024]
R2 EgisTec Service;EgisTec Service; C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-05-28 709488]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 268824]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-07-11 159336]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-07-11 1620584]
R2 RtLedService;RtLedService Installer; C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-02-05 311296]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 250568]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
zde vkládám nový log
Logfile of random's system information tool 1.09 (written by random/random)
Run by admin at 2012-09-15 13:57:12
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 399 GB (92%) free of 432 GB
Total RAM: 3828 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:57:15, on 15.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files\trend micro\admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEPwdBankBHO - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1003203924-2295340803-2642279603-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1003203924-2295340803-2642279603-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Data Security Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11452 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe"
C:\windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe"
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Realtek\RtLED\RtLEDService.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files\Realtek\RtLED\RtLED.exe"
WLIDSvcM.exe 2128
C:\windows\system32\svchost.exe -k bthsvcs
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\USB Camera\VM331_STI.EXE"
"C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"
"C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4120.a89ef20.1219101855 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 4120 "\\.\pipe\gecko-crash-server-pipe.4120" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe" --proxy-stub-channel=Flash4676.6B1FF168.41 --host-broker-channel=Flash4676.6B1FF168.18467 --host-pid=4676 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe" --channel=4712.0026F168.149387759 --proxy-stub-channel=Flash4676.6B1FF168.41 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll" --host-npapi-version=27 --type=renderer
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\windows\System32\svchost.exe -k secsvcs
"C:\windows\system32\wuauclt.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
C:\windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\admin\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yysg9bs7.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CBB761-DA41-4E31-B270-B13B4B0A61D0}]
IEPwdBankBHO Class - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll [2010-05-28 53616]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-08-09 161304]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-08-09 386584]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-08-09 415256]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-06-02 10821224]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-03-29 2598280]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [2010-04-12 4462496]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2010-03-18 7056800]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2009-09-30 111640]
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2010-01-15 536576]
"VitaKeyTSR"=C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [2010-05-28 376176]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-12-03 35184]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]
"UCam_Menu"=C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"YouCam Mirror Tray icon"=C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [2010-03-03 171104]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-03-11 407920]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-03-11 201584]
"PLTSR"=C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [2010-09-11 364400]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-07-28 271360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
EgisPwdFilter
EgisDSPwdFilter
EgisPLPwdFilter
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-09-15 13:57:12 ----D---- C:\rsit
2012-09-15 13:57:12 ----D---- C:\Program Files\trend micro
2012-09-14 13:44:01 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-09-14 11:07:20 ----D---- C:\Program Files (x86)\trend micro
2012-09-14 10:39:53 ----A---- C:\windows\system32\drivers\bthport.sys
2012-09-14 10:02:16 ----A---- C:\windows\system32\drivers\usbport.sys
2012-09-14 10:02:16 ----A---- C:\windows\system32\drivers\usbhub.sys
2012-09-14 10:02:16 ----A---- C:\windows\system32\drivers\usbehci.sys
2012-09-14 10:02:15 ----A---- C:\windows\system32\drivers\usbuhci.sys
2012-09-14 10:02:15 ----A---- C:\windows\system32\drivers\usbohci.sys
2012-09-14 10:02:15 ----A---- C:\windows\system32\drivers\usbd.sys
