.Velice vám děkuji za váš čas a přeji ničím nerušený, vydatný spánek.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Neznámá infekce, prosím o kontrolu.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Zayl
- Návštěvník
- Příspěvky: 12
- Registrován: 23 kvě 2006 11:42
- Bydliště: Right behind you ...
- Kontaktovat uživatele:
Re: Neznámá infekce, prosím o kontrolu.
Rozumím, PC zatím vypadá dobře, hlubší zkoušku však provedu nejspíš až zítra, jelikož za 5 hodin vstávám .
Velice vám děkuji za váš čas a přeji ničím nerušený, vydatný spánek.
.Velice vám děkuji za váš čas a přeji ničím nerušený, vydatný spánek.
Welcome
this transmission
from a fallen star
Light has departed
from this black sun...
this transmission
from a fallen star
Light has departed
from this black sun...
Re: Neznámá infekce, prosím o kontrolu.
Spustte OTL-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
:COMMANDS
[Reboot]
-Následně se pc restartuje.
- Log vložte zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Zayl
- Návštěvník
- Příspěvky: 12
- Registrován: 23 kvě 2006 11:42
- Bydliště: Right behind you ...
- Kontaktovat uživatele:
Re: Neznámá infekce, prosím o kontrolu.
Dobrý den,
Log z OTL
OTL logfile created on: 4.3.2010 12:04:32 - Run 4
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Zayl\Desktop
Windows Vista Home Premium Edition Service Pack 3 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 12,96 Gb Free Space | 13,76% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 25,09 Gb Free Space | 12,86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MILAN-PC
Current User Name: Zayl
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
PRC - [2010.02.19 06:58:43 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.02.11 19:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- D:\avast\AvastUI.exe
PRC - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\avast\AvastSvc.exe
PRC - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.08.14 03:15:56 | 000,356,352 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.14 03:15:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.30 20:15:46 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009.07.30 20:15:44 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009.07.27 03:37:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009.05.30 11:09:41 | 000,768,688 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2008.11.25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.13 12:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.24 00:50:56 | 000,192,512 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2008.04.29 10:36:46 | 000,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008.04.25 13:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.03.08 00:58:00 | 000,208,896 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisKeyState.exe
PRC - [2008.03.04 01:30:20 | 000,258,048 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2008.02.08 07:33:34 | 000,091,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.02.08 07:33:30 | 038,510,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.DABAZE\MSSQL\Binn\sqlservr.exe
PRC - [2008.01.21 03:23:52 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.15 23:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2008.01.11 21:16:00 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007.08.17 13:40:30 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2004.06.16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
========== Modules (SafeList) ==========
MOD - [2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
MOD - [2009.05.20 20:33:04 | 000,047,792 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusionHookx86.dll
MOD - [2008.01.21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.02.20 09:52:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- D:\avast\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- D:\avast\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.08.14 03:15:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.04.22 22:45:34 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.11.25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2008.11.25 05:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.06.20 02:14:31 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.22 00:57:50 | 000,092,792 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008.04.29 10:36:46 | 000,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2008.04.25 13:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.02.28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.02.08 07:33:34 | 000,091,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.02.08 07:33:30 | 038,510,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.DABAZE\MSSQL\Binn\sqlservr.exe -- (MSSQL$DABAZE) SQL Server (DABAZE)
SRV - [2008.02.08 07:33:26 | 000,246,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.02.08 07:33:26 | 000,043,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.15 23:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.11.02 13:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006.10.26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
========== Driver Services (SafeList) ==========
DRV - [2010.02.11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.02.11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.02.11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.02.11 19:38:45 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.02.11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.02.03 13:36:22 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009.08.14 05:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.08.12 11:20:53 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.08.12 11:20:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.07.27 03:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.05.06 16:42:08 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys.14082952 -- (sptd)
DRV - [2009.04.12 22:51:26 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008.06.13 16:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.05.22 00:57:38 | 000,034,576 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2008.04.28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.04.11 16:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.04.03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008.03.18 23:00:00 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.02.14 13:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.02.08 07:27:36 | 000,239,128 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0101.sys -- (RsFx0101)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:27 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.08.17 14:12:28 | 000,190,512 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006.11.01 14:42:14 | 000,033,280 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2003.04.28 19:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\S-1-5-21-686728410-4016434104-3882101393-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.4.10
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.19 06:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.19 06:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2009.05.05 21:41:21 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Extensions
[2010.03.03 20:16:18 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions
[2009.08.02 10:25:59 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.02.28 19:44:38 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.01.19 09:42:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.19 09:42:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.30 10:24:43 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010.01.30 10:24:49 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\foxmarks@kei.com
[2010.03.03 20:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.23 10:05:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.23 10:05:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.23 10:05:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.23 10:05:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.23 10:05:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.03.03 21:49:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] D:\avast\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.)
O4 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001..\Run: [uTorrent] C:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zayl\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zayl\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.03.03 22:11:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.03.03 22:11:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.03.03 22:11:36 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Local\temp
[2010.03.03 21:56:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.03.03 21:56:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.03.03 21:56:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.03.03 21:56:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.03.03 21:56:01 | 000,000,000 | ---D | C] -- C:\Potvora
[2010.03.03 21:55:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.03.03 21:55:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.03.03 21:40:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.03.03 19:22:13 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
[2010.03.03 15:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.03.03 14:51:00 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.03.03 14:50:59 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.03.03 14:50:58 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.03.03 14:50:58 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.03.03 14:50:56 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.03.03 14:50:30 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.03.03 14:50:30 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.03.03 14:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.03.01 17:47:23 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.03.01 17:47:23 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.03.01 17:47:23 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.03.01 17:45:21 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.03.01 17:45:21 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.03.01 17:45:16 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.03.01 17:45:16 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.03.01 17:45:11 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.03.01 17:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\PC Tools
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.03.01 16:54:27 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.01 16:19:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\runouce.exe
[2010.03.01 16:18:07 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010.03.01 16:18:06 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010.03.01 16:18:05 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2010.03.01 16:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010.03.01 16:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010.02.27 23:23:25 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\gothic3
[2010.02.27 23:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010.02.27 23:15:14 | 000,073,728 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\System32\ISUSPM.cpl
[2010.02.27 20:51:50 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\progs
[2010.02.27 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\isos
[2010.02.27 20:45:11 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\skola
[2010.02.27 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\txt
[2010.02.27 20:42:21 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\images
[2010.02.24 13:51:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.02.24 13:51:01 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.02.24 13:51:01 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.02.24 13:51:01 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.02.24 13:51:01 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.02.24 13:51:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.02.24 13:51:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.02.24 13:51:00 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.02.24 13:51:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.02.24 13:51:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.02.20 12:29:56 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\Mumble
[2010.02.20 11:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2010.02.20 10:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.02.20 10:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010.02.20 09:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.02.20 09:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.02.19 23:08:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.02.19 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\Bioshock2
[2010.02.19 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\Bioshock2
[2010.02.19 22:56:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.02.19 22:52:03 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.02.19 22:52:03 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.02.19 22:52:03 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.02.19 22:52:03 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.02.19 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\Heroes of Newerth
[2010.02.19 21:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2010.02.12 18:10:06 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\DAModder
[2010.02.10 22:24:04 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\TS3Client
[2010.02.10 22:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010.02.10 19:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010.02.10 13:10:14 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\EVE
[2010.02.10 13:10:05 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Local\CCP
[2010.02.10 12:30:08 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\EVEMon
[2010.02.10 12:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\EVEMon
[2010.02.10 12:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CCP
[2010.02.10 07:24:21 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.02.10 07:24:21 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.02.10 07:24:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.02.10 07:24:14 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.02.10 07:24:14 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.02.10 07:24:14 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.02.10 07:24:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.02.06 23:31:43 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\trash
[2010.02.03 13:36:22 | 000,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.03.04 12:08:18 | 004,194,304 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT
