Prosím o kontrolu logu

[motji]

Ed1.exe a i sshnas21.dll v logu není vidět, Vy jste je smazal ?

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
C:\Windows\Evomia.exe

:files
C:\Windows\Evomia.exe

:COMMANDS
[Reboot]

-klikněte na tlačítko Run fix.
-Následně se pc restartuje.
- Log vložte zde

Použijte Ccleaner a poprosím o nový log ze Rsitu.

[jehoun]

Ano smazal, počítám, že jsem to asi neměl dělat

========== OTL ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Windows\Evomia.exe moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.1.35.0 log created on 03092010_075307

[jehoun]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jehoun at 2010-03-09 08:02:01
Microsoft Windows 7 Professional Service Pack 3
System drive C: has 19 GB (55%) free of 35 GB
Total RAM: 4095 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:02:02, on 9.3.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Users\Jehoun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jehoun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jehoun\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Dokumenty\RSIT.exe
C:\Program Files (x86)\trend micro\Jehoun.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6433 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4146738775-2154181807-1878494979-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4146738775-2154181807-1878494979-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
Zynga Toolbar - C:\Program Files (x86)\Zynga\tbZyng.dll [2010-02-22 2353176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} - Zynga Toolbar - C:\Program Files (x86)\Zynga\tbZyng.dll [2010-02-22 2353176]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2009-06-04 25600]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-02-11 2756488]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoTerm.exe"=C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [2009-09-02 218384]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-09 07:11:01 ----D---- C:\_OTL
2010-03-08 23:53:19 ----D---- C:\Program Files (x86)\CCleaner
2010-03-08 22:26:29 ----D---- C:\Users\Jehoun\AppData\Roaming\Malwarebytes
2010-03-08 22:26:24 ----D---- C:\ProgramData\Malwarebytes
2010-03-08 22:26:24 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-03-08 21:52:56 ----D---- C:\rsit
2010-03-08 21:42:08 ----D---- C:\32788R22FWJFW
2010-03-08 21:24:51 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-03-08 21:24:45 ----D---- C:\Users\Jehoun\AppData\Roaming\SUPERAntiSpyware.com
2010-03-08 21:24:45 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2010-03-08 20:39:55 ----D---- C:\Program Files (x86)\trend micro
2010-03-08 20:11:42 ----A---- C:\Windows\system32\tmp.txt
2010-03-08 20:10:57 ----A---- C:\Windows\system32\SrchSTS.exe
2010-03-08 20:10:57 ----A---- C:\Windows\system32\Process.exe
2010-03-08 20:10:57 ----A---- C:\Windows\system32\o4Patch.exe
2010-03-08 20:10:57 ----A---- C:\Windows\system32\IEDFix.C.exe
2010-03-08 20:10:57 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe
2010-03-08 18:16:39 ----D---- C:\Users\Jehoun\AppData\Roaming\XnView
2010-03-08 16:03:56 ----D---- C:\Users\Jehoun\AppData\Roaming\mkvtoolnix
2010-03-08 15:47:06 ----D---- C:\Program Files (x86)\Intelore
2010-03-08 15:08:38 ----D---- C:\Program Files (x86)\VideoLAN
2010-03-08 12:47:54 ----A---- C:\Windows\BsMobileModel.ini
2010-03-08 12:47:32 ----D---- C:\Windows\system32\ivtMobCache
2010-03-08 11:51:41 ----D---- C:\Program Files (x86)\IVT Corporation
2010-03-08 11:51:08 ----D---- C:\ProgramData\Installations
2010-03-08 10:13:00 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-03-08 10:13:00 ----D---- C:\Program Files (x86)\Adobe
2010-03-08 10:07:14 ----SHD---- C:\Config.Msi
2010-03-08 09:25:22 ----D---- C:\Program Files (x86)\Technisat
2010-03-08 09:00:05 ----D---- C:\Program Files (x86)\Zynga
2010-03-08 08:27:52 ----D---- C:\Program Files (x86)\Conduit
2010-03-08 08:25:22 ----D---- C:\Program Files (x86)\FFmpeg for Audacity
2010-03-08 08:24:31 ----D---- C:\Users\Jehoun\AppData\Roaming\Audacity
2010-03-08 08:24:23 ----D---- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2010-03-08 07:38:50 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-03-08 07:38:50 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-03-08 07:38:50 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-03-08 07:38:50 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-03-08 07:38:50 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-03-08 07:38:50 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-03-08 07:38:50 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-03-08 07:38:48 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-03-08 07:38:48 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-03-08 07:38:47 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-03-08 07:38:47 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-03-08 07:38:47 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-03-08 07:38:47 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-03-08 07:38:46 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-03-08 07:38:46 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-03-08 07:38:46 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-03-08 07:38:46 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-03-08 07:38:46 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-03-08 07:38:46 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-03-08 07:38:46 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-03-08 07:38:45 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-03-08 07:38:45 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-03-08 07:38:45 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-03-08 07:38:45 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-03-08 07:38:45 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-03-08 07:38:45 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-03-08 07:38:45 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-03-08 07:38:44 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-03-08 07:38:44 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-03-08 07:38:44 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-03-08 07:38:44 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-03-08 07:38:44 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-03-08 07:38:44 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-03-08 07:38:43 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-03-08 07:38:43 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-03-08 07:38:43 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-03-08 07:38:43 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-03-08 07:38:43 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-03-08 07:38:43 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-03-08 07:38:43 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-03-08 07:38:43 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-03-08 07:38:42 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-03-08 07:38:42 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-03-08 07:38:42 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-03-08 07:38:42 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-03-08 07:38:42 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-03-08 07:38:42 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-03-08 07:38:41 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-03-08 07:38:41 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-03-08 07:38:41 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-03-08 07:38:41 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-03-08 07:38:41 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-03-08 07:38:41 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-03-08 07:38:41 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-03-08 07:38:40 ----A---- C:\Windows\system32\xinput1_3.dll
2010-03-08 07:38:40 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-03-08 07:38:40 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-03-08 07:38:40 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-03-08 07:38:40 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-03-08 07:38:40 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-03-08 07:38:40 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-03-08 07:38:39 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-03-08 07:38:39 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-03-08 07:38:39 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-03-08 07:38:39 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-03-08 07:38:39 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-03-08 07:38:39 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-03-08 07:38:39 ----A---- C:\Windows\system32\d3dx10.dll
2010-03-08 07:38:38 ----A---- C:\Windows\system32\xinput1_2.dll
2010-03-08 07:38:38 ----A---- C:\Windows\system32\xinput1_1.dll