2012-09-14 10:02:15 ----A---- C:\windows\system32\drivers\usbccgp.sys
2012-09-14 10:02:15 ----A---- C:\windows\system32\drivers\BTHUSB.SYS
2012-09-14 10:02:10 ----A---- C:\windows\SYSWOW64\esent.dll
2012-09-14 10:02:10 ----A---- C:\windows\system32\fsutil.exe
2012-09-14 10:02:10 ----A---- C:\windows\system32\esent.dll
2012-09-14 10:02:10 ----A---- C:\windows\system32\drivers\ntfs.sys
2012-09-14 10:02:10 ----A---- C:\windows\system32\drivers\amdxata.sys
2012-09-14 10:02:09 ----A---- C:\windows\SYSWOW64\fsutil.exe
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\USBSTOR.SYS
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\storport.sys
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\nvstor.sys
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\nvraid.sys
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\iaStorV.sys
2012-09-14 10:02:09 ----A---- C:\windows\system32\drivers\amdsata.sys
2012-09-13 19:15:19 ----D---- C:\ProgramData\CyberLink
2012-09-13 19:15:18 ----D---- C:\Users\admin\AppData\Roaming\CyberLink
2012-09-13 15:41:46 ----D---- C:\windows\SYSWOW64\Wat
2012-09-13 15:41:46 ----D---- C:\windows\system32\Wat
2012-09-13 15:29:06 ----A---- C:\windows\system32\browserchoice.exe
2012-09-13 15:25:04 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2012-09-13 15:25:04 ----A---- C:\windows\system32\mshtmled.dll
2012-09-13 15:25:03 ----A---- C:\windows\SYSWOW64\urlmon.dll
2012-09-13 15:25:03 ----A---- C:\windows\SYSWOW64\url.dll
2012-09-13 15:25:03 ----A---- C:\windows\SYSWOW64\iertutil.dll
2012-09-13 15:25:03 ----A---- C:\windows\system32\urlmon.dll
2012-09-13 15:25:03 ----A---- C:\windows\system32\url.dll
2012-09-13 15:25:03 ----A---- C:\windows\system32\iertutil.dll
2012-09-13 15:25:02 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2012-09-13 15:25:02 ----A---- C:\windows\SYSWOW64\ieui.dll
2012-09-13 15:25:02 ----A---- C:\windows\system32\ieUnatt.exe
2012-09-13 15:25:02 ----A---- C:\windows\system32\ieui.dll
2012-09-13 15:25:01 ----A---- C:\windows\system32\jscript9.dll
2012-09-13 15:25:00 ----A---- C:\windows\SYSWOW64\wininet.dll
2012-09-13 15:25:00 ----A---- C:\windows\system32\wininet.dll
2012-09-13 15:25:00 ----A---- C:\windows\system32\jsproxy.dll
2012-09-13 15:24:59 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2012-09-13 15:24:59 ----A---- C:\windows\SYSWOW64\jscript9.dll
2012-09-13 15:24:59 ----A---- C:\windows\SYSWOW64\jscript.dll
2012-09-13 15:24:59 ----A---- C:\windows\system32\jscript.dll
2012-09-13 15:24:58 ----A---- C:\windows\SYSWOW64\mshtml.dll
2012-09-13 15:24:57 ----A---- C:\windows\system32\mshtml.dll
2012-09-13 15:24:55 ----A---- C:\windows\SYSWOW64\ieframe.dll
2012-09-13 15:24:55 ----A---- C:\windows\system32\ieframe.dll
2012-09-13 15:23:25 ----A---- C:\windows\system32\MRT.exe
2012-09-13 15:22:34 ----A---- C:\windows\SYSWOW64\wmi.dll
2012-09-13 15:22:34 ----A---- C:\windows\SYSWOW64\wintrust.dll
2012-09-13 15:22:34 ----A---- C:\windows\SYSWOW64\imagehlp.dll
2012-09-13 15:22:34 ----A---- C:\windows\system32\wmi.dll
2012-09-13 15:22:34 ----A---- C:\windows\system32\wintrust.dll
2012-09-13 15:22:34 ----A---- C:\windows\system32\imagehlp.dll
2012-09-13 15:22:34 ----A---- C:\windows\system32\drivers\fs_rec.sys
2012-09-13 10:20:35 ----A---- C:\windows\SYSWOW64\DWrite.dll
2012-09-13 10:20:35 ----A---- C:\windows\system32\DWrite.dll
2012-09-13 10:20:34 ----A---- C:\windows\system32\odbccu32.dll
2012-09-13 10:20:34 ----A---- C:\windows\system32\odbccr32.dll
2012-09-13 10:20:34 ----A---- C:\windows\system32\odbccp32.dll
2012-09-13 10:20:33 ----A---- C:\windows\SYSWOW64\odbctrac.dll
2012-09-13 10:20:33 ----A---- C:\windows\SYSWOW64\odbcjt32.dll
2012-09-13 10:20:33 ----A---- C:\windows\SYSWOW64\odbccu32.dll
2012-09-13 10:20:33 ----A---- C:\windows\SYSWOW64\odbccr32.dll
2012-09-13 10:20:33 ----A---- C:\windows\SYSWOW64\odbccp32.dll
2012-09-13 10:20:33 ----A---- C:\windows\system32\odbctrac.dll
2012-09-13 10:20:32 ----A---- C:\windows\SYSWOW64\xmllite.dll
2012-09-13 10:20:32 ----A---- C:\windows\system32\xmllite.dll
2012-09-13 10:20:29 ----A---- C:\windows\SYSWOW64\srclient.dll
2012-09-13 10:20:29 ----A---- C:\windows\system32\srcore.dll
2012-09-13 10:20:24 ----A---- C:\windows\SYSWOW64\poqexec.exe
2012-09-13 10:20:24 ----A---- C:\windows\system32\poqexec.exe
2012-09-13 10:20:23 ----A---- C:\windows\SYSWOW64\explorer.exe
2012-09-13 10:20:23 ----A---- C:\windows\explorer.exe
2012-09-13 10:20:21 ----A---- C:\windows\system32\tquery.dll
2012-09-13 10:20:20 ----A---- C:\windows\system32\SearchIndexer.exe
2012-09-13 10:20:20 ----A---- C:\windows\system32\mssrch.dll
2012-09-13 10:20:19 ----A---- C:\windows\SYSWOW64\mssrch.dll
2012-09-13 10:20:19 ----A---- C:\windows\system32\SearchProtocolHost.exe
2012-09-13 10:20:18 ----A---- C:\windows\SYSWOW64\tquery.dll
2012-09-13 10:20:18 ----A---- C:\windows\SYSWOW64\SearchProtocolHost.exe