[2010.03.04 12:02:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.04 12:02:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.04 12:02:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.04 12:02:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.04 12:01:29 | 000,524,288 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.03.04 12:01:29 | 000,065,536 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.03.03 22:58:16 | 002,866,787 | -H-- | M] () -- C:\Users\Zayl\AppData\Local\IconCache.db
[2010.03.03 22:29:07 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5AFFE2BC-8763-471D-9476-460F5AE1B7B9}.job
[2010.03.03 22:08:11 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.03.03 21:49:54 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.03.03 21:47:46 | 004,118,254 | R--- | M] () -- C:\Users\Zayl\Desktop\Potvora.exe
[2010.03.03 20:04:43 | 259,877,514 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
[2010.03.03 19:19:53 | 000,001,710 | ---- | M] () -- C:\Users\Zayl\Desktop\CCleaner.lnk
[2010.03.03 17:57:36 | 000,012,444 | ---- | M] () -- C:\Users\Zayl\Desktop\Milion a jeden hlas.docx
[2010.03.03 17:34:20 | 000,170,119 | ---- | M] () -- C:\Users\Zayl\Desktop\1267618076435.jpg
[2010.03.03 14:51:01 | 000,000,554 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.03.03 14:50:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.03.02 20:26:35 | 001,515,664 | ---- | M] () -- C:\Users\Zayl\Desktop\sapkowski-saga-1-krev-elfu.pdf
[2010.03.02 20:09:32 | 000,252,926 | ---- | M] () -- C:\Users\Zayl\Desktop\1267543246306.jpg
[2010.03.01 17:45:15 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.03.01 16:18:06 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010.03.01 16:18:05 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010.03.01 16:18:04 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2010.02.25 22:50:23 | 000,101,232 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010.02.25 06:52:42 | 000,101,232 | ---- | M] () -- C:\Users\Zayl\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.25 06:51:22 | 002,305,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.02.22 21:56:02 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.02.20 12:30:26 | 000,002,378 | ---- | M] () -- C:\Users\Zayl\Documents\MumbleAutomaticCertificateBackup.p12
[2010.02.20 11:15:29 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.02.19 21:39:57 | 000,001,750 | ---- | M] () -- C:\Users\Zayl\Desktop\Heroes of Newerth.lnk
[2010.02.11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.02.11 19:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.02.11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.02.11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.02.11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.02.11 19:38:45 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.02.11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.02.10 19:27:51 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.02.05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.02.05 09:18:02 | 000,100,136 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.02.05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.02.04 10:01:14 | 000,528,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.02.04 10:01:14 | 000,238,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.02.04 10:01:14 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.02.04 10:01:14 | 000,022,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.02.03 13:36:22 | 000,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.03.03 21:56:10 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.03.03 21:56:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.03.03 21:56:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.03.03 21:56:10 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.03.03 21:56:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.03.03 21:46:45 | 004,118,254 | R--- | C] () -- C:\Users\Zayl\Desktop\Potvora.exe
[2010.03.03 19:43:59 | 259,877,514 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.03.03 19:25:31 | 000,293,376 | ---- | C] () -- C:\Users\Zayl\Desktop\gmer.exe
[2010.03.03 17:34:19 | 000,170,119 | ---- | C] () -- C:\Users\Zayl\Desktop\1267618076435.jpg
[2010.03.03 14:51:01 | 000,000,554 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.03.02 22:16:02 | 000,012,444 | ---- | C] () -- C:\Users\Zayl\Desktop\Milion a jeden hlas.docx
[2010.03.02 20:26:35 | 001,515,664 | ---- | C] () -- C:\Users\Zayl\Desktop\sapkowski-saga-1-krev-elfu.pdf
[2010.03.02 20:09:31 | 000,252,926 | ---- | C] () -- C:\Users\Zayl\Desktop\1267543246306.jpg
[2010.03.01 17:47:23 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.03.01 17:47:23 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.03.01 17:47:23 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.03.01 17:47:23 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.03.01 17:47:23 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.03.01 17:45:21 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.03.01 17:45:16 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.03.01 17:45:16 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.03.01 17:45:15 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.03.01 17:45:11 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.03.01 16:18:05 | 000,000,522 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest
[2010.02.20 12:30:26 | 000,002,378 | ---- | C] () -- C:\Users\Zayl\Documents\MumbleAutomaticCertificateBackup.p12
[2010.02.20 11:15:29 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.02.19 21:39:57 | 000,001,750 | ---- | C] () -- C:\Users\Zayl\Desktop\Heroes of Newerth.lnk
[2010.02.10 19:27:48 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.12.24 13:18:49 | 000,000,319 | ---- | C] () -- C:\Windows\CoDUO.INI
[2009.12.23 10:00:09 | 000,000,709 | ---- | C] () -- C:\Windows\CoD.INI
[2009.11.27 17:19:12 | 000,000,092 | ---- | C] () -- C:\Users\Zayl\AppData\Local\fusioncache.dat
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.11.03 14:04:22 | 000,353,792 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009.11.03 14:04:22 | 000,107,520 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2009.11.01 14:00:47 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.10.29 16:04:16 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.10.29 16:04:16 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.09.24 13:32:26 | 000,000,635 | ---- | C] () -- C:\Windows\Sta2.INI
[2009.08.30 15:06:21 | 000,144,384 | ---- | C] () -- C:\Windows\System32\miccyhook.dll
[2009.07.25 00:02:10 | 000,138,376 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.19 19:52:27 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.06.19 19:52:27 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.06.19 19:46:58 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.05.17 20:18:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.05.08 19:03:43 | 010,059,776 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009.05.06 13:46:53 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.05.06 13:44:11 | 000,008,192 | ---- | C] () -- C:\Users\Zayl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.06 12:22:15 | 000,000,185 | ---- | C] () -- C:\Users\Zayl\AppData\Local\RAExpertHistory.xml
[2008.10.23 22:28:12 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.10.23 22:27:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.22 00:56:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008.04.25 13:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\NSREG.DLL
========== Custom Scans ==========
< :OTL >
< PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) >
< @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2 >
< @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 >
< O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found >
< IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559 >
Invalid Switch: search.conduit.com?SearchSource= ... =CT1750559
< >
< :COMMANDS >
< [Reboot] >
========== Alternate Data Streams ==========
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Log z OTL
OTL logfile created on: 4.3.2010 12:04:32 - Run 4
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Zayl\Desktop
Windows Vista Home Premium Edition Service Pack 3 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 12,96 Gb Free Space | 13,76% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 25,09 Gb Free Space | 12,86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MILAN-PC
Current User Name: Zayl
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
PRC - [2010.02.19 06:58:43 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.02.11 19:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- D:\avast\AvastUI.exe
PRC - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\avast\AvastSvc.exe
PRC - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.08.14 03:15:56 | 000,356,352 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.14 03:15:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.30 20:15:46 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009.07.30 20:15:44 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009.07.27 03:37:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009.05.30 11:09:41 | 000,768,688 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2008.11.25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.13 12:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.24 00:50:56 | 000,192,512 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2008.04.29 10:36:46 | 000,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008.04.25 13:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.03.08 00:58:00 | 000,208,896 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisKeyState.exe
PRC - [2008.03.04 01:30:20 | 000,258,048 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2008.02.08 07:33:34 | 000,091,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.02.08 07:33:30 | 038,510,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.DABAZE\MSSQL\Binn\sqlservr.exe
PRC - [2008.01.21 03:23:52 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.15 23:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2008.01.11 21:16:00 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007.08.17 13:40:30 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2004.06.16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
========== Modules (SafeList) ==========
MOD - [2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
MOD - [2009.05.20 20:33:04 | 000,047,792 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusionHookx86.dll
MOD - [2008.01.21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.02.20 09:52:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- D:\avast\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- D:\avast\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.08.14 03:15:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.04.22 22:45:34 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.11.25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2008.11.25 05:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.06.20 02:14:31 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.22 00:57:50 | 000,092,792 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008.04.29 10:36:46 | 000,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2008.04.25 13:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.02.28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.02.08 07:33:34 | 000,091,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.02.08 07:33:30 | 038,510,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.DABAZE\MSSQL\Binn\sqlservr.exe -- (MSSQL$DABAZE) SQL Server (DABAZE)
SRV - [2008.02.08 07:33:26 | 000,246,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.02.08 07:33:26 | 000,043,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.15 23:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.11.02 13:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006.10.26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
========== Driver Services (SafeList) ==========
DRV - [2010.02.11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.02.11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.02.11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.02.11 19:38:45 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.02.11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.02.03 13:36:22 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009.08.14 05:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.08.12 11:20:53 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.08.12 11:20:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.07.27 03:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.05.06 16:42:08 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys.14082952 -- (sptd)
DRV - [2009.04.12 22:51:26 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008.06.13 16:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.05.22 00:57:38 | 000,034,576 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2008.04.28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.04.11 16:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.04.03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008.03.18 23:00:00 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.02.14 13:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.02.08 07:27:36 | 000,239,128 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0101.sys -- (RsFx0101)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:27 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.08.17 14:12:28 | 000,190,512 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006.11.01 14:42:14 | 000,033,280 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2003.04.28 19:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\S-1-5-21-686728410-4016434104-3882101393-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.4.10
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.19 06:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.19 06:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2009.05.05 21:41:21 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Extensions
[2010.03.03 20:16:18 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions
[2009.08.02 10:25:59 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.02.28 19:44:38 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.01.19 09:42:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.19 09:42:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.30 10:24:43 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010.01.30 10:24:49 | 000,000,000 | ---D | M] -- C:\Users\Zayl\AppData\Roaming\Mozilla\Firefox\Profiles\yx7gflp2.default\extensions\foxmarks@kei.com
[2010.03.03 20:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.23 10:05:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.23 10:05:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.23 10:05:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.23 10:05:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.23 10:05:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.03.03 21:49:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] D:\avast\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.)