2010-03-08 07:38:38 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-03-08 07:38:38 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-03-08 07:38:38 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-03-08 07:38:38 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-03-08 07:38:36 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-03-08 07:38:36 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-03-08 07:38:36 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-03-08 07:38:36 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-03-08 07:38:35 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-03-08 07:38:35 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-03-08 07:38:35 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-03-08 07:38:35 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-03-08 07:38:34 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-03-08 07:36:42 ----D---- C:\Windows\system32\directx
2010-03-08 07:34:32 ----D---- C:\Users\Jehoun\AppData\Roaming\Media Player Classic
2010-03-07 22:58:00 ----D---- C:\ProgramData\Adobe
2010-03-07 21:48:24 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-03-07 21:38:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-07 21:37:54 ----D---- C:\Program Files (x86)\MSECache
2010-03-07 21:34:03 ----D---- C:\Program Files (x86)\Microsoft Works
2010-03-07 21:33:57 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2010-03-07 21:33:57 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2010-03-07 21:33:52 ----D---- C:\Windows\PCHEALTH
2010-03-07 21:33:52 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-03-07 21:32:20 ----D---- C:\ProgramData\Microsoft Help
2010-03-07 21:32:20 ----D---- C:\Program Files (x86)\Microsoft Office
2010-03-07 21:32:03 ----RHD---- C:\MSOCache
2010-03-07 21:04:29 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2010-03-07 21:04:20 ----D---- C:\Users\Jehoun\AppData\Roaming\DAEMON Tools Lite
2010-03-07 21:04:18 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-03-07 20:58:06 ----D---- C:\Users\Jehoun\AppData\Roaming\TweakNow RegCleaner
2010-03-07 20:58:06 ----D---- C:\Program Files (x86)\TweakNow RegCleaner
2010-03-07 20:40:38 ----D---- C:\ProgramData\NVIDIA Corporation
2010-03-07 20:40:28 ----A---- C:\Windows\system32\msvcp71.dll
2010-03-07 20:40:28 ----A---- C:\Windows\system32\MFC71.dll
2010-03-07 20:40:28 ----A---- C:\Windows\system32\DSETUP.dll
2010-03-07 20:40:28 ----A---- C:\Windows\system32\DolbyHph.dll
2010-03-07 20:40:28 ----A---- C:\Windows\system32\atl71.dll
2010-03-07 20:40:18 ----A---- C:\Windows\system32\msvcr71.dll
2010-03-07 20:23:47 ----D---- C:\Program Files (x86)\PCTV Systems
2010-03-07 20:23:47 ----D---- C:\Program Files (x86)\Common Files\PCTV Systems
2010-03-07 20:19:24 ----D---- C:\ProgramData\Sun
2010-03-07 20:19:24 ----D---- C:\Program Files (x86)\Common Files\Java
2010-03-07 20:19:12 ----A---- C:\Windows\system32\javaws.exe
2010-03-07 20:19:12 ----A---- C:\Windows\system32\javaw.exe
2010-03-07 20:19:12 ----A---- C:\Windows\system32\java.exe
2010-03-07 20:19:12 ----A---- C:\Windows\system32\deploytk.dll
2010-03-07 20:19:05 ----D---- C:\Program Files (x86)\Java
2010-03-07 20:16:03 ----D---- C:\Users\Jehoun\AppData\Roaming\Macromedia
2010-03-07 20:16:03 ----D---- C:\Users\Jehoun\AppData\Roaming\Adobe
2010-03-07 20:16:02 ----D---- C:\Windows\system32\Macromed
2010-03-07 20:11:17 ----D---- C:\ProgramData\PCTV Systems
2010-03-07 20:10:26 ----D---- C:\Users\Jehoun\AppData\Roaming\WinRAR
2010-03-07 20:04:16 ----D---- C:\Users\Jehoun\AppData\Roaming\ArcSoft
2010-03-07 19:51:43 ----D---- C:\Windows\ehome
2010-03-07 19:51:39 ----D---- C:\ProgramData\ArcSoft
2010-03-07 19:51:23 ----D---- C:\Program Files (x86)\ArcSoft
2010-03-07 19:50:50 ----D---- C:\Windows\Downloaded Installations
2010-03-07 19:42:45 ----A---- C:\Windows\system32\aswBoot.exe
2010-03-07 19:42:44 ----D---- C:\ProgramData\Alwil Software
2010-03-07 19:40:53 ----D---- C:\Users\Jehoun\AppData\Roaming\HEXelon
2010-03-07 19:40:35 ----D---- C:\Program Files (x86)\TC UP
2010-03-07 19:30:28 ----HD---- C:\Program Files (x86)\Creative Installation Information
2010-03-07 19:30:28 ----D---- C:\Program Files (x86)\Common Files\Creative
2010-03-07 19:30:22 ----D---- C:\Program Files (x86)\Common Files\Creative Labs Shared
2010-03-07 19:30:08 ----D---- C:\Program Files (x86)\Creative
2010-03-07 19:29:50 ----D---- C:\ProgramData\Creative
2010-03-07 19:29:50 ----A---- C:\Windows\system32\cttele32.dll
2010-03-07 19:29:42 ----D---- C:\Program Files (x86)\OpenAL
2010-03-07 19:29:42 ----A---- C:\Windows\system32\wrap_oal.dll
2010-03-07 19:29:42 ----A---- C:\Windows\system32\OpenAL32.dll
2010-03-07 19:29:42 ----A---- C:\Windows\system32\CmdRtr.DLL
2010-03-07 19:29:42 ----A---- C:\Windows\system32\APOMngr.DLL
2010-03-07 19:29:04 ----D---- C:\Windows\system32\Data
2010-03-07 19:29:04 ----A---- C:\Windows\system32\INRES.DLL
2010-03-07 19:28:54 ----A---- C:\Windows\system32\AppSetup.exe
2010-03-07 19:28:52 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-03-07 19:28:48 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2010-03-07 19:15:01 ----D---- C:\ProgramData\NVIDIA
2010-03-07 19:14:27 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-03-07 19:14:27 ----D---- C:\Program Files (x86)\AGEIA Technologies
2010-03-07 19:14:22 ----SHD---- C:\Windows\Installer
2010-03-07 19:14:19 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-03-07 19:13:42 ----A---- C:\Windows\system32\OpenCL.dll
2010-03-07 19:13:41 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-03-07 19:13:39 ----A---- C:\Windows\system32\nvoglv32.dll
2010-03-07 19:13:39 ----A---- C:\Windows\system32\nvencodemft.dll
2010-03-07 19:13:39 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-03-07 19:13:38 ----A---- C:\Windows\system32\nvd3dum.dll
2010-03-07 19:13:38 ----A---- C:\Windows\system32\nvcuvid.dll
2010-03-07 19:13:38 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-03-07 19:13:38 ----A---- C:\Windows\system32\nvcuda.dll
2010-03-07 19:13:36 ----A---- C:\Windows\system32\nvcompiler.dll
2010-03-07 19:13:36 ----A---- C:\Windows\system32\nvapi.dll
2010-03-07 18:41:29 ----D---- C:\Windows\CheckSur
2010-03-07 18:30:47 ----A---- C:\Windows\system32\msv1_0.dll
2010-03-07 18:27:57 ----A---- C:\Windows\system32\wmploc.DLL
2010-03-07 18:27:56 ----A---- C:\Windows\system32\wmp.dll
2010-03-07 18:27:56 ----A---- C:\Windows\system32\CertEnroll.dll
2010-03-07 18:27:39 ----A---- C:\Windows\system32\psisdecd.dll
2010-03-07 18:27:39 ----A---- C:\Windows\system32\CPFilters.dll
2010-03-07 18:27:38 ----A---- C:\Windows\system32\explorer.exe
2010-03-07 18:27:38 ----A---- C:\Windows\explorer.exe
2010-03-07 18:27:37 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-03-07 18:27:37 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-03-07 18:27:37 ----A---- C:\Windows\system32\secproc_isv.dll
2010-03-07 18:27:37 ----A---- C:\Windows\system32\secproc.dll
2010-03-07 18:27:37 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-03-07 18:27:37 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-03-07 18:27:37 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-03-07 18:27:37 ----A---- C:\Windows\system32\RMActivate.exe
2010-03-07 18:27:27 ----A---- C:\Windows\system32\mshtml.dll
2010-03-07 18:27:27 ----A---- C:\Windows\system32\ieframe.dll
2010-03-07 18:27:26 ----A---- C:\Windows\system32\wininet.dll
2010-03-07 18:27:26 ----A---- C:\Windows\system32\urlmon.dll
2010-03-07 18:27:26 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-07 18:27:26 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-07 18:27:25 ----A---- C:\Windows\system32\tzres.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\tsbyuv.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\t2embed.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\quartz.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\msyuv.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\msvidc32.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\msrle32.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\mciavi32.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\jscript.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\iyuv_32.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\fontsub.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\avifil32.dll
2010-03-07 18:27:13 ----A---- C:\Windows\system32\atmfd.dll
2010-03-07 18:27:12 ----A---- C:\Windows\system32\wow32.dll
2010-03-07 18:27:12 ----A---- C:\Windows\system32\user.exe
2010-03-07 18:27:12 ----A---- C:\Windows\system32\setup16.exe
2010-03-07 18:27:12 ----A---- C:\Windows\system32\ntvdm64.dll
2010-03-07 18:27:12 ----A---- C:\Windows\system32\msasn1.dll
2010-03-07 18:27:12 ----A---- C:\Windows\system32\instnm.exe
2010-03-07 18:14:51 ----D---- C:\Users\Jehoun\AppData\Roaming\Identities
2010-03-07 18:14:34 ----SD---- C:\Users\Jehoun\AppData\Roaming\Microsoft
2010-03-07 18:14:34 ----D---- C:\Users\Jehoun\AppData\Roaming\Media Center Programs
2010-03-07 18:13:19 ----SHD---- C:\Recovery
2010-03-07 18:13:18 ----SHD---- C:\ProgramData\Šablony
2010-03-07 18:13:18 ----SHD---- C:\ProgramData\Plocha
2010-03-07 18:13:18 ----SHD---- C:\ProgramData\Oblíbené položky
2010-03-07 18:13:18 ----SHD---- C:\ProgramData\Nabídka Start
2010-03-07 18:13:18 ----SHD---- C:\ProgramData\Dokumenty
2010-03-07 18:13:18 ----SHD---- C:\ProgramData\Data aplikací
2010-03-07 18:10:28 ----D---- C:\Windows\SoftwareDistribution
2010-03-07 18:08:00 ----D---- C:\Windows\Prefetch
2010-03-07 18:07:46 ----SHD---- C:\System Volume Information
2010-03-07 18:07:01 ----D---- C:\Windows\Panther
2010-03-07 18:06:49 ----RASH---- C:\BOOTSECT.BAK
2010-03-07 18:06:48 ----SHD---- C:\Boot