2012-09-13 10:20:18 ----A---- C:\windows\SYSWOW64\SearchIndexer.exe
2012-09-13 10:20:18 ----A---- C:\windows\SYSWOW64\mssph.dll
2012-09-13 10:20:18 ----A---- C:\windows\system32\SearchFilterHost.exe
2012-09-13 10:20:18 ----A---- C:\windows\system32\mssph.dll
2012-09-13 10:20:17 ----A---- C:\windows\SYSWOW64\SearchFilterHost.exe
2012-09-13 10:20:17 ----A---- C:\windows\SYSWOW64\mssvp.dll
2012-09-13 10:20:17 ----A---- C:\windows\SYSWOW64\mssphtb.dll
2012-09-13 10:20:17 ----A---- C:\windows\SYSWOW64\msscntrs.dll
2012-09-13 10:20:17 ----A---- C:\windows\system32\mssvp.dll
2012-09-13 10:20:17 ----A---- C:\windows\system32\mssphtb.dll
2012-09-13 10:20:17 ----A---- C:\windows\system32\msscntrs.dll
2012-09-13 10:20:12 ----A---- C:\windows\SYSWOW64\ntshrui.dll
2012-09-13 10:20:12 ----A---- C:\windows\system32\ntshrui.dll
2012-09-13 10:20:11 ----A---- C:\windows\system32\quartz.dll
2012-09-13 10:20:10 ----A---- C:\windows\SYSWOW64\quartz.dll
2012-09-13 10:20:10 ----A---- C:\windows\SYSWOW64\qdvd.dll
2012-09-13 10:20:10 ----A---- C:\windows\system32\qdvd.dll
2012-09-13 10:20:07 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2012-09-13 10:20:07 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2012-09-13 10:20:07 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2012-09-13 10:20:05 ----A---- C:\windows\SYSWOW64\webio.dll
2012-09-13 10:20:05 ----A---- C:\windows\system32\webio.dll
2012-09-13 10:20:03 ----A---- C:\windows\system32\msxml6.dll
2012-09-13 10:20:02 ----A---- C:\windows\SYSWOW64\msxml6.dll
2012-09-13 10:20:02 ----A---- C:\windows\system32\msxml3.dll
2012-09-13 10:20:01 ----A---- C:\windows\SYSWOW64\msxml3r.dll
2012-09-13 10:20:01 ----A---- C:\windows\SYSWOW64\msxml3.dll
2012-09-13 10:20:01 ----A---- C:\windows\system32\msxml3r.dll
2012-09-13 10:20:00 ----A---- C:\windows\system32\csrsrv.dll
2012-09-13 10:19:58 ----A---- C:\windows\system32\win32spl.dll
2012-09-13 10:19:57 ----A---- C:\windows\SYSWOW64\win32spl.dll
2012-09-13 10:19:57 ----A---- C:\windows\system32\spoolsv.exe
2012-09-13 10:19:57 ----A---- C:\windows\splwow64.exe
2012-09-13 10:19:47 ----A---- C:\windows\SYSWOW64\XpsPrint.dll
2012-09-13 10:19:47 ----A---- C:\windows\system32\XpsPrint.dll
2012-09-13 10:19:45 ----A---- C:\windows\system32\shell32.dll
2012-09-13 10:19:42 ----A---- C:\windows\SYSWOW64\shell32.dll
2012-09-13 10:19:41 ----A---- C:\windows\system32\drivers\ndis.sys
2012-09-13 10:19:40 ----A---- C:\windows\system32\drivers\RNDISMP.sys
2012-09-13 10:19:39 ----A---- C:\windows\SYSWOW64\d3d10level9.dll
2012-09-13 10:19:39 ----A---- C:\windows\system32\d3d10level9.dll
2012-09-13 10:19:38 ----A---- C:\windows\system32\rdrmemptylst.exe
2012-09-13 10:19:38 ----A---- C:\windows\system32\rdpcorekmts.dll
2012-09-13 10:19:37 ----A---- C:\windows\system32\rdpwsx.dll
2012-09-13 10:19:29 ----A---- C:\windows\system32\schannel.dll
2012-09-13 10:19:29 ----A---- C:\windows\system32\drivers\cng.sys
2012-09-13 10:19:28 ----A---- C:\windows\SYSWOW64\schannel.dll
2012-09-13 10:19:28 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2012-09-13 10:19:28 ----A---- C:\windows\system32\ncrypt.dll
2012-09-13 10:19:28 ----A---- C:\windows\system32\lsass.exe
2012-09-13 10:19:28 ----A---- C:\windows\system32\lsasrv.dll
2012-09-13 10:19:28 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2012-09-13 10:19:28 ----A---- C:\windows\system32\drivers\ksecdd.sys
2012-09-13 10:19:27 ----A---- C:\windows\SYSWOW64\sspicli.dll
2012-09-13 10:19:27 ----A---- C:\windows\SYSWOW64\secur32.dll
2012-09-13 10:19:27 ----A---- C:\windows\system32\sspisrv.dll
2012-09-13 10:19:27 ----A---- C:\windows\system32\sspicli.dll
2012-09-13 10:19:27 ----A---- C:\windows\system32\secur32.dll
2012-09-13 10:19:25 ----A---- C:\windows\system32\drivers\tcpip.sys
2012-09-13 10:19:25 ----A---- C:\windows\system32\drivers\netio.sys
2012-09-13 10:19:24 ----A---- C:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 10:19:19 ----A---- C:\windows\system32\drivers\Diskdump.sys
2012-09-13 10:19:18 ----A---- C:\windows\system32\profsvc.dll
2012-09-13 10:19:16 ----A---- C:\windows\system32\ntoskrnl.exe
2012-09-13 10:19:15 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2012-09-13 10:19:14 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2012-09-13 10:18:46 ----A---- C:\windows\system32\drivers\srvnet.sys
2012-09-13 10:18:46 ----A---- C:\windows\system32\drivers\srv2.sys
2012-09-13 10:18:46 ----A---- C:\windows\system32\drivers\srv.sys
2012-09-13 10:18:46 ----A---- C:\windows\system32\drivers\afd.sys
2012-09-13 10:18:45 ----A---- C:\windows\system32\drivers\partmgr.sys
2012-09-13 10:18:44 ----A---- C:\windows\system32\psisdecd.dll
2012-09-13 10:18:43 ----A---- C:\windows\SYSWOW64\psisdecd.dll
2012-09-13 10:18:40 ----A---- C:\windows\system32\drivers\rdpwd.sys
2012-09-13 10:18:38 ----A---- C:\windows\system32\msi.dll
2012-09-13 10:18:37 ----A---- C:\windows\SYSWOW64\msi.dll
2012-09-13 10:18:31 ----A---- C:\windows\system32\crypt32.dll