O4 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001..\Run: [uTorrent] C:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-686728410-4016434104-3882101393-1001_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zayl\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zayl\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.03.03 22:11:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.03.03 22:11:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.03.03 22:11:36 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Local\temp
[2010.03.03 21:56:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.03.03 21:56:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.03.03 21:56:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.03.03 21:56:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.03.03 21:56:01 | 000,000,000 | ---D | C] -- C:\Potvora
[2010.03.03 21:55:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.03.03 21:55:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.03.03 21:40:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.03.03 19:22:13 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
[2010.03.03 15:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.03.03 14:51:00 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.03.03 14:50:59 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.03.03 14:50:58 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.03.03 14:50:58 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.03.03 14:50:56 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.03.03 14:50:30 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.03.03 14:50:30 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.03.03 14:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.03.01 17:47:23 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.03.01 17:47:23 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.03.01 17:47:23 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.03.01 17:45:21 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.03.01 17:45:21 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.03.01 17:45:16 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.03.01 17:45:16 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.03.01 17:45:11 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.03.01 17:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\PC Tools
[2010.03.01 17:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.03.01 16:54:27 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.01 16:19:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\runouce.exe
[2010.03.01 16:18:07 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010.03.01 16:18:06 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010.03.01 16:18:05 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2010.03.01 16:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010.03.01 16:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010.02.27 23:23:25 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\gothic3
[2010.02.27 23:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010.02.27 23:15:14 | 000,073,728 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\System32\ISUSPM.cpl
[2010.02.27 20:51:50 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\progs
[2010.02.27 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\isos
[2010.02.27 20:45:11 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\skola
[2010.02.27 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\txt
[2010.02.27 20:42:21 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\images
[2010.02.24 13:51:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.02.24 13:51:01 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.02.24 13:51:01 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.02.24 13:51:01 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.02.24 13:51:01 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.02.24 13:51:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.02.24 13:51:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.02.24 13:51:00 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.02.24 13:51:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.02.24 13:51:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.02.20 12:29:56 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\Mumble
[2010.02.20 11:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2010.02.20 10:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.02.20 10:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010.02.20 09:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.02.20 09:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.02.19 23:08:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.02.19 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\Bioshock2
[2010.02.19 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\Bioshock2
[2010.02.19 22:56:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.02.19 22:52:03 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.02.19 22:52:03 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.02.19 22:52:03 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.02.19 22:52:03 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.02.19 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\Heroes of Newerth
[2010.02.19 21:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2010.02.12 18:10:06 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\DAModder
[2010.02.10 22:24:04 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\TS3Client
[2010.02.10 22:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010.02.10 19:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010.02.10 13:10:14 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Documents\EVE
[2010.02.10 13:10:05 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Local\CCP
[2010.02.10 12:30:08 | 000,000,000 | ---D | C] -- C:\Users\Zayl\AppData\Roaming\EVEMon
[2010.02.10 12:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\EVEMon
[2010.02.10 12:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CCP
[2010.02.10 07:24:21 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.02.10 07:24:21 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.02.10 07:24:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.02.10 07:24:14 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.02.10 07:24:14 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.02.10 07:24:14 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.02.10 07:24:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.02.06 23:31:43 | 000,000,000 | ---D | C] -- C:\Users\Zayl\Desktop\trash
[2010.02.03 13:36:22 | 000,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.03.04 12:08:18 | 004,194,304 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT
[2010.03.04 12:02:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.04 12:02:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.04 12:02:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.04 12:02:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.04 12:01:29 | 000,524,288 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.03.04 12:01:29 | 000,065,536 | -HS- | M] () -- C:\Users\Zayl\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.03.03 22:58:16 | 002,866,787 | -H-- | M] () -- C:\Users\Zayl\AppData\Local\IconCache.db
[2010.03.03 22:29:07 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5AFFE2BC-8763-471D-9476-460F5AE1B7B9}.job
[2010.03.03 22:08:11 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.03.03 21:49:54 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.03.03 21:47:46 | 004,118,254 | R--- | M] () -- C:\Users\Zayl\Desktop\Potvora.exe
[2010.03.03 20:04:43 | 259,877,514 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.03.03 19:22:22 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Zayl\Desktop\OTL.exe
[2010.03.03 19:19:53 | 000,001,710 | ---- | M] () -- C:\Users\Zayl\Desktop\CCleaner.lnk
[2010.03.03 17:57:36 | 000,012,444 | ---- | M] () -- C:\Users\Zayl\Desktop\Milion a jeden hlas.docx
[2010.03.03 17:34:20 | 000,170,119 | ---- | M] () -- C:\Users\Zayl\Desktop\1267618076435.jpg
[2010.03.03 14:51:01 | 000,000,554 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.03.03 14:50:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.03.02 20:26:35 | 001,515,664 | ---- | M] () -- C:\Users\Zayl\Desktop\sapkowski-saga-1-krev-elfu.pdf
[2010.03.02 20:09:32 | 000,252,926 | ---- | M] () -- C:\Users\Zayl\Desktop\1267543246306.jpg
[2010.03.01 17:45:15 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.03.01 16:18:06 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010.03.01 16:18:05 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010.03.01 16:18:04 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2010.02.25 22:50:23 | 000,101,232 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010.02.25 06:52:42 | 000,101,232 | ---- | M] () -- C:\Users\Zayl\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.25 06:51:22 | 002,305,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.02.22 21:56:02 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.02.20 12:30:26 | 000,002,378 | ---- | M] () -- C:\Users\Zayl\Documents\MumbleAutomaticCertificateBackup.p12
[2010.02.20 11:15:29 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.02.19 21:39:57 | 000,001,750 | ---- | M] () -- C:\Users\Zayl\Desktop\Heroes of Newerth.lnk
[2010.02.11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.02.11 19:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.02.11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.02.11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.02.11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.02.11 19:38:45 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.02.11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.02.10 19:27:51 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.02.05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.02.05 09:18:02 | 000,100,136 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.02.05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.02.04 10:01:14 | 000,528,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.02.04 10:01:14 | 000,238,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.02.04 10:01:14 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.02.04 10:01:14 | 000,022,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.02.03 13:36:22 | 000,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.03.03 21:56:10 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.03.03 21:56:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.03.03 21:56:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.03.03 21:56:10 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.03.03 21:56:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.03.03 21:46:45 | 004,118,254 | R--- | C] () -- C:\Users\Zayl\Desktop\Potvora.exe
[2010.03.03 19:43:59 | 259,877,514 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.03.03 19:25:31 | 000,293,376 | ---- | C] () -- C:\Users\Zayl\Desktop\gmer.exe
[2010.03.03 17:34:19 | 000,170,119 | ---- | C] () -- C:\Users\Zayl\Desktop\1267618076435.jpg
[2010.03.03 14:51:01 | 000,000,554 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.03.02 22:16:02 | 000,012,444 | ---- | C] () -- C:\Users\Zayl\Desktop\Milion a jeden hlas.docx
[2010.03.02 20:26:35 | 001,515,664 | ---- | C] () -- C:\Users\Zayl\Desktop\sapkowski-saga-1-krev-elfu.pdf
[2010.03.02 20:09:31 | 000,252,926 | ---- | C] () -- C:\Users\Zayl\Desktop\1267543246306.jpg
[2010.03.01 17:47:23 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.03.01 17:47:23 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.03.01 17:47:23 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.03.01 17:47:23 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.03.01 17:47:23 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.03.01 17:45:21 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.03.01 17:45:16 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.03.01 17:45:16 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.03.01 17:45:15 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.03.01 17:45:11 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.03.01 16:18:05 | 000,000,522 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest
[2010.02.20 12:30:26 | 000,002,378 | ---- | C] () -- C:\Users\Zayl\Documents\MumbleAutomaticCertificateBackup.p12
[2010.02.20 11:15:29 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010.02.19 21:39:57 | 000,001,750 | ---- | C] () -- C:\Users\Zayl\Desktop\Heroes of Newerth.lnk
[2010.02.10 19:27:48 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.12.24 13:18:49 | 000,000,319 | ---- | C] () -- C:\Windows\CoDUO.INI
[2009.12.23 10:00:09 | 000,000,709 | ---- | C] () -- C:\Windows\CoD.INI
[2009.11.27 17:19:12 | 000,000,092 | ---- | C] () -- C:\Users\Zayl\AppData\Local\fusioncache.dat
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.11.03 14:04:22 | 000,353,792 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009.11.03 14:04:22 | 000,107,520 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2009.11.01 14:00:47 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.10.29 16:04:16 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.10.29 16:04:16 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.09.24 13:32:26 | 000,000,635 | ---- | C] () -- C:\Windows\Sta2.INI
[2009.08.30 15:06:21 | 000,144,384 | ---- | C] () -- C:\Windows\System32\miccyhook.dll
[2009.07.25 00:02:10 | 000,138,376 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.19 19:52:27 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.06.19 19:52:27 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.06.19 19:46:58 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.05.17 20:18:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.05.08 19:03:43 | 010,059,776 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009.05.06 13:46:53 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.05.06 13:44:11 | 000,008,192 | ---- | C] () -- C:\Users\Zayl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.06 12:22:15 | 000,000,185 | ---- | C] () -- C:\Users\Zayl\AppData\Local\RAExpertHistory.xml
[2008.10.23 22:28:12 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.10.23 22:27:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.22 00:56:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008.04.25 13:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\NSREG.DLL
========== Custom Scans ==========
< :OTL >
< PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) >
< @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2 >
< @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 >
< O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found >
< IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559 >
Invalid Switch: search.conduit.com?SearchSource= ... =CT1750559
< >
< :COMMANDS >
< [Reboot] >
========== Alternate Data Streams ==========
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Welcome
this transmission
from a fallen star
Light has departed
from this black sun...
this transmission
from a fallen star
Light has departed
from this black sun...