======List of files/folders modified in the last 1 months======

2010-03-09 08:02:01 ----D---- C:\Windows\Temp
2010-03-09 08:01:25 ----D---- C:\Windows\System32
2010-03-09 08:01:25 ----D---- C:\Windows\inf
2010-03-09 08:00:12 ----D---- C:\Windows
2010-03-08 23:54:37 ----D---- C:\Windows\debug
2010-03-08 23:53:19 ----RD---- C:\Program Files (x86)
2010-03-08 22:29:08 ----D---- C:\Windows\Tasks
2010-03-08 22:26:26 ----D---- C:\Windows\system32\drivers
2010-03-08 22:26:24 ----HD---- C:\ProgramData
2010-03-08 21:46:45 ----D---- C:\Windows\SysWOW64
2010-03-08 13:11:58 ----D---- C:\Windows\winsxs
2010-03-08 11:51:20 ----RD---- C:\Program Files
2010-03-08 10:13:00 ----D---- C:\Program Files (x86)\Common Files
2010-03-08 10:08:52 ----D---- C:\Windows\system32\cs-CZ
2010-03-08 10:08:52 ----D---- C:\Windows\ShellNew
2010-03-08 10:08:52 ----D---- C:\Windows\PolicyDefinitions
2010-03-08 08:27:51 ----RD---- C:\Users
2010-03-08 07:38:38 ----RSD---- C:\Windows\assembly
2010-03-08 07:38:34 ----D---- C:\Windows\Microsoft.NET
2010-03-08 07:36:42 ----D---- C:\Windows\Logs
2010-03-07 22:17:34 ----SD---- C:\ProgramData\Microsoft
2010-03-07 21:36:40 ----N---- C:\Windows\win.ini
2010-03-07 21:36:39 ----D---- C:\Program Files (x86)\Common Files\System
2010-03-07 21:35:46 ----RSD---- C:\Windows\Fonts
2010-03-07 21:35:42 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-03-07 20:49:47 ----D---- C:\Program Files (x86)\Windows Media Player
2010-03-07 19:33:02 ----D---- C:\Windows\Downloaded Program Files
2010-03-07 19:14:42 ----D---- C:\Windows\Help
2010-03-07 18:37:10 ----D---- C:\Windows\AppPatch
2010-03-07 18:32:15 ----D---- C:\Program Files (x86)\Internet Explorer
2010-03-07 18:14:47 ----SHD---- C:\$Recycle.Bin
2010-03-07 18:13:36 ----D---- C:\Windows\rescache
2010-03-07 18:08:19 ----D---- C:\Windows\CSC
2010-03-07 18:06:35 ----D---- C:\Windows\Setup