2012-09-13 10:18:30 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2012-09-13 10:18:30 ----A---- C:\windows\SYSWOW64\cryptnet.dll
2012-09-13 10:18:30 ----A---- C:\windows\SYSWOW64\crypt32.dll
2012-09-13 10:18:30 ----A---- C:\windows\system32\cryptsvc.dll
2012-09-13 10:18:30 ----A---- C:\windows\system32\cryptnet.dll
2012-09-13 10:18:22 ----A---- C:\windows\SYSWOW64\netapi32.dll
2012-09-13 10:18:22 ----A---- C:\windows\SYSWOW64\browcli.dll
2012-09-13 10:18:22 ----A---- C:\windows\system32\netapi32.dll
2012-09-13 10:18:22 ----A---- C:\windows\system32\browser.dll
2012-09-13 10:18:22 ----A---- C:\windows\system32\browcli.dll
2012-09-13 10:18:16 ----A---- C:\windows\system32\KernelBase.dll
2012-09-13 10:18:16 ----A---- C:\windows\system32\kernel32.dll
2012-09-13 10:18:15 ----A---- C:\windows\SYSWOW64\setup16.exe
2012-09-13 10:18:15 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2012-09-13 10:18:15 ----A---- C:\windows\SYSWOW64\kernel32.dll
2012-09-13 10:18:15 ----A---- C:\windows\system32\wow64win.dll
2012-09-13 10:18:15 ----A---- C:\windows\system32\wow64.dll
2012-09-13 10:18:15 ----A---- C:\windows\system32\winsrv.dll
2012-09-13 10:18:15 ----A---- C:\windows\system32\conhost.exe
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-09-13 10:18:14 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-09-13 10:18:14 ----A---- C:\windows\SYSWOW64\wow32.dll
2012-09-13 10:18:14 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2012-09-13 10:18:14 ----A---- C:\windows\SYSWOW64\instnm.exe
2012-09-13 10:18:14 ----A---- C:\windows\system32\wow64cpu.dll
2012-09-13 10:18:14 ----A---- C:\windows\system32\ntvdm64.dll
2012-09-13 10:18:13 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-09-13 10:18:13 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-09-13 10:18:12 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-09-13 10:18:11 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-09-13 10:18:10 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-09-13 10:18:09 ----A---- C:\windows\SYSWOW64\user.exe
2012-09-13 10:18:08 ----A---- C:\windows\system32\umpnpmgr.dll
2012-09-13 10:18:07 ----A---- C:\windows\SYSWOW64\drvinst.exe
2012-09-13 10:18:07 ----A---- C:\windows\SYSWOW64\devrtl.dll
2012-09-13 10:18:07 ----A---- C:\windows\SYSWOW64\devobj.dll
2012-09-13 10:18:07 ----A---- C:\windows\SYSWOW64\cfgmgr32.dll
2012-09-13 10:18:06 ----A---- C:\windows\SYSWOW64\prevhost.exe
2012-09-13 10:18:06 ----A---- C:\windows\system32\prevhost.exe
2012-09-13 10:17:55 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2012-09-13 10:17:55 ----A---- C:\windows\system32\inetcomm.dll
2012-09-13 10:17:54 ----A---- C:\windows\SYSWOW64\msvcrt.dll
2012-09-13 10:17:54 ----A---- C:\windows\system32\msvcrt.dll
2012-09-13 10:17:49 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2012-09-13 10:17:49 ----A---- C:\windows\SYSWOW64\oleacc.dll
2012-09-13 10:17:49 ----A---- C:\windows\system32\oleaut32.dll
2012-09-13 10:17:49 ----A---- C:\windows\system32\oleacc.dll
2012-09-13 10:17:46 ----A---- C:\windows\system32\localspl.dll
2012-09-13 10:17:44 ----A---- C:\windows\system32\win32k.sys
2012-09-13 10:17:43 ----A---- C:\windows\SYSWOW64\EncDec.dll
2012-09-13 10:17:43 ----A---- C:\windows\system32\EncDec.dll
2012-09-13 10:17:32 ----A---- C:\windows\SYSWOW64\tzres.dll
2012-09-13 10:17:32 ----A---- C:\windows\system32\tzres.dll
2012-09-13 10:17:11 ----A---- C:\windows\SYSWOW64\cdosys.dll
2012-09-13 10:17:09 ----A---- C:\windows\system32\cdosys.dll
2012-09-13 10:17:03 ----A---- C:\windows\SYSWOW64\ntdll.dll
2012-09-13 10:17:03 ----A---- C:\windows\system32\ntdll.dll
2012-09-13 10:17:02 ----A---- C:\windows\SYSWOW64\packager.dll
2012-09-13 10:17:02 ----A---- C:\windows\system32\packager.dll
2012-09-13 10:07:32 ----A---- C:\windows\system32\rdpcore.dll
2012-09-13 10:07:31 ----A---- C:\windows\SYSWOW64\rdpcore.dll
2012-09-13 10:07:31 ----A---- C:\windows\system32\drivers\tdtcp.sys
2012-09-13 00:23:37 ----A---- C:\windows\system32\wuwebv.dll
2012-09-13 00:23:37 ----A---- C:\windows\system32\wuapp.exe
2012-09-12 19:38:14 ----D---- C:\windows\SYSWOW64\Macromed
2012-09-12 19:38:14 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2012-09-12 19:38:08 ----D---- C:\windows\system32\Macromed
2012-09-12 19:32:57 ----D---- C:\Program Files\CCleaner
2012-09-12 19:27:11 ----D---- C:\Users\admin\AppData\Roaming\Mozilla
2012-09-12 19:27:03 ----D---- C:\ProgramData\Mozilla
2012-09-12 19:27:02 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-12 19:26:57 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-12 18:42:32 ----A---- C:\windows\system32\drivers\aswSP.sys
2012-09-12 18:42:32 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2012-09-12 18:42:30 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2012-09-12 18:42:28 ----A---- C:\windows\system32\drivers\aswTdi.sys
2012-09-12 18:42:28 ----A---- C:\windows\system32\drivers\aswSnx.sys