Re: Neznámá infekce, prosím o kontrolu.
Znáte tuto složku?C:\Users\Zayl\Documents\gothic3
Jak to vypadá spočítačem?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Zayl
- Návštěvník
- Příspěvky: 12
- Registrován: 23 kvě 2006 11:42
- Bydliště: Right behind you ...
- Kontaktovat uživatele:
Re: Neznámá infekce, prosím o kontrolu.
Znám je silné slovo, ale nevypadá nebezpečně, nejpíše zbytek instalace Gothicu 3.
PC jede dobře, alespoň natolik kolik se dá od Vist očekávat
Doufám tedy že můžeme případ uzavřít.
Moc děkuji za Váš čas a přeji Vám samé dobré věci
PC jede dobře, alespoň natolik kolik se dá od Vist očekávat
Doufám tedy že můžeme případ uzavřít.
Moc děkuji za Váš čas a přeji Vám samé dobré věci
Welcome
this transmission
from a fallen star
Light has departed
from this black sun...
this transmission
from a fallen star
Light has departed
from this black sun...
Re: Neznámá infekce, prosím o kontrolu.
Ještě poprosím o nový log ze Rsitu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Zayl
- Návštěvník
- Příspěvky: 12
- Registrován: 23 kvě 2006 11:42
- Bydliště: Right behind you ...
- Kontaktovat uživatele:
Re: Neznámá infekce, prosím o kontrolu.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Zayl at 2010-03-04 13:47:08
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 13 GB (14%) free of 96 GB
Total RAM: 2813 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:11, on 4.3.2010
Platform: Windows Vista SP3 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\WisKeyState.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Miranda IM\miranda32.exe
D:\ul\RSIT.exe
C:\Program Files\trend micro\Zayl.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [WisKeyState] "C:\Program Files\Launch Manager\WisKeyState.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast5] D:\avast\avastUI.exe /nogui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\avast\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 6173 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{5AFFE2BC-8763-471D-9476-460F5AE1B7B9}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-13 6183456]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400]
"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2008-05-24 192512]
"WisKeyState"=C:\Program Files\Launch Manager\WisKeyState.exe [2008-03-08 208896]
"LMgrVolOSD"=C:\Program Files\Launch Manager\OSD.exe [2008-03-04 258048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-27 180224]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"avast5"=D:\avast\avastUI.exe [2010-02-11 2756488]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2010-02-25 319280]
"DisplayFusion"=C:\Program Files\DisplayFusion\DisplayFusion.exe [2009-05-30 768688]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-28 149280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-03-03 22:11:38 ----SHD---- C:\$RECYCLE.BIN
2010-03-03 22:11:36 ----D---- C:\Windows\temp
2010-03-03 22:11:35 ----A---- C:\ComboFix.txt
2010-03-03 21:56:10 ----A---- C:\Windows\zip.exe
2010-03-03 21:56:10 ----A---- C:\Windows\SWSC.exe
2010-03-03 21:56:10 ----A---- C:\Windows\SWREG.exe
2010-03-03 21:56:10 ----A---- C:\Windows\sed.exe
2010-03-03 21:56:10 ----A---- C:\Windows\PEV.exe
2010-03-03 21:56:10 ----A---- C:\Windows\NIRCMD.exe
2010-03-03 21:56:10 ----A---- C:\Windows\MBR.exe
2010-03-03 21:56:10 ----A---- C:\Windows\grep.exe
2010-03-03 21:56:02 ----D---- C:\Windows\ERDNT
2010-03-03 21:56:01 ----D---- C:\Potvora
2010-03-03 21:55:40 ----D---- C:\Qoobox
2010-03-03 21:55:25 ----A---- C:\Windows\SWXCACLS.exe
2010-03-03 21:40:45 ----D---- C:\_OTL
2010-03-03 19:51:18 ----A---- C:\Windows\ntbtlog.txt
2010-03-03 15:48:42 ----D---- C:\Program Files\trend micro
2010-03-03 14:50:30 ----A---- C:\Windows\system32\aswBoot.exe
2010-03-03 14:50:27 ----D---- C:\ProgramData\Alwil Software
2010-03-01 17:47:23 ----A---- C:\Windows\SGDetectionTool.dll
2010-03-01 17:47:23 ----A---- C:\Windows\PCTBDRes.dll
2010-03-01 17:47:23 ----A---- C:\Windows\PCTBDCore.dll
2010-03-01 17:47:23 ----A---- C:\Windows\BDTSupport.dll
2010-03-01 17:45:01 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-01 17:45:00 ----D---- C:\Users\Zayl\AppData\Roaming\PC Tools
2010-03-01 17:45:00 ----D---- C:\ProgramData\PC Tools
2010-03-01 17:45:00 ----D---- C:\Program Files\Spyware Doctor
2010-03-01 16:54:27 ----D---- C:\rsit
2010-03-01 16:19:50 ----AD---- C:\Windows\system32\runouce.exe
2010-03-01 16:18:07 ----A---- C:\Windows\system32\msvcr80.dll
2010-03-01 16:18:06 ----A---- C:\Windows\system32\msvcp80.dll
2010-03-01 16:18:05 ----A---- C:\Windows\system32\eEmpty.exe
2010-03-01 16:18:01 ----D---- C:\Program Files\Common Files\MicroWorld
2010-03-01 16:17:59 ----D---- C:\ProgramData\MicroWorld
2010-02-27 23:15:27 ----D---- C:\ProgramData\InstallShield
2010-02-24 13:51:14 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 13:51:01 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 13:51:01 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 13:51:00 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 13:51:00 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 13:51:00 ----A---- C:\Windows\system32\msdrm.dll
2010-02-20 12:29:56 ----D---- C:\Users\Zayl\AppData\Roaming\Mumble
2010-02-20 11:15:09 ----D---- C:\Program Files\Mumble
2010-02-20 10:12:11 ----D---- C:\ProgramData\FLEXnet
2010-02-20 10:00:27 ----D---- C:\Program Files\Adobe Media Player
2010-02-20 09:56:48 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-20 09:52:10 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-02-19 23:08:35 ----D---- C:\Users\Zayl\AppData\Roaming\Bioshock2
2010-02-19 22:56:31 ----SHD---- C:\ProgramData\SecuROM
2010-02-19 22:52:03 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-02-19 22:52:03 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-02-19 22:52:03 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-02-19 22:52:03 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-02-19 21:39:39 ----D---- C:\Program Files\Heroes of Newerth
2010-02-10 22:24:04 ----D---- C:\Users\Zayl\AppData\Roaming\TS3Client
2010-02-10 22:23:43 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-02-10 19:27:49 ----D---- C:\Program Files\Ventrilo
2010-02-10 19:27:48 ----A---- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-02-10 12:30:08 ----D---- C:\Users\Zayl\AppData\Roaming\EVEMon
2010-02-10 12:30:05 ----D---- C:\Program Files\EVEMon
2010-02-10 12:06:52 ----D---- C:\ProgramData\CCP
2010-02-10 07:24:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 07:24:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 07:24:14 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\avicap32.dll
======List of files/folders modified in the last 1 months======
2010-03-04 12:21:39 ----D---- C:\Windows
2010-03-04 12:03:32 ----D---- C:\Users\Zayl\AppData\Roaming\uTorrent
2010-03-04 12:03:17 ----D---- C:\Program Files\Mozilla Firefox
2010-03-04 12:02:38 ----AD---- C:\ProgramData\TEMP
2010-03-03 22:56:40 ----SD---- C:\ProgramData\Microsoft
2010-03-03 22:11:00 ----D---- C:\Windows\Tasks
2010-03-03 22:08:11 ----N---- C:\Windows\system.ini
2010-03-03 22:06:48 ----D---- C:\Windows\system32\drivers
2010-03-03 22:06:47 ----D---- C:\Windows\System32
2010-03-03 22:03:18 ----D---- C:\Windows\AppPatch
2010-03-03 22:03:17 ----D---- C:\Program Files\Common Files
2010-03-03 21:56:16 ----D---- C:\Windows\Prefetch
2010-03-03 21:56:02 ----D---- C:\Windows\system32\catroot2
2010-03-03 21:40:47 ----D---- C:\Program Files\Launch Manager
2010-03-03 21:40:47 ----D---- C:\Program Files\BS_Player
2010-03-03 20:04:52 ----D---- C:\Windows\Minidump
2010-03-03 15:48:42 ----RD---- C:\Program Files
2010-03-03 14:50:53 ----SHD---- C:\Windows\Installer
2010-03-03 14:50:52 ----D---- C:\Windows\winsxs
2010-03-03 14:50:27 ----D---- C:\ProgramData
2010-03-03 07:07:09 ----D---- C:\Windows\system32\WDI
2010-03-02 19:32:25 ----D---- C:\Users\Zayl\AppData\Roaming\BSplayer
2010-03-01 16:39:04 ----DC---- C:\Windows\system32\DRVSTORE
2010-03-01 16:39:04 ----D---- C:\ProgramData\Lavasoft
2010-03-01 16:11:45 ----D---- C:\docasna_slozka
2010-02-27 23:16:44 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-27 23:15:14 ----SD---- C:\Windows\Downloaded Program Files
2010-02-27 23:15:14 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-27 23:11:59 ----RSD---- C:\Windows\assembly
2010-02-26 06:56:38 ----D---- C:\Program Files\uTorrent
2010-02-25 12:15:15 ----D---- C:\Windows\rescache
2010-02-25 06:50:19 ----D---- C:\Windows\system32\cs-CZ
2010-02-25 06:50:17 ----RSD---- C:\Windows\Fonts
2010-02-24 23:14:06 ----D---- C:\Windows\system32\catroot
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-22 21:56:02 ----A---- C:\Windows\NeroDigital.ini
2010-02-20 22:33:36 ----SD---- C:\Users\Zayl\AppData\Roaming\Microsoft
2010-02-20 18:48:54 ----D---- C:\Users\Zayl\AppData\Roaming\Adobe
2010-02-20 10:03:07 ----D---- C:\ProgramData\Adobe
2010-02-20 10:01:56 ----D---- C:\Program Files\Common Files\Adobe
2010-02-20 09:54:52 ----D---- C:\Program Files\Adobe
2010-02-19 22:52:04 ----D---- C:\Windows\system32\directx
2010-02-19 22:38:31 ----D---- C:\Users\Zayl\AppData\Roaming\Winamp
2010-02-19 18:57:45 ----D---- C:\Windows\Debug