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 archlp;archlp; C:\Windows\system32\drivers\archlp.sys []
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys []
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys []
R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys []
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys []
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys []
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys []
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys []
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys []
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys []
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys []
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys []
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys []
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys []
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys []
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\Windows\system32\DRIVERS\bthmodem.sys []
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys []
R3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice; C:\Windows\system32\DRIVERS\CompositeBus.sys []
R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS []
R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys []
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys []
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS []
R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS []
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys []
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys []
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys []
R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys []
R3 HidBth;Miniport Microsoft Bluetooth HID; C:\Windows\system32\DRIVERS\hidbth.sys []
R3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys []
R3 intelppm;Ovladač procesoru Intel; C:\Windows\system32\DRIVERS\intelppm.sys []
R3 kbdhid;Ovladač klávesnice standardu HID; C:\Windows\system32\DRIVERS\kbdhid.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\Windows\system32\DRIVERS\monitor.sys []
R3 mouhid;Ovladač myši standardu HID; C:\Windows\system32\DRIVERS\mouhid.sys []
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys []
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys []
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys []
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys []
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys []
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys []
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys []
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys []
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys []
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys []
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\Windows\system32\DRIVERS\umbus.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\Windows\system32\DRIVERS\usbccgp.sys []
R3 usbehci;Ovladač miniportu vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\Windows\system32\DRIVERS\usbehci.sys []
R3 usbhub;Ovladač standardního rozbočovače USB; C:\Windows\system32\DRIVERS\usbhub.sys []
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\Windows\system32\DRIVERS\USBSTOR.SYS []
R3 usbuhci;Ovladač miniportu univerzálního hostitelského řadiče Microsoft USB; C:\Windows\system32\DRIVERS\usbuhci.sys []
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S1 nvport;NVIDIA PORT IO Control Driver; \??\C:\Windows\system32\Drivers\nvport.sys [2006-05-05 4608]
S1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys []
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys []
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys []
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys []
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys []
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys []
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys []
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys []
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys []
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys []
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys []
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys []
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys []
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys []
S3 aymo37xr;aymo37xr; C:\Windows\system32\drivers\aymo37xr.sys []
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys []
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys []
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys []
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys []
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys []
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys []
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
S3 Compbatt;Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys []
S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS []
S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS []
S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS []
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys []
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys []
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys []
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys []
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys []
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys []
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys []
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys []
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys []
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys []
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys []
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys []
S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys []
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys []
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys []
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys []
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys []
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys []
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys []
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys []
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys []
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys []
S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys []
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys []
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys []
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys []
S3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys []
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys []
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys []
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys []
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys []
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys []
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys []
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2006-03-29 9856]
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys []
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys []
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys []
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys []
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys []
S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys []
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys []
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys []
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys []
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys []
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys []
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys []
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys []
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys []
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys []
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys []
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys []
S3 usbprint;Třída USB Printer; C:\Windows\system32\DRIVERS\usbprint.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys []
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys []
S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys []
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys []
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys []
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys []
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2009-02-23 307200]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 O&O Defrag;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 2287360]
R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe []
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-07 79360]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe []
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42840]
S3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 856384]
S3 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe []
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe []
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 194048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe []
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe []
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 fdPHost;Hostitel poskytovatele rozpoznávání funkce; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 116560]
S4 SCPolicySvc;Zásady odebrání čipové karty; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 SDRSVC;Windows Zálohování; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 TabletInputService;Služba Vstupní panel počítače Tablet PC; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 UI0Detect;Zjišťování interaktivních služeb; C:\Windows\system32\UI0Detect.exe []
S4 wercplsupport;Podpora ovládacího panelu Oznámení a řešení problémů; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 WerSvc;Služba Zasílání zpráv o chybách systému Windows; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 WinHttpAutoProxySvc;Služba WinHTTP WPAD; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 WinRM;Vzdálená správa systému Windows (WS-Management); C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe []

-----------------EOF-----------------

[motji]

Byli to šmejdi , ale ptám se proto, že je v logu nikde nevidím

Jak to ted vypadá s počítačem?

Ještě otestujte na www.virustotal.com
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Zynga\tbZyng.dll
C:\Windows\system32\SrchSTS.exe
C:\Windows\system32\Process.exe
C:\Windows\system32\o4Patch.exe
C:\Windows\system32\IEDFix.C.exe
C:\Windows\system32\Agent.OMZ.Fix.exe

[jehoun]

S PC to vypadá dobře...

C:\Windows\SysWOW64\CTXFISPI.EXE

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.09 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Rozšiřující informace
File size: 1213440 bytes
MD5...: d22b70cfdb85dd96b551efd30281ffa3
SHA1..: 53321e9843a35db33f04a4c79baf06a2d8525d8d
SHA256: 853fc77b93ed7d1434ef43357c8da6fdd1d88ace40fdd5aaade9380939c012e6
ssdeep: 24576:cExfZV9VuRuVJVgRgl+9AqqqbH3W1P90nM+4u+oub0sRhInFyvJHm1j8BL
pQikMa:cExfZV9VuRuVJVgRgl+9AqqqbH3W1P9S
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xcb708
timedatestamp.....: 0x4a26a9ae (Wed Jun 03 16:49:50 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xdc928 0xdca00 6.38 069510ff79c357b9ed58199bfcac67e7
.data 0xde000 0xefd0 0xe200 5.14 2daf567299974ba038dc81f6baab7bf1
.rsrc 0xed000 0x3d3c8 0x3d400 5.39 5aaaedf32467bc1cd189fef72a70e858

( 12 imports )
> ADVAPI32.dll: RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegQueryValueExA, RegCreateKeyA, RegEnumKeyExA, RegOpenKeyA, SetNamedSecurityInfoA, RegEnumValueA
> KERNEL32.dll: InterlockedExchange, MultiByteToWideChar, WideCharToMultiByte, GetLastError, GetVersion, lstrlenW, lstrcmpiA, lstrlenA, GetEnvironmentVariableA, RaiseException, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, SizeofResource, LockResource, LoadResource, FindResourceA, FindResourceExA, FlushInstructionCache, GetCurrentProcess, CloseHandle, WaitForSingleObject, VerifyVersionInfoA, VerSetConditionMask, Sleep, GetModuleFileNameA, GetCurrentThreadId, GetModuleHandleA, CreateThread, CreateEventA, IsDBCSLeadByte, InterlockedIncrement, InterlockedDecrement, LocalFree, SetEvent, LocalAlloc, FormatMessageA, SetLastError, FreeLibrary, LoadLibraryExA, GetCommandLineA, CreateFileA, SetProcessShutdownParameters, lstrcmpA, WritePrivateProfileStringA, GetPrivateProfileStringA, GetPrivateProfileIntA, OutputDebugStringA, lstrcpyA, DeleteFileA, ReadFile, WriteFile, GetSystemDirectoryA, GetCurrentProcessId, GetVersionExA, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, GetProcAddress, LoadLibraryA, VirtualFree, VirtualAlloc, InterlockedCompareExchange, GetStartupInfoA, RtlUnwind, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter
> USER32.dll: LoadCursorA, GetClassInfoExA, IsWindow, PostThreadMessageA, SetWindowLongA, CharNextA, CharUpperA, wsprintfA, DestroyWindow, GetMessageA, UnregisterClassA, UnregisterDeviceNotification, DefWindowProcA, RegisterClassExA, GetWindowLongA, SetParent, SendNotifyMessageA, PostQuitMessage, DispatchMessageA, TranslateMessage, RegisterDeviceNotificationA, CreateWindowExA, CallWindowProcA, MessageBoxA, PostMessageA
> MFC42.dll: -, -
> msvcrt.dll: __p__fmode, __set_app_type, __1type_info@@UAE@XZ, realloc, _terminate@@YAXXZ, _unlock, __dllonexit, _lock, _onexit, memmove, _controlfp, isleadbyte, _iob, _snprintf, _itoa, wctomb, __badioinfo, __pioinfo, _fileno, _lseeki64, __p__commode, _isatty, atof, malloc, free, _CxxThrowException, calloc, _resetstkoflw, ___V@YAXPAX@Z, _mbsstr, _vscprintf, memset, _purecall, ___U@YAPAXI@Z, _mbsupr, _errno, __CxxFrameHandler, strncmp, atoi, atol, strtoul, _mbscmp, _CIlog10, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _write, memcpy, sprintf, _strdate, _strtime, strncpy, fopen, fputs, fflush, fclose
> SETUPAPI.dll: SetupDiGetClassDevsA, SetupDiGetDeviceInterfaceDetailA, SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInterfaces
> SHELL32.dll: SHGetFolderPathA, SHCreateDirectoryExA
> ole32.dll: PropVariantClear, CoFreeUnusedLibraries, StringFromGUID2, CoUninitialize, CoInitialize, CoCreateInstance, CoTaskMemFree, CoRegisterClassObject, CoRevokeClassObject, CoTaskMemRealloc, CoTaskMemAlloc
> OLEAUT32.dll: -, -, -, -, -, -, -
> SHLWAPI.dll: PathFileExistsA
> WINMM.dll: mixerGetDevCapsA, mixerSetControlDetails, mixerGetControlDetailsA, mixerGetNumDevs, mixerOpen, mixerClose, mixerGetLineInfoA, mixerGetLineControlsA
> ctosuser.dll: -, -, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Creative Technology Ltd
copyright....: Copyright(c) 1999-2007 Creative Technology Ltd. All rights reserved.
product......: Creative Audio Product
description..: SPI (Creative X-Fi Module)
original name: CTXFISpi.exe
internal name: CTXFISpi.exe
file version.: 6.00.01.1373
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Windows Screen Saver (51.1%)
Win32 Executable Generic (33.2%)
Generic Win/DOS Executable (7.8%)
DOS Executable Generic (7.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