2012-09-12 18:42:28 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2012-09-12 18:42:27 ----A---- C:\windows\system32\aswBoot.exe
2012-09-12 18:42:06 ----A---- C:\windows\SYSWOW64\aswBoot.exe
2012-09-12 18:42:06 ----A---- C:\windows\avastSS.scr
2012-09-12 18:41:56 ----D---- C:\ProgramData\AVAST Software
2012-09-12 18:41:56 ----D---- C:\Program Files\AVAST Software
2012-09-12 18:26:50 ----A---- C:\windows\system32\wups2.dll
2012-09-12 18:26:50 ----A---- C:\windows\system32\wucltux.dll
2012-09-12 18:26:50 ----A---- C:\windows\system32\wuauclt.exe
2012-09-12 18:26:49 ----A---- C:\windows\system32\wuaueng.dll
2012-09-12 18:26:36 ----A---- C:\windows\system32\wups.dll
2012-09-12 18:26:36 ----A---- C:\windows\system32\wudriver.dll
2012-09-12 18:26:35 ----A---- C:\windows\system32\wuapi.dll
======List of files/folders modified in the last 1 month======
2012-09-15 13:57:15 ----D---- C:\windows\Temp
2012-09-15 13:57:12 ----RD---- C:\Program Files
2012-09-15 13:40:18 ----D---- C:\windows\system32\config
2012-09-15 13:32:44 ----D---- C:\windows\System32
2012-09-15 13:32:44 ----D---- C:\windows\inf
2012-09-15 13:32:44 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-09-15 13:26:20 ----A---- C:\windows\SYSWOW64\log.txt
2012-09-15 13:26:07 ----D---- C:\Windows
2012-09-14 19:03:06 ----D---- C:\windows\Microsoft.NET
2012-09-14 19:02:45 ----RSD---- C:\windows\assembly
2012-09-14 13:48:58 ----SHD---- C:\windows\Installer
2012-09-14 13:48:29 ----D---- C:\windows\SYSWOW64\cs-CZ
2012-09-14 13:48:29 ----D---- C:\windows\system32\cs-CZ
2012-09-14 13:44:11 ----D---- C:\windows\SysWOW64
2012-09-14 13:44:06 ----D---- C:\windows\SYSWOW64\en-US
2012-09-14 13:44:06 ----D---- C:\windows\system32\en-US
2012-09-14 13:44:01 ----RD---- C:\Program Files (x86)
2012-09-14 13:42:45 ----SHD---- C:\System Volume Information
2012-09-14 11:39:55 ----D---- C:\windows\winsxs
2012-09-14 11:00:34 ----D---- C:\ProgramData\Adobe
2012-09-14 10:41:33 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-09-14 10:40:52 ----D---- C:\windows\system32\drivers
2012-09-14 10:40:51 ----D---- C:\windows\system32\DriverStore
2012-09-14 10:39:55 ----D---- C:\windows\system32\catroot
2012-09-14 10:08:28 ----D---- C:\Users\admin\AppData\Roaming\Adobe
2012-09-14 10:01:59 ----D---- C:\windows\system32\catroot2
2012-09-13 19:15:19 ----HD---- C:\ProgramData
2012-09-13 19:14:44 ----D---- C:\windows\debug
2012-09-13 17:58:10 ----D---- C:\windows\Prefetch
2012-09-13 17:58:05 ----D---- C:\windows\system32\wdi
2012-09-13 15:41:53 ----D---- C:\windows\ehome
2012-09-13 15:41:53 ----D---- C:\Program Files\Common Files\System
2012-09-13 15:41:52 ----RSD---- C:\windows\Fonts
2012-09-13 15:41:47 ----D---- C:\windows\AppPatch
2012-09-13 15:41:44 ----D---- C:\windows\SYSWOW64\migration
2012-09-13 15:41:44 ----D---- C:\windows\system32\migration
2012-09-13 15:41:44 ----D---- C:\Program Files\Internet Explorer
2012-09-13 15:41:44 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-13 15:41:39 ----D---- C:\Program Files\Windows Journal
2012-09-13 15:12:50 ----D---- C:\ProgramData\McAfee
2012-09-13 15:12:50 ----D---- C:\Program Files (x86)\McAfee
2012-09-13 15:12:50 ----D---- C:\Program Files (x86)\Common Files
2012-09-13 10:30:46 ----D---- C:\windows\Logs
2012-09-13 00:22:43 ----SD---- C:\ProgramData\Microsoft
2012-09-13 00:22:41 ----D---- C:\windows\SoftwareDistribution
2012-09-12 19:38:44 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft
2012-09-12 19:38:15 ----D---- C:\windows\Tasks
2012-09-12 19:38:15 ----D---- C:\windows\system32\Tasks
2012-09-12 19:33:25 ----D---- C:\windows\Panther
2012-09-12 19:21:37 ----D---- C:\ProgramData\Partner
2012-09-12 19:21:37 ----D---- C:\Program Files\Google
2012-09-12 19:21:37 ----D---- C:\Program Files (x86)\Google
2012-09-12 18:38:08 ----D---- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-03-03 540696]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-11 24680]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-08-21 54072]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-08-21 969200]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-08-21 359464]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-08-21 59728]
R1 EgisTecFF;EgisTecFF; C:\windows\system32\DRIVERS\EgisTecFF.sys [2011-11-25 55880]
R1 mwlPSDFilter;mwlPSDFilter; C:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-11-25 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-11-25 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-11-25 60464]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-08-21 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys); C:\windows\System32\Drivers\FPSensor.sys [2011-11-25 35888]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-03-02 1594368]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2010-04-08 54824]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-01-15 98344]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2010-01-15 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-01-15 21288]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-03-26 162304]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-07-28 10610400]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-06-02 2392296]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 vm331avs;Digital Camera 1; C:\windows\System32\Drivers\vm331avs.sys [2010-12-13 228736]