2010-02-11 07:21:02 ----D---- C:\Program Files\Windows Mail
2010-02-10 19:31:06 ----D---- C:\Users\Zayl\AppData\Roaming\Ventrilo
2010-02-10 19:27:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-08 14:39:47 ----D---- C:\Users\Zayl\AppData\Roaming\IrfanView
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2008-01-21 75264]
R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 nsiproxy;NSI proxy service; C:\Windows\system32\drivers\nsiproxy.sys [2008-01-21 16384]
R1 RDPENCDD;RDP Encoder Mirror Driver; C:\Windows\system32\drivers\rdpencdd.sys [2008-01-21 6144]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2008-01-21 66560]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2008-01-21 71680]
R1 Wanarpv6;Remote Access IPv6 ARP Driver; C:\Windows\system32\DRIVERS\wanarp.sys [2008-01-21 62464]
R1 ws2ifsl;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\Windows\system32\drivers\ws2ifsl.sys [2008-01-21 15872]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-08-12 279712]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-08-12 25888]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2008-01-21 47104]
R2 luafv;UAC File Virtualization; C:\Windows\system32\drivers\luafv.sys [2008-01-21 84480]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2006-11-02 878080]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2008-01-21 60416]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2008-01-21 30208]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-03-18 903680]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-14 5172224]
R3 bowser;Bowser; C:\Windows\system32\DRIVERS\bowser.sys [2008-01-21 69632]
R3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2008-08-29 625152]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2008-01-21 53760]
R3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys [2008-01-21 12288]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-13 2152344]
R3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2008-01-21 181304]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\Windows\system32\DRIVERS\monitor.sys [2008-01-21 41984]
R3 mouhid;Ovladač HID myši; C:\Windows\system32\DRIVERS\mouhid.sys [2008-01-21 15872]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2008-01-21 64000]
R3 mrxsmb10;SMB 1.x MiniRedirector; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2009-12-04 212992]
R3 mrxsmb20;SMB 2.0 MiniRedirector; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2008-01-21 78848]
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2008-05-20 148480]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2008-01-21 69120]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 srv2;srv2; C:\Windows\System32\DRIVERS\srv2.sys [2009-09-14 144896]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-12-11 98304]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-17 190512]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunmp.sys [2008-01-21 15360]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2008-01-21 23040]
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\Windows\system32\DRIVERS\umbus.sys [2008-01-21 34816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbehci.sys [2008-01-21 39424]
R3 usbhub;USB2 Enabled Hub; C:\Windows\system32\DRIVERS\usbhub.sys [2008-01-21 194560]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys [2008-01-21 19456]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\drivers\agp440.sys [2008-01-21 56376]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2008-01-21 57400]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 5248]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\system32\drivers\brusbser.sys [2006-11-02 11904]
S3 catchme;catchme; \??\C:\Users\Zayl\AppData\Local\Temp\catchme.sys []
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G60I32.sys [2008-01-21 118784]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2008-01-21 136192]
S3 Filetrace;FileTrace; C:\Windows\system32\drivers\filetrace.sys [2008-01-21 27648]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\drivers\gagp30kx.sys [2008-01-21 61496]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Zayl\AppData\Local\Temp\JNLEF7F.tmp []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2008-01-21 163384]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2008-05-22 34576]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\drivers\nv_agp.sys [2008-01-21 109112]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2008-01-21 31232]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\WNt500x86\Sandra.sys [2009-04-12 26216]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\drivers\sffp_mmc.sys [2008-01-21 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\drivers\sffp_sd.sys [2008-01-21 11776]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2008-01-21 55864]
S3 Tcpip6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-12-08 897624]
S3 tssecsrv;Terminal Services Security Filter Driver; C:\Windows\System32\DRIVERS\tssecsrv.sys [2008-01-21 23552]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\drivers\uagp35.sys [2008-01-21 59448]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\drivers\uliagpkx.sys [2008-01-21 60984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys [2008-01-21 73216]
S3 usbprint;Třída USB Printer; C:\Windows\system32\DRIVERS\usbprint.sys [2008-01-21 18944]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2008-01-21 55296]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2008-01-21 26112]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2008-01-21 56888]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 adp94xx;adp94xx; C:\Windows\system32\drivers\adp94xx.sys [2008-01-21 422968]
S4 adpahci;adpahci; C:\Windows\system32\drivers\adpahci.sys [2008-01-21 300600]
S4 adpu320;adpu320; C:\Windows\system32\drivers\adpu320.sys [2008-01-21 149560]
S4 amdide;amdide; C:\Windows\system32\drivers\amdide.sys [2008-01-21 17976]
S4 AmdK7;AMD K7 Processor Driver; C:\Windows\system32\drivers\amdk7.sys [2008-01-21 41472]
S4 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\drivers\amdk8.sys [2008-01-21 44032]
S4 arc;arc; C:\Windows\system32\drivers\arc.sys [2008-01-21 79416]
S4 arcsas;arcsas; C:\Windows\system32\drivers\arcsas.sys [2008-01-21 79928]
S4 blbdrive;blbdrive; C:\Windows\system32\drivers\blbdrive.sys [2008-01-21 45568]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\system32\drivers\brserid.sys [2006-11-02 71808]
S4 BrSerWdm;Brother WDM Serial driver; C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 62336]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 12160]
S4 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\drivers\bthmodem.sys [2006-11-02 39936]
S4 circlass;Consumer IR Devices; C:\Windows\system32\drivers\circlass.sys [2008-01-21 35328]
S4 Crusoe;Transmeta Crusoe Processor Driver; C:\Windows\system32\drivers\crusoe.sys [2008-01-21 40960]
S4 elxstor;elxstor; C:\Windows\system32\drivers\elxstor.sys [2008-01-21 342584]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\drivers\hidbth.sys [2006-11-02 29184]
S4 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\drivers\hidir.sys [2006-11-02 21504]
S4 HpCISSs;HpCISSs; C:\Windows\system32\drivers\hpcisss.sys [2008-01-21 40504]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-29 308248]
S4 iaStorV;Intel RAID Controller Vista; C:\Windows\system32\drivers\iastorv.sys [2008-01-21 235064]
S4 iirsp;iirsp; C:\Windows\system32\drivers\iirsp.sys [2006-11-02 41576]
S4 intelide;intelide; C:\Windows\system32\drivers\intelide.sys [2008-01-21 17976]
S4 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys [2008-01-21 41472]
S4 IPMIDRV;IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [2008-01-21 64512]
S4 isapnp;PnP ISA/EISA Bus Driver; C:\Windows\system32\drivers\isapnp.sys [2008-01-21 49720]
S4 iteatapi;ITEATAPI_Service_Install; C:\Windows\system32\drivers\iteatapi.sys [2006-11-02 35944]
S4 iteraid;ITERAID_Service_Install; C:\Windows\system32\drivers\iteraid.sys [2006-11-02 35944]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
S4 kbdhid;Keyboard HID Driver; C:\Windows\system32\drivers\kbdhid.sys [2008-01-21 15872]
S4 LSI_FC;LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [2008-01-21 96312]
S4 LSI_SAS;LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [2008-01-21 89656]
S4 LSI_SCSI;LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [2008-01-21 96312]
S4 megasas;megasas; C:\Windows\system32\drivers\megasas.sys [2008-01-21 31288]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 mpio;Microsoft Multi-Path Bus Driver; C:\Windows\system32\drivers\mpio.sys [2008-01-21 105016]
S4 msahci;msahci; C:\Windows\system32\drivers\msahci.sys [2008-01-21 28728]
S4 msdsm;Microsoft Multi-Path Device Specific Module; C:\Windows\system32\drivers\msdsm.sys [2008-01-21 94776]
S4 nfrd960;nfrd960; C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 45160]
S4 ntrigdigi;N-trig HID Tablet Driver; C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608]
S4 nvraid;NVIDIA nForce RAID Driver ; C:\Windows\system32\drivers\nvraid.sys [2008-01-21 102968]
S4 nvstor;nvstor; C:\Windows\system32\drivers\nvstor.sys [2008-01-21 45112]