C:\Windows\SysWOW64\Ctxfihlp.exe

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.09 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Rozšiřující informace
File size: 25600 bytes
MD5...: 73e6594a8fb258051369c28147437301
SHA1..: fb215d433441dbb4cf9c41c08ac2ef9418775ce2
SHA256: a64ce9502abf5a6725449cbd67ee8ac3a120279b238427176da377318016320b
ssdeep: 384:32Uj//JielFeN3F+hWQm6NmhXlbjC50I9e3t2ChGf64wwToCVBoCekoL2shW
ohGx:37jcOFe9FjNk2CIKf64H1oCy1QQGYhW
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x47ca
timedatestamp.....: 0x4a26aaf3 (Wed Jun 03 16:55:15 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4ed2 0x5000 6.47 b2d728eb06bb7ef01a600a1a24ceda70
.data 0x6000 0x884 0x600 5.19 1343fb41bb4815e25791d64151fadb75
.rsrc 0x7000 0x9d8 0xa00 3.38 569a2ff1e647670208589b585da5c112

( 8 imports )
> ADVAPI32.dll: RegSetValueExA, RegCreateKeyExA, RegEnumValueA, RegOpenKeyA, RegCloseKey
> KERNEL32.dll: GetLastError, CreateSemaphoreA, CloseHandle, FreeLibrary, GetProcAddress, LoadLibraryA, GetModuleHandleA, Sleep, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, SetUnhandledExceptionFilter, InterlockedCompareExchange, GetStartupInfoA, RtlUnwind, InterlockedExchange
> USER32.dll: EnableWindow, UnregisterDeviceNotification, RegisterDeviceNotificationA, LoadIconA, GetClientRect, IsIconic, PostMessageA, SendMessageA, DrawIcon, GetSystemMetrics
> MFC42.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> msvcrt.dll: _unlock, __dllonexit, _lock, _onexit, _terminate@@YAXXZ, _controlfp, __1type_info@@UAE@XZ, _itoa, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, ___U@YAPAXI@Z, sprintf, ___V@YAXPAX@Z, malloc, free, memset, __CxxFrameHandler, _setmbcp
> ole32.dll: CoInitializeSecurity, CoCreateInstance, CoUninitialize, CoInitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -
> SETUPAPI.dll: SetupDiEnumDeviceInterfaces, SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInterfaceDetailA, SetupDiGetClassDevsA, SetupDiOpenDeviceInterfaceA, SetupDiGetDeviceRegistryPropertyA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Creative Technology Ltd
copyright....: Copyright (C) 2004-2007
product......: CTXfiHlp Application
description..: CTXfiHlp MFC Application
original name: CTXfiHlp.exe
internal name: CTXfiHlp
file version.: 6.00.01.1373-2.18.4580
comments.....: DriverHelper Module Loader
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

C:\Program Files (x86)\Zynga\tbZyng.dll

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.09 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Rozšiřující informace
File size: 2353176 bytes
MD5...: 1fecf655218fdf7329bea67f519c8642
SHA1..: 4fcc97779d94929758888a954e0806ce5f71afbd
SHA256: 0a008ab53e38a5bd5a5947e380e503480cebb686ce957f6f06ecbdb4df8524d9
ssdeep: 49152:OXbKYvZowp1yeVGOPgKcvNoqTrsRa32R952mxiZRkvzVQv21YXtFCYQ:OX
e90gOoFTrsU32R3/p
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x117cb0
timedatestamp.....: 0x4b8256cb (Mon Feb 22 10:04:59 2010)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x147f01 0x148000 6.60 a302ceb764a12a16795967eca7fe1442
.rdata 0x149000 0x74d67 0x74e00 4.53 6a2109ecbbd12d716c4e810e4e864169
.data 0x1be000 0x8584 0x6400 4.96 a63d07e68b55f8fb3ee16e1e1ebe6af2
.rsrc 0x1c7000 0x5d258 0x5d400 5.97 90ef0b48ac317eff2680b78e64f5e639
.reloc 0x225000 0x1d04c 0x1d200 5.94 db0c92aa8a1253bc3059acb788243b2d