R3 vmuvcflt;Vimicro USB Camera Filter; C:\windows\System32\Drivers\vmuvcflt.sys [2010-08-16 8320]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-03-24 243744]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-04-20 903456]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EgisTec Data Security Service;EgisTec Data Security Service; C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-05-28 314736]
R2 EgisTec Service Help;EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-09-11 327024]
R2 EgisTec Service;EgisTec Service; C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-05-28 709488]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 268824]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-07-11 159336]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-07-11 1620584]
R2 RtLedService;RtLedService Installer; C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-02-05 311296]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 250568]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Re: Prosím o kontrolu
Nevidim nic nebezpecneho. Je s notasem nejaky problem?
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)
Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
:services
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"UpdateP2GShortCut"=-
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu
No, problém jako takový nepozoruji, ale brouzdala jsem po netu a jak se tak stává, narazila jsem na infikovanou stránku, kterou mi naštěstí zablokoval Avast... 
ale znáte to, noťas je nový, jako dárek, takže se chci ujistit, že je vše v pořádku a nic se mi sem nestáhlo škodlivého
Zde je log:
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
->Temp folder emptied: 111051 bytes
->Temporary Internet Files folder emptied: 65737 bytes
->FireFox cache emptied: 71434516 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13194938 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 81.00 mb
[EMPTYFLASH]
User: admin
->Flash cache emptied: 0 bytes
User: All Users
User: Default
User: Default User
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
C:\windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IgfxTray not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GShortCut deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 09152012_150618
ale znáte to, noťas je nový, jako dárek, takže se chci ujistit, že je vše v pořádku a nic se mi sem nestáhlo škodlivého Zde je log:
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
->Temp folder emptied: 111051 bytes
->Temporary Internet Files folder emptied: 65737 bytes
->FireFox cache emptied: 71434516 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13194938 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 81.00 mb
[EMPTYFLASH]
User: admin
->Flash cache emptied: 0 bytes
User: All Users
User: Default
User: Default User
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
C:\windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IgfxTray not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GShortCut deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 09152012_150618
Re: Prosím o kontrolu
jasan, chapu, jistota je gulomet 
V logu nic nevidim a jestli nejsou problemy melo by byt cisto. Ale protoze RSIT samozrejme neukaze vsechno, projedte to preventivne s MBAM, at mame jistotu, ze tam nekde nejaky ten broucek precejen nelezi.
Udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu
Děkuju za pochopení a hlavně, za pomoc 
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.0.1400
www.malwarebytes.org
Verze databáze: v2012.09.15.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: ADMIN-PC [administrátor]
Ochrana: Povolena
15.9.2012 15:46:30
mbam-log-2012-09-15 (15-46-30).txt
Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 305448
Uplynulý čas: 32 minut, 12 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.0.1400
www.malwarebytes.org
Verze databáze: v2012.09.15.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: ADMIN-PC [administrátor]
Ochrana: Povolena
15.9.2012 15:46:30
mbam-log-2012-09-15 (15-46-30).txt
Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 305448
Uplynulý čas: 32 minut, 12 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Re: Prosím o kontrolu
MBAM hlasi cisto, coz jsem ocekaval Takze myslim, ze muzete byt klidna, zatim je pc cisty
MBAM zase odinstalujte
Vsechny tyto programy - vcetne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)
Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.
Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
No a jestli tedy neni zadny problem, bude to asi vsechno
A nemate vubec zac, rado se stalo I kdyz vlastne ani nestalo, pac pc byl v poradku 
Takze myslim, ze muzete byt klidna, zatim je pc cisty MBAM zase odinstalujte Vsechny tyto programy - vcetne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce) Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.
Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustteKliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
No a jestli tedy neni zadny problem, bude to asi vsechno
A nemate vubec zac, rado se stalo
I kdyz vlastne ani nestalo, pac pc byl v poradku Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu
Děkuji, jste velice hodný... O víkendu jsem měla takový menší problém se systémem, takže jsem jej musela obnovit...tím pádem se vše smazalo....Doufám, že se to nebude opakovat častěji 
Takže ještě jednou děkuji a přeji hezký den.
O víkendu jsem měla takový menší problém se systémem, takže jsem jej musela obnovit...tím pádem se vše smazalo....Doufám, že se to nebude opakovat častěji Takže ještě jednou děkuji a přeji hezký den.
Re: Prosím o kontrolu
Dobry vecer
To je mi lito
Muzete byt trosku konkretnejsi?
Tim obnovit system myslite pouziti bodu obnovy k datu, kdy fungoval? Nebo reinstal?
Pokud jste nechytla nic cerstveho, nebude to kvuli haveti. Ale tezko takhle hadat, potreboval bych vice informaci.
Kazdopadne kdyby se to opakovalo, urcite se ozvete a udelame hloubkovou kontrolu, vcetne hardware
Snad to ale byla jen hloupa nahoda a uz vse pobezi na jednicku
Jeste jednou, nemate vubec zac! Mejte se 
To je mi lito
Muzete byt trosku konkretnejsi? Tim obnovit system myslite pouziti bodu obnovy k datu, kdy fungoval? Nebo reinstal?
Pokud jste nechytla nic cerstveho, nebude to kvuli haveti. Ale tezko takhle hadat, potreboval bych vice informaci.
Kazdopadne kdyby se to opakovalo, urcite se ozvete a udelame hloubkovou kontrolu, vcetne hardware
Snad to ale byla jen hloupa nahoda a uz vse pobezi na jednicku
Jeste jednou, nemate vubec zac!
Mejte se Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu
Dobrý den i Vám
Vše fungovalo v pořádku do té doby, než jsem chtěla večer zapnout noťas a po zapnutí se objevila jen prázdná stránka s kurzorem myši...nenaběhly ikonky, plocha...zkrátka nic. V příručce bylo řešení problémů, takže jsem si z toho vydedukovala, že se to stává asi často...Jako řešení problému psali obnovit systém buď ze zálohy(kterou jsem v té době neudělala, protože jsem měla noťas teprve týden), nebo obnovit na stav z výroby. Funguje na to program OneKey Recovery. Znáte to, rodiče byli vynervovaní a naštvaní zároveň, přece jenom to měl být dárek za maturitu a po týdnu se stane toto.... Takže jsem to musela obnovit na stav z výroby, tudíž v konečném důsledku to vypadalo tak, jako kdybych měla doma opět nový model....to, co jsem si uložila za programy, fotky....vše zmizelo....
Musím říct, že jsem byla z toho trochu v šoku, teď pokaždé s napětím zapínám notebook a čekám, zda se to nestane znovu...dalo mi to ale to, že už si zálohy dělám (pro všechny případy). Musím zatím zaťukat, od soboty (kdy se to stalo), vše funguje.
Velice Vám děkuji za Váš zájem, nesetkávám se moc s lidmi, které zajímají problémy druhých....velice si toho vážím
Vše fungovalo v pořádku do té doby, než jsem chtěla večer zapnout noťas a po zapnutí se objevila jen prázdná stránka s kurzorem myši...nenaběhly ikonky, plocha...zkrátka nic. V příručce bylo řešení problémů, takže jsem si z toho vydedukovala, že se to stává asi často...Jako řešení problému psali obnovit systém buď ze zálohy(kterou jsem v té době neudělala, protože jsem měla noťas teprve týden), nebo obnovit na stav z výroby. Funguje na to program OneKey Recovery. Znáte to, rodiče byli vynervovaní a naštvaní zároveň, přece jenom to měl být dárek za maturitu a po týdnu se stane toto....
Takže jsem to musela obnovit na stav z výroby, tudíž v konečném důsledku to vypadalo tak, jako kdybych měla doma opět nový model....to, co jsem si uložila za programy, fotky....vše zmizelo....Musím říct, že jsem byla z toho trochu v šoku, teď pokaždé s napětím zapínám notebook a čekám, zda se to nestane znovu...dalo mi to ale to, že už si zálohy dělám (pro všechny případy).
Musím zatím zaťukat, od soboty (kdy se to stalo), vše funguje. Velice Vám děkuji za Váš zájem, nesetkávám se moc s lidmi, které zajímají problémy druhých....velice si toho vážím
Re: Prosím o kontrolu
A nefungoval treba aspon nouzovy rezim? Nebo neslo dat "posledni znama funkcni konfigurace"?