S4 ohci1394;NEC FireWarden OHCI Compliant IEEE 1394 Host Controller; C:\Windows\system32\drivers\ohci1394.sys [2006-11-02 62080]
S4 ql2300;QLogic Fibre Channel Miniport Driver; C:\Windows\system32\drivers\ql2300.sys [2008-01-21 1122360]
S4 ql40xx;QLogic iSCSI Miniport Driver; C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 106088]
S4 RsFx0101;RsFx0101 Driver; C:\Windows\system32\DRIVERS\RsFx0101.sys [2008-02-08 239128]
S4 sbp2port;SBP-2 Transport/Protocol Bus Driver; C:\Windows\system32\drivers\sbp2port.sys [2006-11-02 76392]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 sermouse;Serial Mouse Driver; C:\Windows\system32\drivers\sermouse.sys [2008-01-21 19968]
S4 sffdisk;SFF Storage Class Driver; C:\Windows\system32\drivers\sffdisk.sys [2008-01-21 13312]
S4 SiSRaid2;SiSRaid2; C:\Windows\system32\drivers\sisraid2.sys [2008-01-21 41016]
S4 SiSRaid4;SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [2008-01-21 74808]
S4 uliahci;uliahci; C:\Windows\system32\drivers\uliahci.sys [2008-01-21 238648]
S4 UlSata;UlSata; C:\Windows\system32\drivers\ulsata.sys [2006-11-02 98408]
S4 ulsata2;ulsata2; C:\Windows\system32\drivers\ulsata2.sys [2008-01-21 115816]
S4 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\drivers\usbcir.sys [2006-11-02 68608]
S4 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys [2008-01-21 23552]
S4 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2008-01-21 41472]
S4 vsmraid;vsmraid; C:\Windows\system32\drivers\vsmraid.sys [2008-01-21 130616]
S4 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\drivers\wacompen.sys [2006-11-02 20608]
S4 Wd;Microsoft Watchdog Timer Driver; C:\Windows\system32\drivers\wd.sys [2008-01-21 22072]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-14 172032]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 avast! Antivirus;avast! Antivirus; D:\avast\AvastSvc.exe [2010-02-11 40384]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 EMDMgmt;@%SystemRoot%\system32\emdmgmt.dll,-1000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET); C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R2 MSSQL$DABAZE;SQL Server (DABAZE); C:\Program Files\Microsoft SQL Server\MSSQL10.DABAZE\MSSQL\Binn\sqlservr.exe [2008-02-08 38510616]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864]
R2 netprofm;@%SystemRoot%\system32\netprof.dll,-246; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 slsvc;@%SystemRoot%\system32\SLsvc.exe,-101; C:\Windows\system32\SLsvc.exe [2008-01-21 2623488]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-02-08 91672]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-04-25 303104]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-06-15 9728]
R3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2008-01-15 118784]
R3 WMPNetworkSvc;@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2008-01-21 896512]
R3 WSearch;Windows Search; C:\Windows\system32\SearchIndexer.exe [2008-05-27 439808]
S2 ehstart;@%SystemRoot%\ehome\ehstart.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; D:\avast\AvastSvc.exe [2010-02-11 40384]
S3 avast! Web Scanner;avast! Web Scanner; D:\avast\AvastSvc.exe [2010-02-11 40384]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-27 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 DFSR;@dfsrres.dll,-101; C:\Windows\system32\DFSR.exe [2008-01-21 2091520]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2008-01-21 292352]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2006-11-02 131072]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-20 655624]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2008-06-20 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-06-20 881664]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pimsvc;@%SystemRoot%\system32\p2psvc.dll,-8004; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 PNRPAutoReg;@%SystemRoot%\system32\p2psvc.dll,-8002; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 PNRPsvc;@%SystemRoot%\system32\p2psvc.dll,-8000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-05-22 92792]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe [2009-04-22 98488]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-01-18 1141712]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 SLUINotify;@%SystemRoot%\system32\SLUINotify.dll,-103; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2006-11-02 12800]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2008-01-21 39424]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2008-01-21 35840]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2008-01-21 382976]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-02-08 43544]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096]
S4 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-22 75064]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-02-08 246808]
-----------------EOF-----------------
Run by Zayl at 2010-03-04 13:47:08
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 13 GB (14%) free of 96 GB
Total RAM: 2813 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:11, on 4.3.2010
Platform: Windows Vista SP3 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\WisKeyState.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Miranda IM\miranda32.exe
D:\ul\RSIT.exe
C:\Program Files\trend micro\Zayl.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [WisKeyState] "C:\Program Files\Launch Manager\WisKeyState.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast5] D:\avast\avastUI.exe /nogui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\avast\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 6173 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{5AFFE2BC-8763-471D-9476-460F5AE1B7B9}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-13 6183456]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400]
"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2008-05-24 192512]
"WisKeyState"=C:\Program Files\Launch Manager\WisKeyState.exe [2008-03-08 208896]
"LMgrVolOSD"=C:\Program Files\Launch Manager\OSD.exe [2008-03-04 258048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-27 180224]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"avast5"=D:\avast\avastUI.exe [2010-02-11 2756488]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2010-02-25 319280]
"DisplayFusion"=C:\Program Files\DisplayFusion\DisplayFusion.exe [2009-05-30 768688]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-28 149280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-03-03 22:11:38 ----SHD---- C:\$RECYCLE.BIN
2010-03-03 22:11:36 ----D---- C:\Windows\temp
2010-03-03 22:11:35 ----A---- C:\ComboFix.txt
2010-03-03 21:56:10 ----A---- C:\Windows\zip.exe
2010-03-03 21:56:10 ----A---- C:\Windows\SWSC.exe
2010-03-03 21:56:10 ----A---- C:\Windows\SWREG.exe
2010-03-03 21:56:10 ----A---- C:\Windows\sed.exe
2010-03-03 21:56:10 ----A---- C:\Windows\PEV.exe
2010-03-03 21:56:10 ----A---- C:\Windows\NIRCMD.exe
2010-03-03 21:56:10 ----A---- C:\Windows\MBR.exe
2010-03-03 21:56:10 ----A---- C:\Windows\grep.exe
2010-03-03 21:56:02 ----D---- C:\Windows\ERDNT
2010-03-03 21:56:01 ----D---- C:\Potvora
2010-03-03 21:55:40 ----D---- C:\Qoobox
2010-03-03 21:55:25 ----A---- C:\Windows\SWXCACLS.exe
2010-03-03 21:40:45 ----D---- C:\_OTL
2010-03-03 19:51:18 ----A---- C:\Windows\ntbtlog.txt
2010-03-03 15:48:42 ----D---- C:\Program Files\trend micro
2010-03-03 14:50:30 ----A---- C:\Windows\system32\aswBoot.exe
2010-03-03 14:50:27 ----D---- C:\ProgramData\Alwil Software
2010-03-01 17:47:23 ----A---- C:\Windows\SGDetectionTool.dll
2010-03-01 17:47:23 ----A---- C:\Windows\PCTBDRes.dll
2010-03-01 17:47:23 ----A---- C:\Windows\PCTBDCore.dll
2010-03-01 17:47:23 ----A---- C:\Windows\BDTSupport.dll
2010-03-01 17:45:01 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-01 17:45:00 ----D---- C:\Users\Zayl\AppData\Roaming\PC Tools
2010-03-01 17:45:00 ----D---- C:\ProgramData\PC Tools
2010-03-01 17:45:00 ----D---- C:\Program Files\Spyware Doctor
2010-03-01 16:54:27 ----D---- C:\rsit
2010-03-01 16:19:50 ----AD---- C:\Windows\system32\runouce.exe
2010-03-01 16:18:07 ----A---- C:\Windows\system32\msvcr80.dll
2010-03-01 16:18:06 ----A---- C:\Windows\system32\msvcp80.dll
2010-03-01 16:18:05 ----A---- C:\Windows\system32\eEmpty.exe
2010-03-01 16:18:01 ----D---- C:\Program Files\Common Files\MicroWorld
2010-03-01 16:17:59 ----D---- C:\ProgramData\MicroWorld
2010-02-27 23:15:27 ----D---- C:\ProgramData\InstallShield
2010-02-24 13:51:14 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 13:51:01 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 13:51:01 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 13:51:01 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 13:51:00 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 13:51:00 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 13:51:00 ----A---- C:\Windows\system32\msdrm.dll
2010-02-20 12:29:56 ----D---- C:\Users\Zayl\AppData\Roaming\Mumble
2010-02-20 11:15:09 ----D---- C:\Program Files\Mumble
2010-02-20 10:12:11 ----D---- C:\ProgramData\FLEXnet
2010-02-20 10:00:27 ----D---- C:\Program Files\Adobe Media Player