( 20 imports )
> COMCTL32.dll: ImageList_Create, InitCommonControlsEx, CreateToolbarEx, PropertySheetW, CreatePropertySheetPageW, ImageList_ReplaceIcon, _TrackMouseEvent, -
> WININET.dll: DeleteUrlCacheEntry, FindNextUrlCacheEntryA, FindFirstUrlCacheEntryA, InternetCanonicalizeUrlW, InternetCrackUrlW, InternetCloseHandle, InternetSetOptionA, HttpOpenRequestA, FindCloseUrlCache, InternetConnectA, InternetGetLastResponseInfoA, HttpSendRequestA, HttpQueryInfoA, InternetOpenA, InternetCrackUrlA, InternetOpenW, InternetSetOptionW, InternetOpenUrlW, InternetReadFile, InternetSetOptionExA, InternetQueryOptionA, GetUrlCacheEntryInfoW, InternetCanonicalizeUrlA, InternetGetConnectedState
> SHLWAPI.dll: SHDeleteKeyA, PathFileExistsW
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
> MSIMG32.dll: GradientFill
> RPCRT4.dll: UuidToStringW
> urlmon.dll: ObtainUserAgentString, URLDownloadToFileW
> CRYPT32.dll: CryptProtectData, CryptUnprotectData, CryptQueryObject, CryptMsgGetParam, CertFindCertificateInStore, CertGetNameStringA, CertGetNameStringW, CertFreeCertificateContext, CertCloseStore, CryptMsgClose
> WINMM.dll: sndPlaySoundW, PlaySoundW, PlaySoundA, timeGetTime
> KERNEL32.dll: OutputDebugStringW, GetTickCount, GetModuleHandleW, GetShortPathNameW, GetLongPathNameW, LocalFree, GetCurrentThreadId, GetCurrentProcessId, CloseHandle, ReleaseMutex, InterlockedDecrement, SetEndOfFile, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetLocaleInfoA, InterlockedExchange, InitializeCriticalSectionAndSpinCount, SetFilePointer, FlushFileBuffers, GetConsoleMode, GetConsoleCP, LCMapStringA, GetStringTypeW, GetStringTypeA, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, HeapSize, LCMapStringW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetStdHandle, WriteFile, ExitProcess, VirtualAlloc, VirtualFree, HeapDestroy, HeapCreate, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, MoveFileW, GetCommandLineA, ResumeThread, ExitThread, RaiseException, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, HeapReAlloc, HeapAlloc, RtlUnwind, GetProcessHeap, HeapFree, MapViewOfFile, UnmapViewOfFile, OpenFileMappingW, CreateFileMappingW, ReleaseSemaphore, CreateSemaphoreW, SetEvent, GetCurrentThread, SetThreadPriority, TerminateProcess, CreateToolhelp32Snapshot, Thread32First, Thread32Next, OpenProcess, LocalAlloc, lstrcpyA, GetComputerNameW, GetSystemTimeAsFileTime, RemoveDirectoryW, GetFileTime, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, SizeofResource, CreateFileW, GetFileSize, GlobalAlloc, GlobalLock, ReadFile, MulDiv, LoadLibraryA, GlobalUnlock, GlobalFree, GetLastError, GetProcAddress, GetModuleHandleA, GetModuleFileNameW, WaitForSingleObject, CreateEventW, lstrlenW, MoveFileExW, GetModuleFileNameA, WideCharToMultiByte, FreeLibrary, LoadLibraryW, lstrcpyW, CopyFileW, FindClose, FindNextFileW, DeleteFileW, FindFirstFileW, CreateThread, SetLastError, OpenMutexW, GetCurrentProcess, FlushInstructionCache, VirtualProtect, Sleep, ExpandEnvironmentStringsW, CreateProcessW, GetLocaleInfoW, CreateMutexW, Beep, MultiByteToWideChar, GetLocalTime, GetDateFormatW, GetTimeFormatW, FindResourceW, LoadResource, LockResource, FreeResource, GetFileAttributesW, GetVersionExA
> USER32.dll: SetCursor, GetWindowLongW, GetParent, SetDlgItemTextW, ClientToScreen, SetWindowTextA, SetWindowTextW, GetClientRect, GetDlgCtrlID, CallWindowProcA, InvalidateRect, IsWindow, GetWindowRgn, MessageBeep, LoadCursorA, SendMessageA, wsprintfW, PostMessageA, ShowWindow, SetWindowLongW, ReleaseDC, GetWindow, UpdateWindow, GetClassInfoExW, RegisterClassExW, CopyRect, InflateRect, DrawFocusRect, CharUpperW, SetRect, GetLastInputInfo, IsIconic, LoadImageW, SystemParametersInfoW, MoveWindow, DrawTextW, GetDC, GetWindowRect, RegisterWindowMessageW, GetActiveWindow, IsDialogMessageA, IsDialogMessageW, MessageBoxA, DialogBoxParamW, DialogBoxParamA, CreateDialogParamA, CreateDialogParamW, SetRectEmpty, GetKeyState, SetDlgItemInt, GetDlgItemTextA, FrameRect, DrawFrameControl, AllowSetForegroundWindow, CharLowerBuffA, DrawEdge, MsgWaitForMultipleObjects, PostThreadMessageA, SetParent, GetDlgItemTextW, GetScrollInfo, GetMenuItemRect, InsertMenuItemA, InsertMenuItemW, IsMenu, GetMenuInfo, SetMenuInfo, GetMenuItemID, GetMenuState, SetMenuItemInfoW, CheckMenuItem, EnableMenuItem, DeleteMenu, TrackPopupMenu, PostMessageW, GetMonitorInfoW, GetMenuItemCount, GetMenuItemInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, SetForegroundWindow, EnableWindow, IsDlgButtonChecked, CheckDlgButton, SetActiveWindow, TranslateMessage, GetMessageA, ReleaseCapture, GetCapture, DispatchMessageW, DispatchMessageA, SetCapture, GetUpdateRect, BeginPaint, EndPaint, SetWindowRgn, GetDlgItem, OffsetRect, DrawIconEx, GetIconInfo, DestroyIcon, GetSystemMetrics, FillRect, GetSysColor, PeekMessageA, MessageBoxW, DefWindowProcW, GetAsyncKeyState, SendMessageW, GetWindowTextLengthW, EndDialog, GetWindowTextW, FindWindowW, GetMenuItemInfoA, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, CreateWindowExW, UnregisterClassA, GetClassNameW, DefWindowProcA, GetWindowLongA, SetWindowLongA, GetFocus, IsChild, KillTimer, IsWindowUnicode, CallWindowProcW, FindWindowExW, GetWindowThreadProcessId, SetWindowPos, MonitorFromRect, GetMonitorInfoA, GetClassInfoW, RegisterClassW, DestroyWindow, SetTimer, GetDesktopWindow, SetFocus, GetCursorPos, ScreenToClient, PtInRect, IsWindowVisible
> GDI32.dll: GetDeviceCaps, RealizePalette, SelectPalette, PlgBlt, SetLayout, PtInRegion, GetTextColor, GetBkColor, GetBkMode, ExcludeClipRect, SetRectRgn, OffsetRgn, FrameRgn, SetTextAlign, TextOutW, RoundRect, CombineRgn, GetPixel, CreateCompatibleBitmap, BitBlt, CreateRectRgn, Polygon, GdiFlush, SetPixel, GetObjectA, GetTextAlign, GetTextExtentPoint32W, GetLayout, Rectangle, SetBkColor, CreateCompatibleDC, DeleteDC, CreateSolidBrush, CreateFontIndirectW, CreatePen, SelectObject, MoveToEx, LineTo, DeleteObject, GetWindowOrgEx, SetWindowOrgEx, SetBkMode, SetTextColor, GetStockObject
> COMDLG32.dll: GetOpenFileNameW
> ADVAPI32.dll: OpenProcessToken, RegCreateKeyExA, RegSetValueExA, RegCreateKeyExW, RegSetValueExW, RegDeleteKeyW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptAcquireContextA, CryptReleaseContext, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegOpenKeyExA, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, RegCloseKey, RegDeleteKeyA
> SHELL32.dll: SHCreateDirectoryExW, ShellExecuteW, ShellExecuteExW, SHGetFolderPathW
> ole32.dll: IIDFromString, CoCreateInstance, CoCreateGuid, StringFromGUID2, CLSIDFromString, CoUninitialize, CoInitialize, CreateStreamOnHGlobal, CoGetMalloc, StringFromIID
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> PSAPI.DLL: EnumProcessModules, GetModuleFileNameExW, EnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo
> DNSAPI.dll: DnsQuery_A