Pouziti bodu obnovy by mozna taky slo. Ta funkce byva prednastavena a bod obnovy se dela kazdy den.
Ale samozrejme to jen strilim, nevidel jsem to a ted uz to nezjistime
S tou zalohou je to docela bezny jev. Nikdo ji nedela, dokud se mu nestane neco takoveho. Vy jste mela stesti, ze to bylo relativne brzy, takze jste tam jeste nestacila dat moc veci. Ale znam lidi, co prisli o fotky za 5 let!!!
Takze vsechno zle je k necemu dobre, jak se rika
Je to tady pro nas vsechny relax, bavi nas to a mame radost, kdyz ma na konci leceni radost i "pacient"
Vas sice po par dnech presla , ale snad jste si to uz vybrala a ted uz to bude bezchybne slouzit az do pocitacoveho duchodu
A kdyby byl precejen problem, ozvete se, pokud mozno jeste pred reinstalem, zkusime to vyresit Temer vzdy se da jeste neco zachranit, akorat to chce cas a trpelivost si s tim pohrat
Mejte se krasne a treba nekdy u preventivky
Pouziti bodu obnovy by mozna taky slo. Ta funkce byva prednastavena a bod obnovy se dela kazdy den.
Ale samozrejme to jen strilim, nevidel jsem to a ted uz to nezjistime
S tou zalohou je to docela bezny jev. Nikdo ji nedela, dokud se mu nestane neco takoveho. Vy jste mela stesti, ze to bylo relativne brzy, takze jste tam jeste nestacila dat moc veci. Ale znam lidi, co prisli o fotky za 5 let!!!
Takze vsechno zle je k necemu dobre, jak se rika
Je to tady pro nas vsechny relax, bavi nas to a mame radost, kdyz ma na konci leceni radost i "pacient"
Vas sice po par dnech presla
, ale snad jste si to uz vybrala a ted uz to bude bezchybne slouzit az do pocitacoveho duchodu A kdyby byl precejen problem, ozvete se, pokud mozno jeste pred reinstalem, zkusime to vyresit
Temer vzdy se da jeste neco zachranit, akorat to chce cas a trpelivost si s tim pohrat Mejte se krasne a treba nekdy u preventivky
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu
Musím říct, že nějaké základní informace, co se týče nouzového režimu, sice mám, ale obávám se, že když by přišlo na věc, vůbec bych nevěděla, co dělat...proto obdivuji všechny, kdo se dokážou orientovat v problému a dokážou si jej vyřešit....
Vzala jsem si z toho to pozitivní... A máte pravdu, moc osobních věcí jsem tam ještě neměla...
Musím říct, že už jsem si s pc taky zažila své...trojský kůň, pak odešel monitor....asi před měsícem nám na stolním pc odešla grafická karta...takže se opravdu nenudím... Zároveň se ale člověk stává opatrnějším a hledá způsoby, jak mnoha věcem předejít....
Přístup všech rádců a moderátorů na tomto webu je vidět. Vím, že vše děláte na úkor soukromého času, určitě máte své zaměstnání....o to víc je to cennější a měli bychom to všichni ocenit.
Ráda bych s Vámi pokračovala v komunikaci, ale vím, že zde je prostor pouze pro preventivky a hledání problémů...
Mějte se také krásně a přeji mnoho dalších spokojených ,,pacientů"
Vzala jsem si z toho to pozitivní...
A máte pravdu, moc osobních věcí jsem tam ještě neměla... Musím říct, že už jsem si s pc taky zažila své...trojský kůň, pak odešel monitor....asi před měsícem nám na stolním pc odešla grafická karta...takže se opravdu nenudím...
Zároveň se ale člověk stává opatrnějším a hledá způsoby, jak mnoha věcem předejít....Přístup všech rádců a moderátorů na tomto webu je vidět. Vím, že vše děláte na úkor soukromého času, určitě máte své zaměstnání....o to víc je to cennější a měli bychom to všichni ocenit.
Ráda bych s Vámi pokračovala v komunikaci, ale vím, že zde je prostor pouze pro preventivky a hledání problémů...
Mějte se také krásně a přeji mnoho dalších spokojených ,,pacientů"
Re: Prosím o kontrolu
Nepodcenujte se, urcite byste si s tim nouzakem poradila. Neni to nic tezkeho
Dekuji za sebe, i za cely tym, za pochvalu
Tak ja poslu mailem vira a muzem si zase neco napsat
Diky za prani
Dekuji za sebe, i za cely tym, za pochvalu
Tak ja poslu mailem vira a muzem si zase neco napsat
Diky za prani
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu
Myslíte? 
Nejsem si tak jistá, jestli bych si poradila
Nemáte za co, určitě Vás to potěší....
Děkuju krásně, tak jsem to nemyslela, že bychom si povídali zrovna o viru...
Nejsem si tak jistá, jestli bych si poradila Nemáte za co, určitě Vás to potěší....
Děkuju krásně, tak jsem to nemyslela, že bychom si povídali zrovna o viru...
Naposledy upravil(a) Vernika dne 21 zář 2012 15:51, celkem upraveno 1 x.
Přispějete na provoz fóra?