2010-02-20 09:56:48 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-20 09:52:10 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-02-19 23:08:35 ----D---- C:\Users\Zayl\AppData\Roaming\Bioshock2
2010-02-19 22:56:31 ----SHD---- C:\ProgramData\SecuROM
2010-02-19 22:52:03 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-02-19 22:52:03 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-02-19 22:52:03 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-02-19 22:52:03 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-02-19 21:39:39 ----D---- C:\Program Files\Heroes of Newerth
2010-02-10 22:24:04 ----D---- C:\Users\Zayl\AppData\Roaming\TS3Client
2010-02-10 22:23:43 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-02-10 19:27:49 ----D---- C:\Program Files\Ventrilo
2010-02-10 19:27:48 ----A---- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-02-10 12:30:08 ----D---- C:\Users\Zayl\AppData\Roaming\EVEMon
2010-02-10 12:30:05 ----D---- C:\Program Files\EVEMon
2010-02-10 12:06:52 ----D---- C:\ProgramData\CCP
2010-02-10 07:24:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 07:24:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 07:24:14 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 07:24:14 ----A---- C:\Windows\system32\avicap32.dll
======List of files/folders modified in the last 1 months======
2010-03-04 12:21:39 ----D---- C:\Windows
2010-03-04 12:03:32 ----D---- C:\Users\Zayl\AppData\Roaming\uTorrent
2010-03-04 12:03:17 ----D---- C:\Program Files\Mozilla Firefox
2010-03-04 12:02:38 ----AD---- C:\ProgramData\TEMP
2010-03-03 22:56:40 ----SD---- C:\ProgramData\Microsoft
2010-03-03 22:11:00 ----D---- C:\Windows\Tasks
2010-03-03 22:08:11 ----N---- C:\Windows\system.ini
2010-03-03 22:06:48 ----D---- C:\Windows\system32\drivers
2010-03-03 22:06:47 ----D---- C:\Windows\System32
2010-03-03 22:03:18 ----D---- C:\Windows\AppPatch
2010-03-03 22:03:17 ----D---- C:\Program Files\Common Files
2010-03-03 21:56:16 ----D---- C:\Windows\Prefetch
2010-03-03 21:56:02 ----D---- C:\Windows\system32\catroot2
2010-03-03 21:40:47 ----D---- C:\Program Files\Launch Manager
2010-03-03 21:40:47 ----D---- C:\Program Files\BS_Player
2010-03-03 20:04:52 ----D---- C:\Windows\Minidump
2010-03-03 15:48:42 ----RD---- C:\Program Files
2010-03-03 14:50:53 ----SHD---- C:\Windows\Installer
2010-03-03 14:50:52 ----D---- C:\Windows\winsxs
2010-03-03 14:50:27 ----D---- C:\ProgramData
2010-03-03 07:07:09 ----D---- C:\Windows\system32\WDI
2010-03-02 19:32:25 ----D---- C:\Users\Zayl\AppData\Roaming\BSplayer
2010-03-01 16:39:04 ----DC---- C:\Windows\system32\DRVSTORE
2010-03-01 16:39:04 ----D---- C:\ProgramData\Lavasoft
2010-03-01 16:11:45 ----D---- C:\docasna_slozka
2010-02-27 23:16:44 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-27 23:15:14 ----SD---- C:\Windows\Downloaded Program Files
2010-02-27 23:15:14 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-27 23:11:59 ----RSD---- C:\Windows\assembly
2010-02-26 06:56:38 ----D---- C:\Program Files\uTorrent
2010-02-25 12:15:15 ----D---- C:\Windows\rescache
2010-02-25 06:50:19 ----D---- C:\Windows\system32\cs-CZ
2010-02-25 06:50:17 ----RSD---- C:\Windows\Fonts
2010-02-24 23:14:06 ----D---- C:\Windows\system32\catroot
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-22 21:56:02 ----A---- C:\Windows\NeroDigital.ini
2010-02-20 22:33:36 ----SD---- C:\Users\Zayl\AppData\Roaming\Microsoft
2010-02-20 18:48:54 ----D---- C:\Users\Zayl\AppData\Roaming\Adobe
2010-02-20 10:03:07 ----D---- C:\ProgramData\Adobe
2010-02-20 10:01:56 ----D---- C:\Program Files\Common Files\Adobe
2010-02-20 09:54:52 ----D---- C:\Program Files\Adobe
2010-02-19 22:52:04 ----D---- C:\Windows\system32\directx
2010-02-19 22:38:31 ----D---- C:\Users\Zayl\AppData\Roaming\Winamp
2010-02-19 18:57:45 ----D---- C:\Windows\Debug
2010-02-11 07:21:02 ----D---- C:\Program Files\Windows Mail
2010-02-10 19:31:06 ----D---- C:\Users\Zayl\AppData\Roaming\Ventrilo
2010-02-10 19:27:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-08 14:39:47 ----D---- C:\Users\Zayl\AppData\Roaming\IrfanView
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2008-01-21 75264]
R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 nsiproxy;NSI proxy service; C:\Windows\system32\drivers\nsiproxy.sys [2008-01-21 16384]
R1 RDPENCDD;RDP Encoder Mirror Driver; C:\Windows\system32\drivers\rdpencdd.sys [2008-01-21 6144]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2008-01-21 66560]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2008-01-21 71680]
R1 Wanarpv6;Remote Access IPv6 ARP Driver; C:\Windows\system32\DRIVERS\wanarp.sys [2008-01-21 62464]
R1 ws2ifsl;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\Windows\system32\drivers\ws2ifsl.sys [2008-01-21 15872]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-08-12 279712]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-08-12 25888]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2008-01-21 47104]
R2 luafv;UAC File Virtualization; C:\Windows\system32\drivers\luafv.sys [2008-01-21 84480]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2006-11-02 878080]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2008-01-21 60416]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2008-01-21 30208]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-03-18 903680]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-14 5172224]
R3 bowser;Bowser; C:\Windows\system32\DRIVERS\bowser.sys [2008-01-21 69632]
R3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2008-08-29 625152]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2008-01-21 53760]
R3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys [2008-01-21 12288]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-13 2152344]
R3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2008-01-21 181304]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\Windows\system32\DRIVERS\monitor.sys [2008-01-21 41984]
R3 mouhid;Ovladač HID myši; C:\Windows\system32\DRIVERS\mouhid.sys [2008-01-21 15872]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2008-01-21 64000]
R3 mrxsmb10;SMB 1.x MiniRedirector; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2009-12-04 212992]
R3 mrxsmb20;SMB 2.0 MiniRedirector; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2008-01-21 78848]
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2008-05-20 148480]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2008-01-21 69120]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 srv2;srv2; C:\Windows\System32\DRIVERS\srv2.sys [2009-09-14 144896]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-12-11 98304]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-17 190512]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunmp.sys [2008-01-21 15360]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2008-01-21 23040]
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\Windows\system32\DRIVERS\umbus.sys [2008-01-21 34816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbehci.sys [2008-01-21 39424]
R3 usbhub;USB2 Enabled Hub; C:\Windows\system32\DRIVERS\usbhub.sys [2008-01-21 194560]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys [2008-01-21 19456]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\drivers\agp440.sys [2008-01-21 56376]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2008-01-21 57400]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 5248]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\system32\drivers\brusbser.sys [2006-11-02 11904]
S3 catchme;catchme; \??\C:\Users\Zayl\AppData\Local\Temp\catchme.sys []
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G60I32.sys [2008-01-21 118784]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2008-01-21 136192]
S3 Filetrace;FileTrace; C:\Windows\system32\drivers\filetrace.sys [2008-01-21 27648]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\drivers\gagp30kx.sys [2008-01-21 61496]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Zayl\AppData\Local\Temp\JNLEF7F.tmp []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2008-01-21 163384]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2008-05-22 34576]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\drivers\nv_agp.sys [2008-01-21 109112]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2008-01-21 31232]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\WNt500x86\Sandra.sys [2009-04-12 26216]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\drivers\sffp_mmc.sys [2008-01-21 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\drivers\sffp_sd.sys [2008-01-21 11776]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2008-01-21 55864]
S3 Tcpip6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-12-08 897624]
S3 tssecsrv;Terminal Services Security Filter Driver; C:\Windows\System32\DRIVERS\tssecsrv.sys [2008-01-21 23552]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\drivers\uagp35.sys [2008-01-21 59448]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\drivers\uliagpkx.sys [2008-01-21 60984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys [2008-01-21 73216]