( 14 exports )
DllCanUnloadNow, DllConnectToIE, DllConnectionProc, DllGetClassObject, DllGetInstallFileNameExt, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Windows OCX File (71.0%)
Win32 Executable MS Visual C++ (generic) (21.6%)
Win32 Executable Generic (4.9%)
Generic Win/DOS Executable (1.1%)
DOS Executable Generic (1.1%)
sigcheck:
publisher....: Conduit Ltd.
copyright....: Copyright (c) Conduit Ltd. 2008
product......: Conduit Toolbar
description..: Conduit Toolbar
original name: n/a
internal name: Conduit Toolbar
file version.: 5, 3, 5, 4
comments.....: Conduit Toolbar ver 1.0
signers......: Conduit Ltd.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 8:24 AM 3/9/2010
verified.....: -

C:\Windows\system32\SrchSTS.exe

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.09 -
AhnLab-V3 5.0.0.2 2010.03.08 -
AntiVir 8.2.1.180 2010.03.08 -
Antiy-AVL 2.0.3.7 2010.03.09 -
Authentium 5.2.0.5 2010.03.09 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.08 -
BitDefender 7.2 2010.03.09 -
CAT-QuickHeal 10.00 2010.03.08 -
ClamAV 0.96.0.0-git 2010.03.09 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.09 -
eSafe 7.0.17.0 2010.03.08 -
eTrust-Vet 35.2.7348 2010.03.09 -
F-Prot 4.5.1.85 2010.03.08 -
F-Secure 9.0.15370.0 2010.03.09 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.09 -
Ikarus T3.1.1.80.0 2010.03.09 -
Jiangmin 13.0.900 2010.03.09 -
K7AntiVirus 7.10.992 2010.03.08 -
Kaspersky 7.0.0.125 2010.03.09 -
McAfee 5914 2010.03.08 -
McAfee+Artemis 5914 2010.03.08 -
McAfee-GW-Edition 6.8.5 2010.03.09 -
Microsoft 1.5502 2010.03.09 -
NOD32 4927 2010.03.09 -
Norman 6.04.08 2010.03.08 -
nProtect 2009.1.8.0 2010.03.08 -
Panda 10.0.2.2 2010.03.08 -
PCTools 7.0.3.5 2010.03.09 -
Prevx 3.0 2010.03.09 -
Rising 22.38.01.03 2010.03.09 -
Sophos 4.51.0 2010.03.09 -
Sunbelt 5797 2010.03.09 -
Symantec 20091.2.0.41 2010.03.09 -
TheHacker 6.5.2.0.226 2010.03.09 -
TrendMicro 9.120.0.1004 2010.03.09 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.9.2217 2010.03.09 -
VirusBuster 5.0.27.0 2010.03.08 -
Rozšiřující informace
File size: 288417 bytes
MD5...: fc041f7d1341eee456f1fa1a256cd24f
SHA1..: 79bf4b742b8decaa516c2a29145facb83796f1d6
SHA256: 562c5f4a7674c9eeeda4b8e99324b3f78a266e7f42048b5a27b8f917af8a3dba
ssdeep: 6144:07mdwRp3eo8I1ZtLvqFf1DAWgIdssH2o6Pr1fvIKEdTzuhOChC38usHfJY6
En6Ty:JJeZtr4RAW25cEiP/3IWVJ/ux7cmih
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4c5d0
timedatestamp.....: 0x4450e808 (Thu Apr 27 15:49:28 2006)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x39000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x3a000 0x13000 0x12800 7.90 8026838d191497773df997895b2dd5b3
.rsrc 0x4d000 0x1000 0x400 3.27 99e1dc84aa59b5cff80611d9b1f98563

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> ADVAPI32.DLL: RegCloseKey
> msvcrt.dll: _iob

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
sigcheck:
publisher....: S_Ri
copyright....:
product......: SrchSTS
description..: Search SharedTaskScheduler
original name:
internal name:
file version.:
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): UPX

C:\Windows\system32\Process.exe

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 Tool.Prockill
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 potentially unwanted program PrcViewer
McAfee+Artemis 5912 2010.03.06 potentially unwanted program PrcViewer
McAfee-GW-Edition 6.8.5 2010.03.07 Heuristic.BehavesLike.Win32.Dropper.L
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 Win32/PrcView
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.09 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 Aplicacion/Processor.20
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 Trojan.PrcView.B
Rozšiřující informace
File size: 53248 bytes
MD5...: 7397f6ee4a9601a123b645c0cd428017
SHA1..: 890368473ecbc404dcd42ff0c6c38397102f59c0
SHA256: 5aaf73ef89f0efab963abb170bc9b7cd7d4d5bd7a691cd83137b4cc39cd120de
ssdeep: 768:ORWMA68kDGXcK1JP9COApZsLUFDeLHAwu0aB0wWYS/a/x9GYDM0+0O:OkMKH
9fApDFPgiKMM0I
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2b42
timedatestamp.....: 0x3edf2cf1 (Thu Jun 05 11:43:45 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7bea 0x8000 6.52 c01fadec01aae81015745dad0ecda107
.rdata 0x9000 0x1dfc 0x2000 5.10 e5217bccc8786d801b7a78bb7cce029c
.data 0xb000 0x1fc8 0x1000 2.67 5ba738a705a45c4209cbffe7469d458a
.rsrc 0xd000 0x3c0 0x1000 0.99 0967ff97890b79a40016a44e82666655

( 3 imports )
> KERNEL32.dll: GetLastError, GetProcessAffinityMask, OpenProcess, Sleep, TerminateProcess, WaitForSingleObject, SetPriorityClass, lstrcmpiA, HeapFree, ResumeThread, SuspendThread, GetVersionExA, WideCharToMultiByte, HeapAlloc, CloseHandle, GlobalFree, GlobalAlloc, FileTimeToSystemTime, SystemTimeToFileTime, GetSystemTime, LocalFree, FormatMessageA, HeapSize, RtlUnwind, LCMapStringW, LCMapStringA, VirtualQuery, GetSystemInfo, SetProcessAffinityMask, LoadLibraryA, GetProcAddress, FreeLibrary, GetProcessHeap, GetCurrentProcess, ExitProcess, GetModuleHandleA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleFileNameA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, WriteFile, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, GetACP, GetOEMCP, GetCPInfo, FlushFileBuffers, SetFilePointer, GetLocaleInfoA, VirtualProtect, SetStdHandle
> USER32.dll: CloseDesktop, EnumDesktopWindows, GetWindowThreadProcessId, PostMessageA, OpenDesktopA
> ADVAPI32.dll: LookupAccountSidA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, GetTokenInformation

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: http://www.beyondlogic.org
copyright....: Copyright 2003 Craig.Peacock@beyondlogic.org
product......: Command Line Process Utility
description..: Command Line Process Utility
original name: Process.exe
internal name: Process.exe
file version.: 2, 0, 0, 0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

C:\Windows\system32\o4Patch.exe

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.09 -
AhnLab-V3 5.0.0.2 2010.03.08 -
AntiVir 8.2.1.180 2010.03.08 -
Antiy-AVL 2.0.3.7 2010.03.09 -
Authentium 5.2.0.5 2010.03.09 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.08 -
BitDefender 7.2 2010.03.09 -
CAT-QuickHeal 10.00 2010.03.08 -
ClamAV 0.96.0.0-git 2010.03.09 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.09 -
eSafe 7.0.17.0 2010.03.08 Win32.Banker
eTrust-Vet 35.2.7348 2010.03.09 -
F-Prot 4.5.1.85 2010.03.08 -
F-Secure 9.0.15370.0 2010.03.09 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.09 -
Ikarus T3.1.1.80.0 2010.03.09 -
Jiangmin 13.0.900 2010.03.09 -
K7AntiVirus 7.10.992 2010.03.08 -
Kaspersky 7.0.0.125 2010.03.09 -
McAfee 5914 2010.03.08 -
McAfee+Artemis 5914 2010.03.08 -
McAfee-GW-Edition 6.8.5 2010.03.09 -
Microsoft 1.5502 2010.03.09 -
NOD32 4927 2010.03.09 -
Norman 6.04.08 2010.03.08 -
nProtect 2009.1.8.0 2010.03.08 -
Panda 10.0.2.2 2010.03.08 -
PCTools 7.0.3.5 2010.03.09 -
Prevx 3.0 2010.03.09 -
Rising 22.38.01.03 2010.03.09 -
Sophos 4.51.0 2010.03.09 -
Sunbelt 5797 2010.03.09 -
Symantec 20091.2.0.41 2010.03.09 -
TheHacker 6.5.2.0.226 2010.03.09 -
TrendMicro 9.120.0.1004 2010.03.09 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.9.2217 2010.03.09 -
VirusBuster 5.0.27.0 2010.03.08 -
Rozšiřující informace
File size: 80384 bytes
MD5...: cebef7e3612a75d15c73e8ca71d012ae
SHA1..: 2dc82528d99da40a976c8ae3101144a77305baa3
SHA256: bbd52071facb6fb9e6c9376070fb1881457eeeefcda41e9482ce1add4ad4ef04
ssdeep: 1536:MNIgZ5LgQNvea0hWl/ZBViMvW/JfGKkJUatKdY9rkbJmOz:Jg7LN0huZBVt
6fCKdYp2mOz
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4d100
timedatestamp.....: 0x48d4d443 (Sat Sep 20 10:45:23 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x39000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x3a000 0x14000 0x13400 7.91 d0ebb260afc4c5afc6c783a12b2a6072
.rsrc 0x4e000 0x1000 0x400 3.56 f73d0c5ec087eb5260ffe2508cd7aeb3

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.DLL: RegCloseKey
> msvcrt.dll: _iob

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
sigcheck:
publisher....: S_Ri.URZ
copyright....:
product......: o4Patch
description..: o4Patch
original name: o4Patch.exe
internal name: o4Patch
file version.:
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE_Patch.UPX, UPX

C:\Windows\system32\IEDFix.C.exe

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 Win32.Banker
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 Application/IEDefender
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.09 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Rozšiřující informace
File size: 82944 bytes
MD5...: 9769ab38cb77c9914c25b8141a2a3fbe
SHA1..: ca02a39e467582d40af16003dae1b64db038e79a
SHA256: 7237b3e0c9a5560d505e0aa8ae558f35b70bc34be08dfb17ff97480b3951622c
ssdeep: 1536:x2XbU/gOHJi72/3X3nYyj7vwAVVMbWY3pcyZYoP/Vg2TstwSY6USkaYY:x2
ISE3nD7vwuSWY3pHpG24twSY6U5aYY
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x509a0
timedatestamp.....: 0x493174ad (Sat Nov 29 16:58:21 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x3c000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x3d000 0x14000 0x13c00 7.91 960bb7b2696ff501065477f9e56fbcc7
.rsrc 0x51000 0x1000 0x600 2.79 105d3eb19d82424dd0d20d0966609973

( 4 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.DLL: RegCloseKey
> msvcrt.dll: _iob
> SHELL32.DLL: ShellExecuteA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
sigcheck:
publisher....: S_Ri.URZ
copyright....:
product......: IEDFix.C
description..: IEDFix.C
original name: IEDFix.C.exe
internal name: IEDFix.C
file version.:
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

C:\Windows\system32\Agent.OMZ.Fix.exe

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
eSafe 7.0.17.0 2010.03.04 Win32.Banker
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.09 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Rozšiřující informace
File size: 78336 bytes
MD5...: c02562a732f0223082d4ccfc7d4f23df
SHA1..: f02f4a27823772c2ca04c01f5c390887a109d277
SHA256: 4d40d3826750344c4c6080d20f20ad47f694c972923a024edaae998ef23a6ae0
ssdeep: 1536:xtQ1IK3cY2Q/CAZIXKPPumZGkF57RtuIHd7b/pOVVH:xi9l/XPPFJHdIIHd
7FQVH
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4c690
timedatestamp.....: 0x4941a8f7 (Thu Dec 11 23:57:43 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x39000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x3a000 0x13000 0x12a00 7.90 5bf4d8410d3c5848231e58a9108ced2f
.rsrc 0x4d000 0x1000 0x600 2.87 aeb2f4c788c343e5ccc1f080f1f65e5f

( 4 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.DLL: RegOpenKeyExA
> msvcrt.dll: _iob
> SHELL32.DLL: ShellExecuteA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
packers (Kaspersky): PE_Patch.UPX, UPX
sigcheck:
publisher....: S_Ri.URZ
copyright....:
product......: Agent.OMZ.Fix
description..: Agent.OMZ.Fix
original name: Agent.OMZ.Fix.exe
internal name: Agent.OMZ.Fix
file version.:
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): UPX

[motji]

Smažte
C:\Windows\system32\SrchSTS.exe
C:\Windows\system32\Process.exe
C:\Windows\system32\o4Patch.exe
C:\Windows\system32\IEDFix.C.exe
C:\Windows\system32\Agent.OMZ.Fix.exe
C:\32788R22FWJFW


Ještě znovu spustte OTL, vpravo nahoře je tlačítko Clean up, uklidí po sobě

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir


Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.


Combofix na 64b nefunguje , ale to už jste určitě zjistil

Pokud nejsou problémy, je to vše

[jehoun]

Ano to jsem zjistil

Moc děkuji za pomoc. Přeji hezký den a někdy, doufám že už ne, na "logovanou"

[motji]

Není zač