S3 usbprint;Třída USB Printer; C:\Windows\system32\DRIVERS\usbprint.sys [2008-01-21 18944]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2008-01-21 55296]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2008-01-21 26112]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2008-01-21 56888]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 adp94xx;adp94xx; C:\Windows\system32\drivers\adp94xx.sys [2008-01-21 422968]
S4 adpahci;adpahci; C:\Windows\system32\drivers\adpahci.sys [2008-01-21 300600]
S4 adpu320;adpu320; C:\Windows\system32\drivers\adpu320.sys [2008-01-21 149560]
S4 amdide;amdide; C:\Windows\system32\drivers\amdide.sys [2008-01-21 17976]
S4 AmdK7;AMD K7 Processor Driver; C:\Windows\system32\drivers\amdk7.sys [2008-01-21 41472]
S4 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\drivers\amdk8.sys [2008-01-21 44032]
S4 arc;arc; C:\Windows\system32\drivers\arc.sys [2008-01-21 79416]
S4 arcsas;arcsas; C:\Windows\system32\drivers\arcsas.sys [2008-01-21 79928]
S4 blbdrive;blbdrive; C:\Windows\system32\drivers\blbdrive.sys [2008-01-21 45568]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\system32\drivers\brserid.sys [2006-11-02 71808]
S4 BrSerWdm;Brother WDM Serial driver; C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 62336]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 12160]
S4 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\drivers\bthmodem.sys [2006-11-02 39936]
S4 circlass;Consumer IR Devices; C:\Windows\system32\drivers\circlass.sys [2008-01-21 35328]
S4 Crusoe;Transmeta Crusoe Processor Driver; C:\Windows\system32\drivers\crusoe.sys [2008-01-21 40960]
S4 elxstor;elxstor; C:\Windows\system32\drivers\elxstor.sys [2008-01-21 342584]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\drivers\hidbth.sys [2006-11-02 29184]
S4 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\drivers\hidir.sys [2006-11-02 21504]
S4 HpCISSs;HpCISSs; C:\Windows\system32\drivers\hpcisss.sys [2008-01-21 40504]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-29 308248]
S4 iaStorV;Intel RAID Controller Vista; C:\Windows\system32\drivers\iastorv.sys [2008-01-21 235064]
S4 iirsp;iirsp; C:\Windows\system32\drivers\iirsp.sys [2006-11-02 41576]
S4 intelide;intelide; C:\Windows\system32\drivers\intelide.sys [2008-01-21 17976]
S4 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys [2008-01-21 41472]
S4 IPMIDRV;IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [2008-01-21 64512]
S4 isapnp;PnP ISA/EISA Bus Driver; C:\Windows\system32\drivers\isapnp.sys [2008-01-21 49720]
S4 iteatapi;ITEATAPI_Service_Install; C:\Windows\system32\drivers\iteatapi.sys [2006-11-02 35944]
S4 iteraid;ITERAID_Service_Install; C:\Windows\system32\drivers\iteraid.sys [2006-11-02 35944]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
S4 kbdhid;Keyboard HID Driver; C:\Windows\system32\drivers\kbdhid.sys [2008-01-21 15872]
S4 LSI_FC;LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [2008-01-21 96312]
S4 LSI_SAS;LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [2008-01-21 89656]
S4 LSI_SCSI;LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [2008-01-21 96312]
S4 megasas;megasas; C:\Windows\system32\drivers\megasas.sys [2008-01-21 31288]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 mpio;Microsoft Multi-Path Bus Driver; C:\Windows\system32\drivers\mpio.sys [2008-01-21 105016]
S4 msahci;msahci; C:\Windows\system32\drivers\msahci.sys [2008-01-21 28728]
S4 msdsm;Microsoft Multi-Path Device Specific Module; C:\Windows\system32\drivers\msdsm.sys [2008-01-21 94776]
S4 nfrd960;nfrd960; C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 45160]
S4 ntrigdigi;N-trig HID Tablet Driver; C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608]
S4 nvraid;NVIDIA nForce RAID Driver ; C:\Windows\system32\drivers\nvraid.sys [2008-01-21 102968]
S4 nvstor;nvstor; C:\Windows\system32\drivers\nvstor.sys [2008-01-21 45112]
S4 ohci1394;NEC FireWarden OHCI Compliant IEEE 1394 Host Controller; C:\Windows\system32\drivers\ohci1394.sys [2006-11-02 62080]
S4 ql2300;QLogic Fibre Channel Miniport Driver; C:\Windows\system32\drivers\ql2300.sys [2008-01-21 1122360]
S4 ql40xx;QLogic iSCSI Miniport Driver; C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 106088]
S4 RsFx0101;RsFx0101 Driver; C:\Windows\system32\DRIVERS\RsFx0101.sys [2008-02-08 239128]
S4 sbp2port;SBP-2 Transport/Protocol Bus Driver; C:\Windows\system32\drivers\sbp2port.sys [2006-11-02 76392]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 sermouse;Serial Mouse Driver; C:\Windows\system32\drivers\sermouse.sys [2008-01-21 19968]
S4 sffdisk;SFF Storage Class Driver; C:\Windows\system32\drivers\sffdisk.sys [2008-01-21 13312]
S4 SiSRaid2;SiSRaid2; C:\Windows\system32\drivers\sisraid2.sys [2008-01-21 41016]
S4 SiSRaid4;SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [2008-01-21 74808]
S4 uliahci;uliahci; C:\Windows\system32\drivers\uliahci.sys [2008-01-21 238648]
S4 UlSata;UlSata; C:\Windows\system32\drivers\ulsata.sys [2006-11-02 98408]
S4 ulsata2;ulsata2; C:\Windows\system32\drivers\ulsata2.sys [2008-01-21 115816]
S4 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\drivers\usbcir.sys [2006-11-02 68608]
S4 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys [2008-01-21 23552]
S4 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2008-01-21 41472]
S4 vsmraid;vsmraid; C:\Windows\system32\drivers\vsmraid.sys [2008-01-21 130616]
S4 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\drivers\wacompen.sys [2006-11-02 20608]
S4 Wd;Microsoft Watchdog Timer Driver; C:\Windows\system32\drivers\wd.sys [2008-01-21 22072]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-14 172032]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 avast! Antivirus;avast! Antivirus; D:\avast\AvastSvc.exe [2010-02-11 40384]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 EMDMgmt;@%SystemRoot%\system32\emdmgmt.dll,-1000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET); C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R2 MSSQL$DABAZE;SQL Server (DABAZE); C:\Program Files\Microsoft SQL Server\MSSQL10.DABAZE\MSSQL\Binn\sqlservr.exe [2008-02-08 38510616]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864]
R2 netprofm;@%SystemRoot%\system32\netprof.dll,-246; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 slsvc;@%SystemRoot%\system32\SLsvc.exe,-101; C:\Windows\system32\SLsvc.exe [2008-01-21 2623488]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-02-08 91672]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-04-25 303104]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-06-15 9728]
R3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2008-01-15 118784]
R3 WMPNetworkSvc;@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2008-01-21 896512]
R3 WSearch;Windows Search; C:\Windows\system32\SearchIndexer.exe [2008-05-27 439808]
S2 ehstart;@%SystemRoot%\ehome\ehstart.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; D:\avast\AvastSvc.exe [2010-02-11 40384]
S3 avast! Web Scanner;avast! Web Scanner; D:\avast\AvastSvc.exe [2010-02-11 40384]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-27 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 DFSR;@dfsrres.dll,-101; C:\Windows\system32\DFSR.exe [2008-01-21 2091520]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2008-01-21 292352]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2006-11-02 131072]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-20 655624]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2008-06-20 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-06-20 881664]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pimsvc;@%SystemRoot%\system32\p2psvc.dll,-8004; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 PNRPAutoReg;@%SystemRoot%\system32\p2psvc.dll,-8002; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 PNRPsvc;@%SystemRoot%\system32\p2psvc.dll,-8000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-05-22 92792]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe [2009-04-22 98488]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-01-18 1141712]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 SLUINotify;@%SystemRoot%\system32\SLUINotify.dll,-103; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2006-11-02 12800]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2008-01-21 39424]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2008-01-21 35840]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2008-01-21 382976]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-02-08 43544]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096]
S4 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-22 75064]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-02-08 246808]
-----------------EOF-----------------
Welcome
this transmission
from a fallen star
Light has departed
from this black sun...
this transmission
from a fallen star
Light has departed
from this black sun...
Re: Neznámá infekce, prosím o kontrolu.
Tak ještě jeden skript do OTL:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
IE - HKU\S-1-5-21-686728410-4016434104-3882101393-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
:COMMANDS
[Reboot]
Odinstalujte combofix přes Start - Spustit- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijtehttp://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?